| View previous topic :: View next topic |
| Author |
Message |
hika
Apprentice
Joined: 13 Mar 2009
Posts: 234
Location: Utrecht
|
 Posted: Wed Mar 03, 2010 6:55 pm Post subject: ssh connection in fcrontab (solved) |
 |
|
I have a syncronisation job with unison, which runs perfectly on the commandline, but won't run in fcrontab.
It connects through ssh with rsa-certificate and the passfrase in keychain.
To exclude possibilities I switched the certificate temporarily for one without passphrase and told fcrontab explicitly to run as root
I still get an access denied response.
It seems it can't find the certificate or is maybe ssh not allowing it?
Can anybody tell me what goes wrong.
Hika
Last edited by hika on Thu Mar 04, 2010 3:44 pm; edited 1 time in total |
|
| Back to top |
|
 |
richard.scott
Veteran
Joined: 19 May 2003
Posts: 1497
Location: Oxfordshire, UK
|
| Posted: Thu Mar 04, 2010 11:25 am Post subject: |
|
|
| can you post the cron entry (or conents of the script if its a script) and the error output it creates? |
|
| Back to top |
|
|
hika
Apprentice
Joined: 13 Mar 2009
Posts: 234
Location: Utrecht
|
| Posted: Thu Mar 04, 2010 2:45 pm Post subject: |
|
|
I tried several things. But the error is I get by mail is
| Code: | Permission denied (publickey,keyboard-interactive).
Fatal error: Lost connection with the server |
My fcrontab:
| Code: | SHELL=/bin/bash
!runas(root)
# $Header: /var/cvsroot/gentoo-x86/sys-process/fcron/files/fcrontab,v 1.1 2006/07/31 02:10:49 wschlich Exp $
# Script for checking system crontabs and creating the fcron systab.
# Runs every 10 minutes, does not mail output, doesn't log job runs
# except for errors.
@mail(false),nolog(true) 10 /usr/sbin/check_system_crontabs -s 0
# 30 4 * * * /root/unison/sync-nwusers.sh
15 15 * * * /root/unison/sync-dkw.sh
# 10 19 * * * /root/mount-users.sh
# 30 19 * * * /usr/bin/unison dkw
# 15 4 * * * /usr/bin/unison vb
# 30 4 * * * /usr/bin/unison websites
# 45 4 * * * /usr/bin/unison mail
# 0 8 * * * /root/umount-users.sh
# 10 23 * * * scp /root/dead.letter ultra2.trev:/root/
|
The marked out entries are trials and in essence the contents of the first script
The last script I tried
| Code: | #%/bin/bash
/root/mount-users.sh
unison dkw
ncpumount /home/samba/nwusers
|
As said to eliminate an error with keychain I temporarily replaced the key for one without passphrase.
The scripts work ok on the commandline.
The root privileges are ok for else it couldn't read the scripts and also the ncpmount works.
And the error looks like one from ssh, so either it can't find the key or ssh on the other site doesn't accept it in this situation.
The error log on the receiving server ultra2 shows
| Code: | Mar 4 15:15:02 [sshd] pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=gentooserver.dkw user=root
Mar 4 15:15:04 [sshd] error: PAM: Authentication failure for root from gentooserver.dkw
Mar 4 15:15:04 [sshd] pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=gentooserver.dkw user=root
Mar 4 15:15:06 [sshd] error: PAM: Authentication failure for root from gentooserver.dkw
Mar 4 15:15:06 [sshd] pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=gentooserver.dkw user=root
Mar 4 15:15:08 [sshd] error: PAM: Authentication failure for root from gentooserver.dkw
Mar 4 15:37:35 [sshd] Accepted publickey for root from 192.168.222.49 port 2159 ssh2
Mar 4 15:37:35 [sshd] pam_unix(sshd:session): session opened for user root by (uid=0)
|
The later one is me dropping in to check the log
Hika |
|
| Back to top |
|
|
richard.scott
Veteran
Joined: 19 May 2003
Posts: 1497
Location: Oxfordshire, UK
|
| Posted: Thu Mar 04, 2010 2:56 pm Post subject: |
|
|
I don't know if the "!runas(root) " is not running commands as root?
Either try removing this, or try using this in your scripts:
| Code: | | ssh -i /root/.ssh/id_rsa [command] |
That will make the scripts use roots authentications details to logon to the remote server with.
Rich |
|
| Back to top |
|
|
hika
Apprentice
Joined: 13 Mar 2009
Posts: 234
Location: Utrecht
|
| Posted: Thu Mar 04, 2010 3:12 pm Post subject: |
|
|
I added that "!runas(root) later while testing, but it didn't matter.
The ssh switch I have in my unison script.
| Code: | | rshargs= -Ci /root/.ssh/id-gentoo |
Since unison calls ssh I cannot directly add the switch
Could it be that I should separate the two switches? I know some programs do want that. I try anyway without the compression switch.
Hika |
|
| Back to top |
|
|
richard.scott
Veteran
Joined: 19 May 2003
Posts: 1497
Location: Oxfordshire, UK
|
| Posted: Thu Mar 04, 2010 3:16 pm Post subject: |
|
|
you could try putting it in speach marks i.e.
| Code: | | rshargs=" -Ci /root/.ssh/id-gentoo" |
I'm not sure if that would help.
Can you get ssh to connect via cron (outside of your script). For example can you run this via cron:
that would test if its a unison thing, or an ssh thing
Rich |
|
| Back to top |
|
|
hika
Apprentice
Joined: 13 Mar 2009
Posts: 234
Location: Utrecht
|
| Posted: Thu Mar 04, 2010 3:19 pm Post subject: |
|
|
I was thinking the same. Without the C it doesn't work.
How can I use ssh in a cron job. I tried scp, but that gave the same error.
Hika |
|
| Back to top |
|
|
richard.scott
Veteran
Joined: 19 May 2003
Posts: 1497
Location: Oxfordshire, UK
|
| Posted: Thu Mar 04, 2010 3:22 pm Post subject: |
|
|
add this to your crontab:
| Code: | | 1 * * * * ssh {remotehostname} ls -al /tmp |
That will send you an email every min with the output from the ls command.
It will also send you an email of the authentication fails too
Rich |
|
| Back to top |
|
|
hika
Apprentice
Joined: 13 Mar 2009
Posts: 234
Location: Utrecht
|
| Posted: Thu Mar 04, 2010 3:43 pm Post subject: |
|
|
I found it. rshargs is depricated and should be sshargs. I just missed that in the manual. And on the commandline it finds the key automatically.
Thanks I was starting to stare at a blind wall and sombody elses perspective than often helps to find the blind spot.
Now checking if it also works with keychain!
Hika |
|
| Back to top |
|
|
hika
Apprentice
Joined: 13 Mar 2009
Posts: 234
Location: Utrecht
|
| Posted: Sat Mar 06, 2010 2:16 am Post subject: |
|
|
It works, but only with a key without passphrase. For some reason it doesn't look at ssh-agent/keychain for the passphrase. Even if I include keychain activation to the script.
| Code: | | eval '/usr/bin/keychain --agents ssh --eval id_rsa' |
Anybody any ideas?
Hika |
|
| Back to top |
|
|
|
Networking & Security
