Skip navigation
This discussion is archived

Rsync via SSH running as a cron job - permissions failure problem

8354 Views 8 Replies Latest reply: Feb 2, 2009 1:34 PM by sdallas RSS
stevesant Calculating status...
Currently Being Moderated
Dec 24, 2008 10:08 AM

I have a script that goes seomthing like:

today=`date +%Y-%m-%d_%H:%M`
echo "================ BEGIN FILE BACKUP AT "$today" ==================="
rsync -vauze 'ssh -p 522'*.gz /Volumes/Work/vpsbackups

I am trying to run this through a crontab :

* * * * sh /Users/mine/scripts/vpshomedir > /Users/mine/scripts/vpshomedir.log 2>&1

But I am getting the following in the logfile

Permission denied (publickey,gssapi-with-mic,password).

rsync: connection unexpectedly closed (0 bytes received so far) receiver
rsync error: unexplained error (code 255) at /SourceCache/rsync/rsync-35.2/rsync/io.c(452) http://receiver=2.6.9

I expect this is due to environment variables, maybe SSHAUTHSOCK, not being available when run through cron - as the script works fine when I run it from a terminal session...

Can anyone help me out here, as I haven't a clue where to add the necessary arguments to the crontab entry or script - only been scripting unix/linux for 6hrs, so please be noob friendly.

iMac Nov 2007, Mac OS X (10.5.1), It's spelt - Aluminium
  • BobHarris Level 6 Level 6 (12,505 points)
    I think you need to create ssh keys that do not use a pass phrase if you want to use rsync via cron.

    Although there is a recent post about maybe starting ssh-agent in your cron job, but I don't know how you are going get your key pass phrase loaded into ssh-agent.

    Maybe search for ssh-agent will turn something up.
    MacBook 2GHz, PowerMac Dual G5/2.5GHz, Mac mini intel Dual Core 2/1.83Ghz, Mac OS X (10.5.5), I also manage: 12" iBook G4/1GHz, iMac G4/1.25GHz
  • Nils C. Anderson Level 4 Level 4 (3,480 points)
    In addition to what Bob wrote, you may want to limit what those keys can be used for on the host that you are rsyncing too. To do this see the "AUTHORIZED_KEYS FILE FORMAT" section of the sshd(1) file. Specifically see the following part:

    Specifies that the command is executed whenever this key is used for authentication. The command sup-
    plied by the user (if any) is ignored. The command is run on a pty if the client requests a pty; other-
    wise it is run without a tty. If an 8-bit clean channel is required, one must not request a pty or
    should specify no-pty. A quote may be included in the command by quoting it with a backslash. This
    option might be useful to restrict certain public keys to perform just a specific operation. An example
    might be a key that permits remote backups but nothing else. Note that the client may specify TCP
    and/or X11 forwarding unless they are explicitly prohibited. The command originally supplied by the
    client is available in the SSHORIGINALCOMMAND environment variable. Note that this option applies to
    shell, command or subsystem execution.
    15in. PowerBook G4, 15in. MacBook Pro, Mac OS X (10.5.6)
  • Linc Davis Level 10 Level 10 (107,665 points)
    You may be able to make this script work by adding the following line, before the rsync command:

    SSHAUTHSOCK=$( find /tmp/launch-*/Listeners -user foo -type s | head -1 )

    The conditions are:

    (1) You're running Leopard.
    (2) There is always a user named 'foo' logged in who has SSH access to the target server.
    (3) Your script runs either as 'foo' or as root.
    Mac OS X (10.5.6)
  • noah hoffman1 Calculating status...
    Looks like you've resolved this issue, but it's one that I've run into recently as well. If you want to learn more about automated ssh sessions, I found the following resource to be helpful:
  • Linc Davis Level 10 Level 10 (107,665 points)
    Yes, as I wrote above, it only works if the user with the ssh-agent is logged in. Without that there is no way I know of to automate the use of a password-protected key. Just leave the user logged in.
    Mac OS X (10.5.6)
  • sdallas Calculating status...
    Here are detailed instructions on how to set up public/private key pairs so that rsync can login automatically without authentication.

    Note you will have to run this procedure from the account that you want to authenticate, probably root, if you are running the script from the root account. Otherwise if you set up credentials for a XXY account on each machine, you should launch the script with a LaunchAgent plist in the Users/XXY/Library/LaunchAgents folder.

    hope that helps. rsync is a great tool, but it is really difficult to set up properly. This is the one time I wish I had a windows utility: robocopy. It does the same thing, but it is way easier to tell it what you want to do, and to set up authentication. If rsync simply accepted authentication credentials on the command line, that would fix this problem...

    MacBook Pro, Mac OS X (10.5.4)


More Like This

  • Retrieving data ...

Bookmarked By (0)


  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.