FW: Can cron run ssh commands?
Nathan Barham
nathan@sleepygeek.com
Wed Nov 6 12:04:00 GMT 2002
Humble apoplgies. It was my intent to send it to the list. I think I must have
mistakenly typed in cygwin@cygwin.com in the Reply to: field instead of the To:
field. I'll resend my last reply so that it shows up in the same thread.
Harig, Mark A. wrote:
> Please send all replies to the Cygwin users' mailing list.
> This serves two purposes:
>
> 1. More people can see your problem description. This
> will increase the chance that someone will know a
> solution to your problem.
>
> 2. The problem and its solution are added to the
> mailing-list archives. This is one of the main
> knowledge databases for Cygwin. Even if a solution
> is not found, then other readers are made aware of
> the problem and know that it is not unique to them.
>
>
>>-----Original Message-----
>>From: Nathan Barham [mailto:nathan@sleepygeek.com]
>>Sent: Wednesday, November 06, 2002 1:17 PM
>>To: Harig, Mark A.
>>Subject: Re: Can cron run ssh commands?
>>
>>
>>Thanks for the reply,
>>
>>I don't have ssmtp set up yet, so I took your suggestion and
>>tried redirecting
>>"env" and "ssh -v" output to a file. Actually I did this
>>both from the
>>Administrator's command line, and from the Administrator's
>>crontab creating two
>>seperate files (attached) so I could compare.
>>
>> From the command line I ran these two commands:
>>
>>/usr/bin/env > testcron.admin.txt
>>ssh -v baby ls 2>> testcron.admin.txt
>>
>> From Administrator's crontab I did this:
>>
>>34 08 * * * /usr/bin/env > testcron.cron.txt
>>36 08 * * * ssh -v baby ls 2>> testcron.cron.txt
>>
>>In comparing the output for the env command, I see that
>>Administrator's
>>environment contains more environmet varibales, most notably
>>those created by
>>ssh-agent, which is started by keychain in Administrator's
>>~/.bash_profile
>>
>>SSH_AGENT_PID=517
>>SSH_AUTH_SOCK=/tmp/ssh-AhbAu553/agent.553
>>
>>I also note that the $PATH variable for Administrator is
>>prepended with Cygwin's
>>/usr/local/bin:/usr/bin:/usr/sbin: while it is *not* in the
>>cron/system
>>environment. i.e.
>>
>>For Administrator:
>>PATH=/usr/local/bin:/usr/bin:/usr/sbin:/c/WINNT/system32:/c/WI
>>NNT: etc...
>>
>>For cron/system:
>>PATH=/c/WINNT/system32:/c/WINNT: etc ...
>>
>>I'm assuming this is not the culprit however, since the ssh
>>command *is* found
>>even though the full path to it is not provided in the
>>crontab. Is this because
>>the Administrator's $PATH is being used due to context switching?
>>
>>In comparing the debug output from ssh -v, I see that when
>>run from the command
>>line as Administrator, publickey auth succeeds, but fails
>>when run from cron. i.e.
>>
>># From command line:
>>#
>>debug1: authentications that can continue:
>>publickey,password,keyboard-interactive
>>debug1: next auth method to try is publickey
>>debug1: userauth_pubkey_agent: testing agent key
>>/home/Administrator/.ssh/id_rsa
>>debug1: input_userauth_pk_ok: pkalg ssh-rsa blen 149 lastkey
>>0x100cdae0 hint -1
>>debug1: ssh-userauth2 successful: method publickey
>>debug1: fd 6 setting O_NONBLOCK
>>debug1: channel 0: new [client-session]
>>debug1: send channel open 0
>>debug1: Entering interactive session.
>>
>># From cron:
>>#
>>debug1: authentications that can continue:
>>publickey,password,keyboard-interactive
>>debug1: next auth method to try is publickey
>>debug1: try privkey: /home/Administrator/.ssh/identity
>>debug1: try pubkey: /home/Administrator/.ssh/id_rsa
>>debug1: input_userauth_pk_ok: pkalg ssh-rsa blen 149 lastkey
>>0x100c4548 hint 1
>>debug1: PEM_read_PrivateKey failed
>>debug1: read PEM private key done: type <unknown>
>>
>>It seems to me (in my newbie terminlogy) that either the
>>cron/system environment
>>needs to become aware of and use the Administrator's public key via
>>Administrator's SSH_AGENT and SSH_AUTH_SOCK env variables, or
>>that the SYSTEM
>>user needs to have it's own public key avalable for use. I
>>don't know how to
>>proceed along either of these paths. Any help is much appreciated.
