[vox-tech] crontab and scp puzzle
Bruce Wolk
bawolk at ucdavis.edu
Wed Mar 16 11:25:14 PDT 2011
On 03/16/2011 11:05 AM, Brian Lavender wrote:
> On Wed, Mar 16, 2011 at 09:43:26AM -0700, Bruce Wolk wrote:
>> I need to copy a file from my server to a workstation on a regular
>> basis. I have set up passwordless ssh access to the server from my
>> workstation. When I execute the following on the workstation, the
>> command succeeds and the file is copied:
>>
>> scp -P 33303 bruce at myserver.com:backup/db.sql.gz
>> /home/bruce/backup/db.sql.gz
>>
>> But when I put the same command into a cron file on the workstation, the
>> command fails. The relevant output from the scp command is:
>>
>> debug1: Found key in /home/bruce/.ssh/known_hosts:5
>> debug1: ssh_rsa_verify: signature correct
>> debug1: SSH2_MSG_NEWKEYS sent
>> debug1: expecting SSH2_MSG_NEWKEYS
>> debug1: SSH2_MSG_NEWKEYS received
>> debug1: Roaming not allowed by server
>> debug1: SSH2_MSG_SERVICE_REQUEST sent
>> debug1: SSH2_MSG_SERVICE_ACCEPT received
>> debug1: Authentications that can continue: publickey
>> debug1: Next authentication method: publickey
>> debug1: Offering public key: /home/bruce/.ssh/id_rsa.pub
>> debug1: Server accepts key: pkalg ssh-rsa blen 279
>> debug1: PEM_read_PrivateKey failed
>> debug1: read PEM private key done: type<unknown>
>> debug1: read_passphrase: can't open /dev/tty: No such device or address
>> debug1: No more authentication methods to try.
>> Permission denied (publickey).
>
> Do you use a passphrase on your private key? If you do, you will need to create
> a private/public key pair that does not have a passphrase.
>
> ssh-keygen -t rsa -f fookeyfile
>
> It will create a separate private key. It seems that you probably use a private key
> that is unlocked with gnome-ssh-agent when you are using your desktop. That is why
> it works when you do it interactively.
>
> Some will note that the having this private key would allow an attacker to get access to
> your your destination system if she compromised your server from which you are sending
> files. I believe in the authorized_keys file, you can put in that only a certain command
> is allowed to be executed.
>
> brian
The key definitely does not have a passphrase. That is what makes this
so curious.
More information about the vox-tech
mailing list