[vox-tech] crontab and scp puzzle

Brian Lavender brian at brie.com
Wed Mar 16 11:05:41 PDT 2011 

On Wed, Mar 16, 2011 at 09:43:26AM -0700, Bruce Wolk wrote:
> I need to copy a file from my server to a workstation on a regular 
> basis.  I have set up passwordless ssh access to the server from my 
> workstation.  When I execute the following on the workstation, the 
> command succeeds and the file is copied:
> 
> scp -P 33303 bruce at myserver.com:backup/db.sql.gz 
> /home/bruce/backup/db.sql.gz
> 
> But when I put the same command into a cron file on the workstation, the 
> command fails.  The relevant output from the scp command is:
> 
> debug1: Found key in /home/bruce/.ssh/known_hosts:5
> debug1: ssh_rsa_verify: signature correct
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug1: SSH2_MSG_NEWKEYS received
> debug1: Roaming not allowed by server
> debug1: SSH2_MSG_SERVICE_REQUEST sent
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug1: Authentications that can continue: publickey
> debug1: Next authentication method: publickey
> debug1: Offering public key: /home/bruce/.ssh/id_rsa.pub
> debug1: Server accepts key: pkalg ssh-rsa blen 279
> debug1: PEM_read_PrivateKey failed
> debug1: read PEM private key done: type <unknown>
> debug1: read_passphrase: can't open /dev/tty: No such device or address
> debug1: No more authentication methods to try.
> Permission denied (publickey).

Do you use a passphrase on your private key? If you do, you will need to create
a private/public key pair that does not have a passphrase.  

ssh-keygen -t rsa -f fookeyfile

It will create a separate private key. It seems that you probably use a private key
that is unlocked with gnome-ssh-agent when you are using your desktop. That is why
it works when you do it interactively. 

Some will note that the having this private key would allow an attacker to get access to
your your destination system if she compromised your server from which you are sending
files. I believe in the authorized_keys file, you can put in that only a certain command
is allowed to be executed. 

brian
-- 
Brian Lavender
http://www.brie.com/brian/

"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."

Professor C. A. R. Hoare
The 1980 Turing award lecture

More information about the vox-tech mailing list