>>
>>
>>
>>Harig, Mark A. wrote:
>>
>>>Of course, a simpler alternative to setting up
>>>'ssmtp' with cron would be to write your
>>>cron job to redirect the output of 'ssh -v ...'
>>>to a file.
>>>
>>>
>>>
>>>>-----Original Message-----
>>>>From: Harig, Mark A.
>>>>Sent: Tuesday, November 05, 2002 3:40 PM
>>>>To: nathan@sleepygeek.com; cygwin@cygwin.com
>>>>Subject: RE: Can cron run ssh commands?
>>>>
>>>>
>>>>
>>>>Try adding '-v' to your ssh command in your cron job.
>>>>This assumes that you have cron's integration with
>>>>email working. If you don't have the 'ssmtp' package
>>>>installed (via setup.exe), then you'll want to do that
>>>>so that any output is emailed to you.
>>>>
>>>>See: /usr/doc/Cygwin/
>>>> cron.README
>>>> ssmtp-<version>.README
>>>>
>>>>Of course, you should probably start with a simpler
>>>>cron job, say, the output of '/usr/bin/env' so that
>>>>you can see what cron thinks its environment is.
>>>>
>>>>
>>>>
>>>>
>>>>>-----Original Message-----
>>>>>From: Nathan Barham [mailto:nathan@sleepygeek.com]
>>>>>Sent: Tuesday, November 05, 2002 3:09 PM
>>>>>To: cygwin@cygwin.com
>>>>>Subject: Can cron run ssh commands?
>>>>>
>>>>>
>>>>>Hello all,
>>>>>
>>>>>I'm trying to use Cygwin to rsync between an NT 4 server and
>>>>>a Win2K server,
>>>>>using the "-e ssh" option to rsync. It works beautifully at
>>>>>the command line
>>>>>like this:
>>>>>
>>>>>rsync -e ssh -trzv --delete /d/winapps/
>>>>
>>>>Administrator@baby:/c/winapps
>>>>
>>>>
>>>>>My problem is that this won't work from cron, nor will any of
>>>>>the other Openssh
>>>>>tools (scp, ssh etc). I have Cygwin sshd running as
>>>>>Administrator on the remote
>>>>>W2K box, i.e.*without* privsep. I have Cygwin cron running
>>>>>as SYSTEM on the
>>>>>local NT 4 box. I've tested cron and it works except for ssh
>>>>>stuff. I also
>>>>>have ssh-agent loaded on the local box (via keychain), and I
>>>>>can ssh to the
>>>>>remote box as Administrator without typing a passphrase.
>>>>>
>>>>>I'm pretty sure my problem is related to permissions of the
>>>>>SYSTEM user and/or
>>>>>the switching of user context, but I can't figure out what to
>>>>>change. I've read
>>>>>the user guide and FAQ, googled, and searched the mail
>>>>>archives, but if it's
>>>>>there I'm missing it. Has anyone out there managed to
>>>>>automate ssh commands
>>>>
>>>>>from cron? If so can you please enlighten me, or at least
>>>>
>>>>>kick me in the
>>>>>direction of self-enlightment?
>>>>>
>>>>>cygcheck stuff for each machine is attached.
>>>>>
>>>>>Thanks tons for any help.
>>>>>
>>>>>Nathan Barham
>>>>>
>>>>
>>>>--
>>>>Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
>>>>Bug reporting: http://cygwin.com/bugs.html
>>>>Documentation: http://cygwin.com/docs.html
>>>>FAQ: http://cygwin.com/faq/
>>>>
>>>>
>>>
>>>
>>>--
>>>Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
>>>Bug reporting: http://cygwin.com/bugs.html
>>>Documentation: http://cygwin.com/docs.html
>>>FAQ: http://cygwin.com/faq/
>>>
>>
>
>
> ------------------------------------------------------------------------
>
> COMPUTERNAME=MERLIN
> COMSPEC=C:\WINNT\system32\cmd.exe
> CYGWIN=binmode ntsec tty
> HOME=/home/Administrator
> HOMEDRIVE=D:
