How do I recreate the magic ubuntu does with ssh keys?

[nbv4]

I followed the steps to create a SSH key on my local machine, and then I copied them over to my remote machine. I can now connect to my server via the ssh command without needing to enter a password. This is great. I created a script that invokes a script on my remote machine, then copies that file over to my local machine. Basically a two liner. Here is that script:

Code:

#! /bin/bash

ssh server "/srv/app/make_db_dump";
scp server:/srv/app/dump .;

exit

Pretty simple, right? I click on Applications -> Accessories -> Terminal. Then I cd into the directory where that script lives, and then I execute the script via "./script_name". It all works fine. Yay.

Now I want to take it a step further by having this script run every 6 hours via a cron job. So I add this to my crontab:

Code:

* */6 * * * "/path/to/script"

But it doesn't work because Ubuntu does some kind of magic when you launch a terminal that loads the SSH keys so they are available to the scp and ssh commands. This magic is not preformed when the script is invoked from cron. What do I need to do to invoke this magic? I've tried adding the following to the top of my script (the one that gets invoked by cron):

Code:

ssh-add
eval $(ssh-agent)
eval $(gnome-keyring-daemon)

and a few others, but no matter what I try, nothing seems to get the keys loaded so that they are found by the ssh/scp command. What do I need to do? I imagine the magic has to be somewhere in my .bachrc file, but theres nothing there. It really sucks to have to remember to run my backup script manually every few hours.

[KB1JWQ]

You can pass the key location via ssh -i; man ssh for more info on this.

[nbv4]

You can pass the key location via ssh -i; man ssh for more info on this.

It still doesn't work. Here is what my script looks like now:

Code:

#! /bin/bash

ssh -i ~/.ssh/id_rsa server "/srv/app/make_db_dump";
echo "after ssh";

scp -i ~/.ssh/id_rsa server:/srv/app/dump .;
echo "after scp";

exit

and it works fine when I run the script directly, but the cron job:

Code:

*/2 * * * * /path/to/myscript > /home/chris/err.log 2>&1

outputs this:

Code:

~$ cat err.log
Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,password).
after ssh
Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,password).
after scp

OK I think I just found the problem. I added "echo $USER" to the script, which outputs "chris" when I run from the command line, but when ran from cron, returns a blank line. This is very odd. I'm adding this crontab by typing "crontab -e" as the user "chris"

[KiLaHuRtZ]

You need to let cron know who it needs to run the script as...

Code:

*/2 * * * * [USER] /path/to/myscript > /home/chris/err.log 2>&1

Replace [USER] with the name of the user (i.e. you) that will run the script. In short, root is trying to ssh to the other box to which the key/ssh on the remote machine will deny root since he is not the permissible user due to the fact root does not own/hold the private key.

[nbv4]

You need to let cron know who it needs to run the script as...

Code:

*/2 * * * * [USER] /path/to/myscript > /home/chris/err.log 2>&1

Replace [USER] with the name of the user (i.e. you) that will run the script. In short, root is trying to ssh to the other box to which the key/ssh on the remote machine will deny root since he is not the permissible user due to the fact root does not own/hold the private key.

that just returns this:

/bin/sh: chris: not found

did you see my edit above? the crontab in question is my user's crontab, not root's...

[KiLaHuRtZ]

OK I think I just found the problem. I added "echo $USER" to the script, which outputs "chris" when I run from the command line, but when ran from cron, returns a blank line. This is very odd. I'm adding this crontab by typing "crontab -e" as the user "chris"

Ok, didn't see this before. I thought you were editing '/etc/crontab'.

Try this...

Code:

#!/bin/bash

SHELL=/bin/bash
HOME=/home/chris

pushd $HOME

ssh server "/srv/app/make_db_dump"
scp server:/srv/app/dump .

popd

exit 0;

[nbv4]

That just returns this:

Code:

~$ cat err.log
~ ~
Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,password).
after ssh
Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,password).
after scp
~

by the way, the permissions of my ~/.ssh/id_rsa is "-rw-------", if thats relevant

[KB1JWQ]

You need to strip the passphrase from the key for this to work. Or somehow hook into the running ssh-agent.

[KiLaHuRtZ]

Make a test script so we can see if it is having trouble reading you key and place that into your crontab file.

Script...

Code:

#!/bin/bash

# Echo some useful stuff.

echo "$USER" > /tmp/test
echo "$HOME" >> /tmp/test
echo "$SHELL" >> /tmp/test
echo "$PATH" >> /tmp/test

# See if we can read the key. -- DO NOT POST THIS IF IT CAN READ IT!!!!
                               # THIS IS YOUR PRIVATE KEY!!!!

cat /home/chris/.ssh/id_rsa >> /tmp/test

exit 0;

[KiLaHuRtZ]

Wait,.. you have a phase phrase on it? If so that's your problem. You have to make a key without a phase phrase. When you create they key, when it asks for one, just hit enter.