This is the mail archive of the cygwin@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

FW: Can cron run ssh commands?


Please send all replies to the Cygwin users' mailing list.
This serves two purposes:

  1. More people can see your problem description.  This
     will increase the chance that someone will know a
     solution to your problem.

  2. The problem and its solution are added to the
     mailing-list archives.  This is one of the main
     knowledge databases for Cygwin.  Even if a solution
     is not found, then other readers are made aware of
     the problem and know that it is not unique to them.

> -----Original Message-----
> From: Nathan Barham [mailto:nathan@sleepygeek.com]
> Sent: Wednesday, November 06, 2002 1:17 PM
> To: Harig, Mark A.
> Subject: Re: Can cron run ssh commands?
> 
> 
> Thanks for the reply,
> 
> I don't have ssmtp set up yet, so I took your suggestion and 
> tried redirecting 
> "env" and "ssh -v" output to a file.  Actually I did this 
> both from the 
> Administrator's command line, and from the Administrator's 
> crontab creating two 
> seperate files (attached) so I could compare.
> 
>  From the command line I ran these two commands:
> 
> /usr/bin/env > testcron.admin.txt
> ssh -v baby ls 2>> testcron.admin.txt
> 
>  From Administrator's crontab I did this:
> 
> 34 08 * * * /usr/bin/env > testcron.cron.txt
> 36 08 * * * ssh -v baby ls 2>> testcron.cron.txt
> 
> In comparing the output for the env command, I see that 
> Administrator's 
> environment contains more environmet varibales, most notably 
> those created by 
> ssh-agent, which is started by keychain in Administrator's 
> ~/.bash_profile
> 
> SSH_AGENT_PID=517
> SSH_AUTH_SOCK=/tmp/ssh-AhbAu553/agent.553
> 
> I also note that the $PATH variable for Administrator is 
> prepended with Cygwin's
> /usr/local/bin:/usr/bin:/usr/sbin: while it is *not* in the 
> cron/system 
> environment. i.e.
> 
> For Administrator:
> PATH=/usr/local/bin:/usr/bin:/usr/sbin:/c/WINNT/system32:/c/WI
> NNT: etc...
> 
> For cron/system:
> PATH=/c/WINNT/system32:/c/WINNT: etc ...
> 
> I'm assuming this is not the culprit however, since the ssh 
> command *is* found 
> even though the full path to it is not provided in the 
> crontab.  Is this because 
> the Administrator's $PATH is being used due to context switching?
> 
> In comparing the debug output from ssh -v, I see that when 
> run from the command 
> line as Administrator, publickey auth succeeds, but fails 
> when run from cron.  i.e.
> 
> # From command line:
> #
> debug1: authentications that can continue: 
> publickey,password,keyboard-interactive
> debug1: next auth method to try is publickey
> debug1: userauth_pubkey_agent: testing agent key 
> /home/Administrator/.ssh/id_rsa
> debug1: input_userauth_pk_ok: pkalg ssh-rsa blen 149 lastkey 
> 0x100cdae0 hint -1
> debug1: ssh-userauth2 successful: method publickey
> debug1: fd 6 setting O_NONBLOCK
> debug1: channel 0: new [client-session]
> debug1: send channel open 0
> debug1: Entering interactive session.
> 
> # From cron:
> #
> debug1: authentications that can continue: 
> publickey,password,keyboard-interactive
> debug1: next auth method to try is publickey
> debug1: try privkey: /home/Administrator/.ssh/identity
> debug1: try pubkey: /home/Administrator/.ssh/id_rsa
> debug1: input_userauth_pk_ok: pkalg ssh-rsa blen 149 lastkey 
> 0x100c4548 hint 1
> debug1: PEM_read_PrivateKey failed
> debug1: read PEM private key done: type <unknown>
> 
> It seems to me (in my newbie terminlogy) that either the 
> cron/system environment 
> needs to become aware of and use the Administrator's public key via 
> Administrator's SSH_AGENT and SSH_AUTH_SOCK env variables, or 
> that the SYSTEM 
> user needs to have it's own public key avalable for use.  I 
> don't know how to 
> proceed along either of these paths.  Any help is much appreciated.
> 
> 
> 
> Harig, Mark A. wrote:
> > Of course, a simpler alternative to setting up
> > 'ssmtp' with cron would be to write your
> > cron job to redirect the output of 'ssh -v ...'
