This is the mail archive of the
cygwin@cygwin.com
mailing list for the Cygwin project.
Re: Can cron run ssh commands?
Thanks for the reply,
I don't have ssmtp set up yet, so I took your suggestion and tried redirecting
"env" and "ssh -v" output to a file. Actually I did this both from the
Administrator's command line, and from the Administrator's crontab creating two
seperate files (attached) so I could compare.
From the command line I ran these two commands:
/usr/bin/env > testcron.admin.txt
ssh -v baby ls 2>> testcron.admin.txt
From Administrator's crontab I did this:
34 08 * * * /usr/bin/env > testcron.cron.txt
36 08 * * * ssh -v baby ls 2>> testcron.cron.txt
In comparing the output for the env command, I see that Administrator's
environment contains more environmet varibales, most notably those created by
ssh-agent, which is started by keychain in Administrator's ~/.bash_profile
SSH_AGENT_PID=517
SSH_AUTH_SOCK=/tmp/ssh-AhbAu553/agent.553
I also note that the $PATH variable for Administrator is prepended with Cygwin's
/usr/local/bin:/usr/bin:/usr/sbin: while it is *not* in the cron/system
environment. i.e.
For Administrator:
PATH=/usr/local/bin:/usr/bin:/usr/sbin:/c/WINNT/system32:/c/WINNT: etc...
For cron/system:
PATH=/c/WINNT/system32:/c/WINNT: etc ...
I'm assuming this is not the culprit however, since the ssh command *is* found
even though the full path to it is not provided in the crontab. Is this because
the Administrator's $PATH is being used due to context switching?
In comparing the debug output from ssh -v, I see that when run from the command
line as Administrator, publickey auth succeeds, but fails when run from cron. i.e.
# From command line:
#
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: next auth method to try is publickey
debug1: userauth_pubkey_agent: testing agent key /home/Administrator/.ssh/id_rsa
debug1: input_userauth_pk_ok: pkalg ssh-rsa blen 149 lastkey 0x100cdae0 hint -1
debug1: ssh-userauth2 successful: method publickey
debug1: fd 6 setting O_NONBLOCK
debug1: channel 0: new [client-session]
debug1: send channel open 0
debug1: Entering interactive session.
# From cron:
#
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: next auth method to try is publickey
debug1: try privkey: /home/Administrator/.ssh/identity
debug1: try pubkey: /home/Administrator/.ssh/id_rsa
debug1: input_userauth_pk_ok: pkalg ssh-rsa blen 149 lastkey 0x100c4548 hint 1
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
It seems to me (in my newbie terminlogy) that either the cron/system environment
needs to become aware of and use the Administrator's public key via
Administrator's SSH_AGENT and SSH_AUTH_SOCK env variables, or that the SYSTEM
user needs to have it's own public key avalable for use. I don't know how to
proceed along either of these paths. Any help is much appreciated.
Harig, Mark A. wrote:
> Of course, a simpler alternative to setting up
> 'ssmtp' with cron would be to write your
> cron job to redirect the output of 'ssh -v ...'
> to a file.
>
>
>>-----Original Message-----
>>From: Harig, Mark A.
>>Sent: Tuesday, November 05, 2002 3:40 PM
>>To: nathan@sleepygeek.com; cygwin@cygwin.com
>>Subject: RE: Can cron run ssh commands?
>>
>>
>>
>>Try adding '-v' to your ssh command in your cron job.
>>This assumes that you have cron's integration with
>>email working. If you don't have the 'ssmtp' package
>>installed (via setup.exe), then you'll want to do that
>>so that any output is emailed to you.
>>
>>See: /usr/doc/Cygwin/
>> cron.README
>> ssmtp-<version>.README
>>
>>Of course, you should probably start with a simpler
>>cron job, say, the output of '/usr/bin/env' so that
>>you can see what cron thinks its environment is.
>>
>>
>>
>>>-----Original Message-----
>>>From: Nathan Barham [mailto:nathan@sleepygeek.com]
>>>Sent: Tuesday, November 05, 2002 3:09 PM
>>>To: cygwin@cygwin.com
>>>Subject: Can cron run ssh commands?