> HOMEPATH=\cygwin\home\Administrator
> LOGNAME=Administrator
> LOGONSERVER=\\MERLIN
> MAIL=/var/spool/mail/Administrator
> MAKE_MODE=unix
> MANPATH=:/usr/ssl/man
> NTRESKIT=C:\NTRESKIT
> NUMBER_OF_PROCESSORS=2
> OLDPWD=/home/Administrator
> OS2LIBPATH=C:\WINNT\system32\os2\dll;
> OS=Windows_NT
> PATH=/usr/local/bin:/usr/bin:/usr/sbin:/c/WINNT/system32:/c/WINNT:/c/NTRESKIT:/c/NTRESKIT/Perl:/c/Program Files/Common Files/Network Associates/VirusScan Engine/4.0.xx/:/d/WINAPPS/Network Associates/ePO/MSSQL7/BINN:/bin
> PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
> PROCESSOR_ARCHITECTURE=x86
> PROCESSOR_IDENTIFIER=x86 Family 6 Model 7 Stepping 3, GenuineIntel
> PROCESSOR_LEVEL=6
> PROCESSOR_REVISION=0703
> PS1=\[\033]0;\w\007
> \033[32m\]\u@\h \[\033[33m\w\033[0m\]
> $
> PWD=/home/Administrator
> SHELL=/bin/bash
> SHLVL=1
> SSH_AGENT_PID=517
> SSH_AUTH_SOCK=/tmp/ssh-AhbAu553/agent.553
> SSH_CLIENT=192.168.100.11 3901 22
> SSH_TTY=/dev/tty0
> SYSTEMDRIVE=C:
> SYSTEMROOT=C:\WINNT
> TERM=xterm
> TZ=PST8PDT7,M4.1.0/2,M10.5.0/2
> USER=Administrator
> USERDOMAIN=BBH
> USERNAME=Administrator
> WINDIR=C:\WINNT
> _=/usr/bin/env
>
> OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090607f
> debug1: Reading configuration data /etc/ssh_config
> debug1: Rhosts Authentication disabled, originating port will not be trusted.
> debug1: ssh_connect: needpriv 0
> debug1: Connecting to baby [192.168.90.10] port 22.
> debug1: Connection established.
> debug1: identity file /home/Administrator/.ssh/identity type -1
> debug1: identity file /home/Administrator/.ssh/id_rsa type 1
> debug1: identity file /home/Administrator/.ssh/id_dsa type -1
> debug1: Remote protocol version 1.99, remote software version OpenSSH_3.4p1
> debug1: match: OpenSSH_3.4p1 pat OpenSSH*
> Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_3.4p1
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug1: kex: server->client aes128-cbc hmac-md5 none
> debug1: kex: client->server aes128-cbc hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> debug1: dh_gen_key: priv key bits set: 132/256
> debug1: bits set: 1623/3191
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> debug1: Host 'baby' is known and matches the RSA host key.
> debug1: Found key in /home/Administrator/.ssh/known_hosts:2
> debug1: bits set: 1558/3191
> debug1: ssh_rsa_verify: signature correct
> debug1: kex_derive_keys
> debug1: newkeys: mode 1
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: waiting for SSH2_MSG_NEWKEYS
> debug1: newkeys: mode 0
> debug1: SSH2_MSG_NEWKEYS received
> debug1: done: ssh_kex2.
> debug1: send SSH2_MSG_SERVICE_REQUEST
> debug1: service_accept: ssh-userauth
> debug1: got SSH2_MSG_SERVICE_ACCEPT
> debug1: authentications that can continue: publickey,password,keyboard-interactive
> debug1: next auth method to try is publickey
> debug1: userauth_pubkey_agent: testing agent key /home/Administrator/.ssh/id_rsa
> debug1: input_userauth_pk_ok: pkalg ssh-rsa blen 149 lastkey 0x100cdae0 hint -1
> debug1: ssh-userauth2 successful: method publickey
> debug1: fd 6 setting O_NONBLOCK
> debug1: channel 0: new [client-session]
> debug1: send channel open 0
> debug1: Entering interactive session.