> > to a file.
> > 
> > 
> >>-----Original Message-----
> >>From: Harig, Mark A. 
> >>Sent: Tuesday, November 05, 2002 3:40 PM
> >>To: nathan@sleepygeek.com; cygwin@cygwin.com
> >>Subject: RE: Can cron run ssh commands?
> >>
> >>
> >>
> >>Try adding '-v' to your ssh command in your cron job.
> >>This assumes that you have cron's integration with
> >>email working.  If you don't have the 'ssmtp' package
> >>installed (via setup.exe), then you'll want to do that
> >>so that any output is emailed to you.
> >>
> >>See: /usr/doc/Cygwin/
> >>                     cron.README
> >>                     ssmtp-<version>.README
> >>
> >>Of course, you should probably start with a simpler
> >>cron job, say, the output of '/usr/bin/env' so that
> >>you can see what cron thinks its environment is.
> >>
> >>
> >>
> >>>-----Original Message-----
> >>>From: Nathan Barham [mailto:nathan@sleepygeek.com]
> >>>Sent: Tuesday, November 05, 2002 3:09 PM
> >>>To: cygwin@cygwin.com
> >>>Subject: Can cron run ssh commands?
> >>>
> >>>
> >>>Hello all,
> >>>
> >>>I'm trying to use Cygwin to rsync between an NT 4 server and 
> >>>a Win2K server, 
> >>>using the "-e ssh" option to rsync.  It works beautifully at 
> >>>the command line 
> >>>like this:
> >>>
> >>>rsync -e ssh -trzv --delete /d/winapps/ 
> >>
> >>Administrator@baby:/c/winapps
> >>
> >>>My problem is that this won't work from cron, nor will any of 
> >>>the other Openssh 
> >>>tools (scp, ssh etc).  I have Cygwin sshd running as 
> >>>Administrator on the remote 
> >>>W2K box, i.e.*without* privsep.  I have Cygwin cron running 
> >>>as SYSTEM on the 
> >>>local NT 4 box.  I've tested cron and it works except for ssh 
> >>>stuff.  I also 
> >>>have ssh-agent loaded on the local box (via keychain), and I 
> >>>can ssh to the 
> >>>remote box as Administrator without typing a passphrase.
> >>>
> >>>I'm pretty sure my problem is related to permissions of the 
> >>>SYSTEM user and/or 
> >>>the switching of user context, but I can't figure out what to 
> >>>change.  I've read 
> >>>the user guide and FAQ, googled, and searched the mail 
> >>>archives, but if it's 
> >>>there I'm missing it.  Has anyone out there managed to 
> >>>automate ssh commands 
> >>>from cron?  If so can you please enlighten me, or at least 
> >>>kick me in the 
> >>>direction of self-enlightment?
> >>>
> >>>cygcheck stuff for each machine is attached.
> >>>
> >>>Thanks tons for any help.
> >>>
> >>>Nathan Barham
> >>>
> >>
> >>--
> >>Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> >>Bug reporting:         http://cygwin.com/bugs.html
> >>Documentation:         http://cygwin.com/docs.html
> >>FAQ:                   http://cygwin.com/faq/
> >>
> >>
> > 
> > 
> > --
> > Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
> > Bug reporting:         http://cygwin.com/bugs.html
> > Documentation:         http://cygwin.com/docs.html
> > FAQ:                   http://cygwin.com/faq/
> > 
> 
> 
COMPUTERNAME=MERLIN
COMSPEC=C:\WINNT\system32\cmd.exe
CYGWIN=binmode ntsec tty
HOME=/home/Administrator
HOMEDRIVE=D:
HOMEPATH=\cygwin\home\Administrator
LOGNAME=Administrator
LOGONSERVER=\\MERLIN
MAIL=/var/spool/mail/Administrator
MAKE_MODE=unix
MANPATH=:/usr/ssl/man
NTRESKIT=C:\NTRESKIT
NUMBER_OF_PROCESSORS=2
OLDPWD=/home/Administrator
OS2LIBPATH=C:\WINNT\system32\os2\dll;
OS=Windows_NT
PATH=/usr/local/bin:/usr/bin:/usr/sbin:/c/WINNT/system32:/c/WINNT:/c/NTRESKIT:/c/NTRESKIT/Perl:/c/Program Files/Common Files/Network Associates/VirusScan Engine/4.0.xx/:/d/WINAPPS/Network Associates/ePO/MSSQL7/BINN:/bin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 7 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0703
PS1=\[\033]0;\w\007
\033[32m\]\u@\h \[\033[33m\w\033[0m\]
$ 
PWD=/home/Administrator
SHELL=/bin/bash
SHLVL=1
SSH_AGENT_PID=517
SSH_AUTH_SOCK=/tmp/ssh-AhbAu553/agent.553
SSH_CLIENT=192.168.100.11 3901 22
SSH_TTY=/dev/tty0
SYSTEMDRIVE=C:
SYSTEMROOT=C:\WINNT
TERM=xterm
TZ=PST8PDT7,M4.1.0/2,M10.5.0/2
USER=Administrator
USERDOMAIN=BBH
USERNAME=Administrator
WINDIR=C:\WINNT
_=/usr/bin/env
 
OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090607f
debug1: Reading configuration data /etc/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to baby [192.168.90.10] port 22.
debug1: Connection established.
debug1: identity file /home/Administrator/.ssh/identity type -1
debug1: identity file /home/Administrator/.ssh/id_rsa type 1
debug1: identity file /home/Administrator/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.4p1
debug1: match: OpenSSH_3.4p1 pat OpenSSH*
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.4p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 132/256
debug1: bits set: 1623/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'baby' is known and matches the RSA host key.
debug1: Found key in /home/Administrator/.ssh/known_hosts:2
debug1: bits set: 1558/3191
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: next auth method to try is publickey
debug1: userauth_pubkey_agent: testing agent key /home/Administrator/.ssh/id_rsa
debug1: input_userauth_pk_ok: pkalg ssh-rsa blen 149 lastkey 0x100cdae0 hint -1
debug1: ssh-userauth2 successful: method publickey
debug1: fd 6 setting O_NONBLOCK
debug1: channel 0: new [client-session]
debug1: send channel open 0
debug1: Entering interactive session.
debug1: ssh_session2_setup: id 0
debug1: Sending command: ls
debug1: channel request 0: exec
debug1: channel 0: open confirm rwindow 0 rmax 32768
debug1: channel 0: rcvd eof
debug1: channel 0: output open -> drain
debug1: channel 0: obuf empty
debug1: channel 0: close_write
debug1: channel 0: output drain -> closed
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: rcvd close
debug1: channel 0: close_read
debug1: channel 0: input open -> closed
debug1: channel 0: almost dead
debug1: channel 0: gc: notify user
debug1: channel 0: gc: user detached
debug1: channel 0: send close
debug1: channel 0: is dead
debug1: channel 0: garbage collecting
debug1: channel_free: channel 0: client-session, nchannels 1
debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 1.4 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug1: Exit status 0
COMPUTERNAME=MERLIN
COMSPEC=C:\WINNT\system32\cmd.exe
CYGWIN=binmode tty ntsec
HOME=/home/Administrator
HOMEDRIVE=D:
HOMEPATH=\cygwin\home\Administrator
LOGNAME=Administrator
LOGONSERVER=\\MERLIN
NTRESKIT=C:\NTRESKIT
NUMBER_OF_PROCESSORS=2
OS2LIBPATH=C:\WINNT\system32\os2\dll;
OS=Windows_NT
PATH=/c/WINNT/system32:/c/WINNT:/c/NTRESKIT:/c/NTRESKIT/Perl:/c/Program Files/Common Files/Network Associates/VirusScan Engine/4.0.xx/:/d/WINAPPS/Network Associates/ePO/MSSQL7/BINN:/bin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 7 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0703
SHELL=/bin/sh
SYSTEMDRIVE=C:
SYSTEMROOT=C:\WINNT
TERM=cygwin
TZ=PST8PDT7,M4.1.0/2,M10.5.0/2
USERDOMAIN=BBH
USERNAME=Administrator
WINDIR=C:\WINNT

OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090607f
debug1: Reading configuration data /etc/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to baby [192.168.90.10] port 22.
debug1: Connection established.
debug1: identity file /home/Administrator/.ssh/identity type -1
debug1: identity file /home/Administrator/.ssh/id_rsa type 1
debug1: identity file /home/Administrator/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.4p1
debug1: match: OpenSSH_3.4p1 pat OpenSSH*
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.4p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 123/256
debug1: bits set: 1595/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'baby' is known and matches the RSA host key.
debug1: Found key in /home/Administrator/.ssh/known_hosts:2
debug1: bits set: 1620/3191
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: next auth method to try is publickey
debug1: try privkey: /home/Administrator/.ssh/identity
debug1: try pubkey: /home/Administrator/.ssh/id_rsa
debug1: input_userauth_pk_ok: pkalg ssh-rsa blen 149 lastkey 0x100c4548 hint 1
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
debug1: try privkey: /home/Administrator/.ssh/id_dsa
debug1: next auth method to try is keyboard-interactive
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: next auth method to try is password
debug1: authentications that can continue: publickey,password,keyboard-interactive
Permission denied, please try again.
debug1: authentications that can continue: publickey,password,keyboard-interactive
Permission denied, please try again.
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: no more auth methods to try
Permission denied (publickey,password,keyboard-interactive).
debug1: Calling cleanup 0x419440(0x0)

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]