>>>
>>>
>>>Hello all,
>>>
>>>I'm trying to use Cygwin to rsync between an NT 4 server and
>>>a Win2K server,
>>>using the "-e ssh" option to rsync. It works beautifully at
>>>the command line
>>>like this:
>>>
>>>rsync -e ssh -trzv --delete /d/winapps/
>>
>>Administrator@baby:/c/winapps
>>
>>>My problem is that this won't work from cron, nor will any of
>>>the other Openssh
>>>tools (scp, ssh etc). I have Cygwin sshd running as
>>>Administrator on the remote
>>>W2K box, i.e.*without* privsep. I have Cygwin cron running
>>>as SYSTEM on the
>>>local NT 4 box. I've tested cron and it works except for ssh
>>>stuff. I also
>>>have ssh-agent loaded on the local box (via keychain), and I
>>>can ssh to the
>>>remote box as Administrator without typing a passphrase.
>>>
>>>I'm pretty sure my problem is related to permissions of the
>>>SYSTEM user and/or
>>>the switching of user context, but I can't figure out what to
>>>change. I've read
>>>the user guide and FAQ, googled, and searched the mail
>>>archives, but if it's
>>>there I'm missing it. Has anyone out there managed to
>>>automate ssh commands
>>>from cron? If so can you please enlighten me, or at least
>>>kick me in the
>>>direction of self-enlightment?
>>>
>>>cygcheck stuff for each machine is attached.
>>>
>>>Thanks tons for any help.
>>>
>>>Nathan Barham
>>>
>>
>>--
>>Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
>>Bug reporting: http://cygwin.com/bugs.html
>>Documentation: http://cygwin.com/docs.html
>>FAQ: http://cygwin.com/faq/
>>
>>
>
>
> --
> Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
> Bug reporting: http://cygwin.com/bugs.html
> Documentation: http://cygwin.com/docs.html
> FAQ: http://cygwin.com/faq/
>
COMPUTERNAME=MERLIN
COMSPEC=C:\WINNT\system32\cmd.exe
CYGWIN=binmode ntsec tty
HOME=/home/Administrator
HOMEDRIVE=D:
HOMEPATH=\cygwin\home\Administrator
LOGNAME=Administrator
LOGONSERVER=\\MERLIN
MAIL=/var/spool/mail/Administrator
MAKE_MODE=unix
MANPATH=:/usr/ssl/man
NTRESKIT=C:\NTRESKIT
NUMBER_OF_PROCESSORS=2
OLDPWD=/home/Administrator
OS2LIBPATH=C:\WINNT\system32\os2\dll;
OS=Windows_NT
PATH=/usr/local/bin:/usr/bin:/usr/sbin:/c/WINNT/system32:/c/WINNT:/c/NTRESKIT:/c/NTRESKIT/Perl:/c/Program Files/Common Files/Network Associates/VirusScan Engine/4.0.xx/:/d/WINAPPS/Network Associates/ePO/MSSQL7/BINN:/bin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 7 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0703
PS1=\[\033]0;\w\007
\033[32m\]\u@\h \[\033[33m\w\033[0m\]
$
PWD=/home/Administrator
SHELL=/bin/bash
SHLVL=1
SSH_AGENT_PID=517
SSH_AUTH_SOCK=/tmp/ssh-AhbAu553/agent.553
SSH_CLIENT=192.168.100.11 3901 22
SSH_TTY=/dev/tty0
SYSTEMDRIVE=C:
SYSTEMROOT=C:\WINNT
TERM=xterm
TZ=PST8PDT7,M4.1.0/2,M10.5.0/2
USER=Administrator
USERDOMAIN=BBH
USERNAME=Administrator
WINDIR=C:\WINNT
_=/usr/bin/env
OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090607f
debug1: Reading configuration data /etc/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to baby [192.168.90.10] port 22.
debug1: Connection established.
debug1: identity file /home/Administrator/.ssh/identity type -1
debug1: identity file /home/Administrator/.ssh/id_rsa type 1
debug1: identity file /home/Administrator/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.4p1
debug1: match: OpenSSH_3.4p1 pat OpenSSH*
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.4p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 132/256
debug1: bits set: 1623/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'baby' is known and matches the RSA host key.
