Re: Can cron jobs share ssh-agent?

From: Nico Kadel-Garcia (nkadel_at_verizon.net)
Date: 05/21/03 

Date: Wed, 21 May 2003 11:56:58 GMT

Joe Harrison wrote:
> I currently have a daily remote backup operation which involves manually
> executing a *nix command line call to "rsync", which in turn depends on SSH
> as an underlying transport to do its thing.
>
> When rsync starts up and tries to make its SSH1 connection it naturally
> pauses during the connection setup to prompt me to give the passphrase for
> the client key. To avoid having to type in the passphrase every day I store
> it once in ssh-agent and so long as I don't ever logout (the server console
> is heavily secured physically) I can basically run my daily backup merely by
> bash's "up-arrow" giving me the same command line again.
>
> However even typing up-arrow / return every day can be too arduous for us
> notoriously bone-idle lollygagging sysadmins :) and I would really like to
> run it completely unattended as a cron job.
>
> But this is where everything comes unglued - although the cron task runs as
> same non-root user it appears to be unable to use the key, just gets "Bad
> passphrase. Permission denied." The OpenSSH documentation implies that
> separate tasks for same user *will* be able to share ssh-agent access.

Yeah, you can use ssh-agent. You have to make sure it's got your key
information stashed somewhere that the other session can find it and use
it, such as starting ssh-agent and running "set | grep SSH >
savefile.txt", then with the other script running something like ".
savefile.txt"

> If anyone has ever got past a similar situation I would be pleased to hear
> how they did it. I'm using Red Hat 8 with OpenSSH_3.4p1. BTW yes I know it
> would work if I used a key with no passphrase, unfortunately my boss might
> find out...

Agreed. Do you really need this, or can you use "rsync" correctly
configured to allow one machine to *pull* the data appropriately?

Relevant Pages

  • Can cron jobs share ssh-agent?
    ... I currently have a daily remote backup operation which involves manually ... executing a *nix command line call to "rsync", which in turn depends on SSH ... To avoid having to type in the passphrase every day I store ...
    (comp.security.ssh)
  • Re: ssh without entering password/passphrase
    ... I created private and public key pairs in my local host ... > this point when I try to ssh, it asks for my passphrase and I can log ... "Could not open connection to your authentication agent". ... What you are missing is that just having ssh-agent run is not enough. ...
    (comp.os.linux.misc)
  • Re: asking passphrase only on first use
    ... >required and not when ssh-add is started. ... you have to enter the passphrase for all of them ... >the associated keys or not during that session. ... These commands invoked from .bashrc will add an ssh-agent if appropriate ...
    (SSH)
  • Rsync autologin over ssh question
    ... I am able to slogin to the other boxes w/o supplying the passphrase. ... The goal is to put this script in the users crontab. ... Rhosts if I can avoid it, and I also want to avoid running rsync daemon. ...
    (freebsd-questions)
  • Re: [MLIST] ssh-agent and ssh-add automatically
    ... Keychain script from Gentoo at http://www.gentoo.org/proj/en/keychain.xml to ... Keychain allows you to enter your passphrase once and new shells you open will ... find and use the existing ssh-agent ... The commands I need to do is ...
    (SSH)
Quantcast