> debug1: ssh_session2_setup: id 0
> debug1: Sending command: ls
> debug1: channel request 0: exec
> debug1: channel 0: open confirm rwindow 0 rmax 32768
> debug1: channel 0: rcvd eof
> debug1: channel 0: output open -> drain
> debug1: channel 0: obuf empty
> debug1: channel 0: close_write
> debug1: channel 0: output drain -> closed
> debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
> debug1: channel 0: rcvd close
> debug1: channel 0: close_read
> debug1: channel 0: input open -> closed
> debug1: channel 0: almost dead
> debug1: channel 0: gc: notify user
> debug1: channel 0: gc: user detached
> debug1: channel 0: send close
> debug1: channel 0: is dead
> debug1: channel 0: garbage collecting
> debug1: channel_free: channel 0: client-session, nchannels 1
> debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 1.4 seconds
> debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
> debug1: Exit status 0
>
>
> ------------------------------------------------------------------------
>
> COMPUTERNAME=MERLIN
> COMSPEC=C:\WINNT\system32\cmd.exe
> CYGWIN=binmode tty ntsec
> HOME=/home/Administrator
> HOMEDRIVE=D:
> HOMEPATH=\cygwin\home\Administrator
> LOGNAME=Administrator
> LOGONSERVER=\\MERLIN
> NTRESKIT=C:\NTRESKIT
> NUMBER_OF_PROCESSORS=2
> OS2LIBPATH=C:\WINNT\system32\os2\dll;
> OS=Windows_NT
> PATH=/c/WINNT/system32:/c/WINNT:/c/NTRESKIT:/c/NTRESKIT/Perl:/c/Program Files/Common Files/Network Associates/VirusScan Engine/4.0.xx/:/d/WINAPPS/Network Associates/ePO/MSSQL7/BINN:/bin
> PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
> PROCESSOR_ARCHITECTURE=x86
> PROCESSOR_IDENTIFIER=x86 Family 6 Model 7 Stepping 3, GenuineIntel
> PROCESSOR_LEVEL=6
> PROCESSOR_REVISION=0703
> SHELL=/bin/sh
> SYSTEMDRIVE=C:
> SYSTEMROOT=C:\WINNT
> TERM=cygwin
> TZ=PST8PDT7,M4.1.0/2,M10.5.0/2
> USERDOMAIN=BBH
> USERNAME=Administrator
> WINDIR=C:\WINNT
>
> OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090607f
> debug1: Reading configuration data /etc/ssh_config
> debug1: Rhosts Authentication disabled, originating port will not be trusted.
> debug1: ssh_connect: needpriv 0
> debug1: Connecting to baby [192.168.90.10] port 22.
> debug1: Connection established.
> debug1: identity file /home/Administrator/.ssh/identity type -1
> debug1: identity file /home/Administrator/.ssh/id_rsa type 1
> debug1: identity file /home/Administrator/.ssh/id_dsa type -1
> debug1: Remote protocol version 1.99, remote software version OpenSSH_3.4p1
> debug1: match: OpenSSH_3.4p1 pat OpenSSH*
> Enabling compatibility mode for protocol 2.0
> debug1: Local version string SSH-2.0-OpenSSH_3.4p1
> debug1: SSH2_MSG_KEXINIT sent
> debug1: SSH2_MSG_KEXINIT received
> debug1: kex: server->client aes128-cbc hmac-md5 none
> debug1: kex: client->server aes128-cbc hmac-md5 none
> debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
> debug1: dh_gen_key: priv key bits set: 123/256
> debug1: bits set: 1595/3191
> debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
> debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
> debug1: Host 'baby' is known and matches the RSA host key.
> debug1: Found key in /home/Administrator/.ssh/known_hosts:2
> debug1: bits set: 1620/3191
> debug1: ssh_rsa_verify: signature correct
> debug1: kex_derive_keys
> debug1: newkeys: mode 1
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: waiting for SSH2_MSG_NEWKEYS
> debug1: newkeys: mode 0
> debug1: SSH2_MSG_NEWKEYS received
> debug1: done: ssh_kex2.
> debug1: send SSH2_MSG_SERVICE_REQUEST
> debug1: service_accept: ssh-userauth
> debug1: got SSH2_MSG_SERVICE_ACCEPT
> debug1: authentications that can continue: publickey,password,keyboard-interactive
> debug1: next auth method to try is publickey
> debug1: try privkey: /home/Administrator/.ssh/identity
> debug1: try pubkey: /home/Administrator/.ssh/id_rsa
> debug1: input_userauth_pk_ok: pkalg ssh-rsa blen 149 lastkey 0x100c4548 hint 1
> debug1: PEM_read_PrivateKey failed
> debug1: read PEM private key done: type <unknown>
> debug1: try privkey: /home/Administrator/.ssh/id_dsa
> debug1: next auth method to try is keyboard-interactive
> debug1: authentications that can continue: publickey,password,keyboard-interactive
> debug1: next auth method to try is password
> debug1: authentications that can continue: publickey,password,keyboard-interactive
> Permission denied, please try again.
> debug1: authentications that can continue: publickey,password,keyboard-interactive
> Permission denied, please try again.
> debug1: authentications that can continue: publickey,password,keyboard-interactive
> debug1: no more auth methods to try
> Permission denied (publickey,password,keyboard-interactive).
> debug1: Calling cleanup 0x419440(0x0)
>
>
>
> ------------------------------------------------------------------------
>
> --
> Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
> Bug reporting: http://cygwin.com/bugs.html
> Documentation: http://cygwin.com/docs.html
> FAQ: http://cygwin.com/faq/
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Bug reporting: http://cygwin.com/bugs.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
More information about the Cygwin
mailing list