debug1: Found key in /home/Administrator/.ssh/known_hosts:2
debug1: bits set: 1558/3191
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: next auth method to try is publickey
debug1: userauth_pubkey_agent: testing agent key /home/Administrator/.ssh/id_rsa
debug1: input_userauth_pk_ok: pkalg ssh-rsa blen 149 lastkey 0x100cdae0 hint -1
debug1: ssh-userauth2 successful: method publickey
debug1: fd 6 setting O_NONBLOCK
debug1: channel 0: new [client-session]
debug1: send channel open 0
debug1: Entering interactive session.
debug1: ssh_session2_setup: id 0
debug1: Sending command: ls
debug1: channel request 0: exec
debug1: channel 0: open confirm rwindow 0 rmax 32768
debug1: channel 0: rcvd eof
debug1: channel 0: output open -> drain
debug1: channel 0: obuf empty
debug1: channel 0: close_write
debug1: channel 0: output drain -> closed
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: rcvd close
debug1: channel 0: close_read
debug1: channel 0: input open -> closed
debug1: channel 0: almost dead
debug1: channel 0: gc: notify user
debug1: channel 0: gc: user detached
debug1: channel 0: send close
debug1: channel 0: is dead
debug1: channel 0: garbage collecting
debug1: channel_free: channel 0: client-session, nchannels 1
debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 1.4 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug1: Exit status 0
COMPUTERNAME=MERLIN
COMSPEC=C:\WINNT\system32\cmd.exe
CYGWIN=binmode tty ntsec
HOME=/home/Administrator
HOMEDRIVE=D:
HOMEPATH=\cygwin\home\Administrator
LOGNAME=Administrator
LOGONSERVER=\\MERLIN
NTRESKIT=C:\NTRESKIT
NUMBER_OF_PROCESSORS=2
OS2LIBPATH=C:\WINNT\system32\os2\dll;
OS=Windows_NT
PATH=/c/WINNT/system32:/c/WINNT:/c/NTRESKIT:/c/NTRESKIT/Perl:/c/Program Files/Common Files/Network Associates/VirusScan Engine/4.0.xx/:/d/WINAPPS/Network Associates/ePO/MSSQL7/BINN:/bin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 7 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0703
SHELL=/bin/sh
SYSTEMDRIVE=C:
SYSTEMROOT=C:\WINNT
TERM=cygwin
TZ=PST8PDT7,M4.1.0/2,M10.5.0/2
USERDOMAIN=BBH
USERNAME=Administrator
WINDIR=C:\WINNT
OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090607f
debug1: Reading configuration data /etc/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to baby [192.168.90.10] port 22.
debug1: Connection established.
debug1: identity file /home/Administrator/.ssh/identity type -1
debug1: identity file /home/Administrator/.ssh/id_rsa type 1
debug1: identity file /home/Administrator/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.4p1
debug1: match: OpenSSH_3.4p1 pat OpenSSH*
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.4p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 123/256
debug1: bits set: 1595/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'baby' is known and matches the RSA host key.
debug1: Found key in /home/Administrator/.ssh/known_hosts:2
debug1: bits set: 1620/3191
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: next auth method to try is publickey
debug1: try privkey: /home/Administrator/.ssh/identity
debug1: try pubkey: /home/Administrator/.ssh/id_rsa
debug1: input_userauth_pk_ok: pkalg ssh-rsa blen 149 lastkey 0x100c4548 hint 1
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
debug1: try privkey: /home/Administrator/.ssh/id_dsa
debug1: next auth method to try is keyboard-interactive
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: next auth method to try is password
debug1: authentications that can continue: publickey,password,keyboard-interactive
Permission denied, please try again.
debug1: authentications that can continue: publickey,password,keyboard-interactive
Permission denied, please try again.
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: no more auth methods to try
Permission denied (publickey,password,keyboard-interactive).
debug1: Calling cleanup 0x419440(0x0)
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/