Cron ssh

Do you have key based auth with no passphrase? When you run it from the command line, does it ask fora password or does it log you in?

If you do have key based auth, here's a couple of things:

1) Use the full path to ssh instead of just ssh, i.e, /usr/bin/ssh user@host
2) turn up the log level on cronnix and see what the logs say
3) try running a tcpdump in another window to see if the problem is cronnix or ssh, i.e, sudo tcpdump port 22 and see if you see traffic when you hit run now.

Good luck

Nice work! You're most of the way there.

On the host making the connection, go into the .ssh/ directory of the user in question and open the file id_rsa.pub or id_dsa.pub (whichever type you created). Copy the contents of that file.

No the host you are connecting to, go to the other users .ssh directory. If it doesn't exist, create it and make sure the permissions are correct (and ownership). Create a file called authorized_keys and authorized_keys2 , paste the contents of the .pub file into this file. Make sure there are no line breaks (all on one line).

Again, check the ownership and perms of these files, make sure they're 600. A few other gotchas:

1) The ssh daemon on the receiving host has to allow key based auth. Most do, some don't. If you have access to the SSHD config (usually in /usr/local/etc/sshd_config or /etc/ssh/sshd_config) you can enable.

2) The target users home director must not be GROUP WRITEABLE. Make sure its 650 or 600 or something.

3) Now, in your cron job, call ssh and use the -i flag to point to the identify file you created. For example, /usr/bin/ssh -i /path/to/file/.ssh/id_rsa user@hostname

Try it from the command line like that and you should be logged right in. If you're not, run ssh in verbose, ssh -vvv -i /path/to/file/.ssh/id_rsa user@hostname and see what errors you get.

If it's still not clear, you will have to go to the target host and look in the /var/log/messages or /var/adm/messages to the event log if it's windows host, and see what you're doing wrong or what the host thinks you're doing wrong.

Good luck.
Red

Once again, nice work. Many people get tripped up by this procedure.

You're almost there. A companion product to SSH is SCP. Use the scp command to copy a file or ssh to run a command.

For example, to a copy a file you would do:

scp -r -p -i /path/to/id file/.ssh/idrsa /path/to/local/file.tar.gz user@remotehost:/var/www/newfilename.tar

That will seamlessly copy the file over. Note that I included the -r , that will recurse down a directory, if you choose to copy a directory. The -p will attempt to preserve permissions. You may want to omit either.

If you want to execute a command on the other host, you can do the same with ssh. for example:

ssh -i /path/to/id file/ssh/idrsa user@remotehost ls -l

This will return ls -l back to you local host. If you want to run a string of commands you will have to include it in quote, (e.g, user@remotehost 'ls -l ; grep -i sometext'

That tends to get a bit tricky.

Good luck,
-Red

Answers in-line... You'll be an expert on SSH key-based auth before this is all done.

The file copies after error messages.

In Terminal, I enter the scp command but it seems my
"path to id_file" is not valid. The following error
messages within Terminal occur:

Warning: Identity file
/usr/bin/Users/kengoff/.ssh/id_dsa does not exist

If you're initiating this on a mac (which I assume you are) that path is incorrect. It should be /Users/kengoff/.ssh/id_dsa , the /usr/bin is extraneous, take it out.

or another variation-

Warning: Identity file /usr/bin/kengoff/.ssh/id_dsa
does not exist

Then the next message:

Address xxx.xxx.xxx.xx maps to MyWebDomain.com, but
this does not map back to the address - POSSIBLE
BREAKIN ATTEMPT!

This is telling you that your ISP does not or has not configured their DNS with reverse lookups. This is sending off a warning on your version of ssh. Also, if the host-key of the remote host ever changes, you will also get a warning. You will have to open you .ssh/known_hosts and delete that line.

In terms of that warning, if the copy is working, you can ignore it.

But then the file does indeed copy to the intended
directory. The percent of file transfer is shown in
Terminal and I can view the file within an FTP
application. I can also delete it from that FTP
application.

When I perform a Find ".ssh" within the my system's
Finder, the "id_dsa" file does indeed exist at
kengoff/.ssh/id_dsa. The companion, "id_dsa.pub" was
what I used to create the "authorized_keys" file that
was placed on the server's ".ssh" directory.

Can you see any problem with the following?

scp -r -p -i /usr/bin/Users/kengoff/.ssh/id_dsa
/Applications\ \(Mac\ OS\ 9\)/Products.sql
accountname@xxx.xxx.xxx.xx :/var/www/Products.sql
QuickSilver Dual 1GHz Mac
OS X (10.3.9)
QuickSilver Dual 1GHz Mac OS X
(10.3.9)

Yep, just delete the /usr/bin and make it like so:
scp -r -p -i /Users/kengoff/.ssh/id_dsa ..... and so forth.


I'm particularly careful about including the "-i /path/to/.ssh/" because sometimes in cron jobs your users path is not picked up, or you might decided to have multiple keys for different hosts. In your case, you will notice it's not necessary because SSH is correctly picking your key. However, I recommend you keep it in there.

nice work overal!



MacBook Pro 2.0 Mac OS X (10.4.5) G5 1.6, TiBook 800, Pismo 447

No problem. Always happy to share the wealth, as what goes around comes around.

In regards to the mysql.... there are a bunch of ways to do this. Here's one way to do it. But, you may want to give this some tought just in terms of timing (order of operations) and what to do if things go wrong, and security.

1) Copy the files up to the remote host, from the local host, via one script that contains the SCP commands. You would call this script via cron or whatever. If you want to get fancy, have error checking in the script to make sure it copied... I'll leave that to you 😉

The reason I'm adding this step is in case you want to be really sure the file copied. Otherwise, just use SCP from cron as you have it.

2) Then on the remote host, have a second script that is there to upload into mysql. That script would contain the "mysqlimport" command. E.g, mysqlimport --local dbname tableinfo.txt . As you say, you can use phpmyadmin to formal the SQL. That script would be executable.

The question is how to handle the mysql password on that end. In the worst case situation, you might have to do something really bad like hardcode it in your script. I'll leave that to you too 😉

3) finally, from the local host again, either as part of the 1st script or as part of another cron job, call the remote script via ssh, ssh -i /path/to/.ssh/id_dsa user@remote:/path/to/script.sh or script.pl or whatever..

The remote script will be executed and the files will load into mysql.

If I had to do this, I'd probably use something like ODBC and upload the files through that connection instead of loading them via cron job. At least I could have some host based (ip) security, and also a password... and maybe encrypt the connection.. blah blah blah...getting way too complicated.... 😉

Hope that helps a little bit.

try running SCP manually with -vvv (scp -r -p -vvv etc..) and examine the output closely.

PHP eh? If it's something you can execute from the command line, the easiest thing to do would be to call it via ssh from your remote host:

ssh -i key/id_dsa user@host /home/whatever/myprogram.php

That will execute that one command.

Hmmm, just be careful from a security standpoint, someone might run that from remote possibly. Would be best to move that PHP to a perl and just execute it locally.

But in regards to scp, yes it will be regular unix exit codes 0 or non zero so you could capture that in a shell script.

-Red