8866 Views 8 Replies Latest reply: Feb 2, 2009 1:34 PM by sdallas
I think you need to create ssh keys that do not use a pass phrase if you want to use rsync via cron.
Although there is a recent post about maybe starting ssh-agent in your cron job, but I don't know how you are going get your key pass phrase loaded into ssh-agent.
Maybe search for ssh-agent will turn something up.
In addition to what Bob wrote, you may want to limit what those keys can be used for on the host that you are rsyncing too. To do this see the "AUTHORIZED_KEYS FILE FORMAT" section of the sshd(1) file. Specifically see the following part:
Specifies that the command is executed whenever this key is used for authentication. The command sup-
plied by the user (if any) is ignored. The command is run on a pty if the client requests a pty; other-
wise it is run without a tty. If an 8-bit clean channel is required, one must not request a pty or
should specify no-pty. A quote may be included in the command by quoting it with a backslash. This
option might be useful to restrict certain public keys to perform just a specific operation. An example
might be a key that permits remote backups but nothing else. Note that the client may specify TCP
and/or X11 forwarding unless they are explicitly prohibited. The command originally supplied by the
client is available in the SSHORIGINALCOMMAND environment variable. Note that this option applies to
shell, command or subsystem execution.
You may be able to make this script work by adding the following line, before the rsync command:
SSHAUTHSOCK=$( find /tmp/launch-*/Listeners -user foo -type s | head -1 )
The conditions are:
(1) You're running Leopard.
(2) There is always a user named 'foo' logged in who has SSH access to the target server.
(3) Your script runs either as 'foo' or as root.
Thanks, that's done the trick!
For info, my key did have a passphrase, but the first time I manually opened a connection, and had to enter the passphrase, it was stored into my keychain... I'm assuming that as the cron job is running through my user account that it gets passed whatever credentials it needs to access the private SSH key.
Have a great Yule
Looks like you've resolved this issue, but it's one that I've run into recently as well. If you want to learn more about automated ssh sessions, I found the following resource to be helpful:
I spoke too soon... it worked running from cron as long as I was logged in, but it fails if it runs while I'm logged out... I'll look at the webmonkey article... but failing that I think there must be a way of doing this, but maybe falling back to the base Darwin methods, without relying on any higher OS frameworks. Not something I'm going to be much good at!
Here are detailed instructions on how to set up public/private key pairs so that rsync can login automatically without authentication.
Note you will have to run this procedure from the account that you want to authenticate, probably root, if you are running the script from the root account. Otherwise if you set up credentials for a XXY account on each machine, you should launch the script with a LaunchAgent plist in the Users/XXY/Library/LaunchAgents folder.
hope that helps. rsync is a great tool, but it is really difficult to set up properly. This is the one time I wish I had a windows utility: robocopy. It does the same thing, but it is way easier to tell it what you want to do, and to set up authentication. If rsync simply accepted authentication credentials on the command line, that would fix this problem...