You are not logged in.
I'm trying to figure out what the problem/solution is and its not only related to arch but to other distros as well.
My keys work fine in terminal but no go in cron
After some digging I found this https://bugs.archlinux.org/task/18781
so I changed my /etc/ssh/sshd_config to uncomment and modify AuthorizedKeysFile %h/.ssh/authorized_keys
as per instructions but I still get the same error
debug3: sign_and_send_pubkey
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
and yes I did restart the ssh deamon
Can someone help me out please, I have spent days debugging this thing and still see no light...
Last edited by Vladman (2010-09-19 19:47:17)
Offline
I have not tried this myself, but the following questions come to mind"
Where are your keys?
In your configuration, when cron runs, what is the UID?
Will that UID find the keys?
Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
The shortest way to ruin a country is to give power to demagogues.— Dionysius of Halicarnassus
---
How to Ask Questions the Smart Way
Offline
If you have ssh-agent running to manage your keys, try adding this at the beginning of whatever script(s) you call from cron:
auth=`find /tmp -user $LOGNAME -type s -name "*agent*" -print 2>/dev/null`
SSH_AUTH_SOCK=$auth
export SSH_AUTH_SOCK
I struggled with that same problem too
I have this in my .bashrc (I login via bash, no login-manager) to start ssh-agent:
function start_agent {
echo "Initialising new SSH agent..."
/usr/bin/ssh-agent | sed 's/^echo/#echo/' > "${SSH_ENV}"
echo succeeded
chmod 600 "${SSH_ENV}"
. "${SSH_ENV}" > /dev/null
find ~/.ssh -name '*_rsa' -exec /usr/bin/ssh-add '{}' \;
}
# Source SSH settings, if applicable
if [ -f "${SSH_ENV}" ]; then
. "${SSH_ENV}" > /dev/null
ps -ef | grep ${SSH_AGENT_PID} | grep ssh-agent$ > /dev/null || {
start_agent;
}
else
start_agent;
fi
\
By the way, I take no credit for this code (except for the 'find' line, because I have multiple keys) -- I just found and used it!
Good luck!
Scott
Offline
I have not tried this myself, but the following questions come to mind"
Where are your keys?
In your configuration, when cron runs, what is the UID?
Will that UID find the keys?
Thanks for a quick reply
1. /root/.ssh/id_dsa
2. debug1: permanently_set_uid: 0/0 (same as when I run it from root terminal)
3. It works if I run it manually with the same uid so i assume it should...
before you ask, I do use full paths in crontab
I'm not sure what else to try...
Offline
The cron shell does not have the same environment variables as your regular shell, so you'll need something like keychain.
It largely covers the same area as firecat's solution, but I find keychain very easy. I log in, run keychain, it asks me for all the passphrases to my keys (you have to tell it which keys to cache though), it will communicate those to the running ssh-agent (or start an instance if necessary). Once that's done you can call keychain in any script you use and it will use the cached SSH keys.
Got Leenucks? :: Arch: Power in simplicity :: Get Counted! Registered Linux User #392717 :: Blog thingy
Offline
The cron shell does not have the same environment variables as your regular shell, so you'll need something like keychain.
It largely covers the same area as firecat's solution, but I find keychain very easy. I log in, run keychain, it asks me for all the passphrases to my keys (you have to tell it which keys to cache though), it will communicate those to the running ssh-agent (or start an instance if necessary). Once that's done you can call keychain in any script you use and it will use the cached SSH keys.
Thanks B, I followed the wiki http://wiki.archlinux.org/index.php/Usi … g_keychain and it seems to work as far as remembering keys in shell but not in cron...
Is there something I need to do that is not covered in wiki?
I installed keychain and added
/usr/bin/keychain -Q -q --nogui ~/.ssh/id_dsa
[[ -f $HOME/.keychain/$HOSTNAME-sh ]] && source $HOME/.keychain/$HOSTNAME-sh
to /etc/profile.d/keychain.sh
when I login as root it asks me for the key pass and everything works but not in cron.
Scott thanks, I tried your idea but the second part is not working for me
/usr/bin/ssh-agent | sed 's/^echo/#echo/' > "${SSH_ENV}"
bash: : No such file or directory
Is the second part necessary if I have a keychain running?
Thank you all for trying to help, I really appreciate it, hopefully we can figure it out.
Offline
You don't need anything else running -- ssh-agent IS the keychain bundled with openssh.
Oh, and sorry I forgot the variable definition...goes before the function. Now it should work
SSH_ENV="$HOME/.ssh/environment"
Scott
Offline
You don't need anything else running -- ssh-agent IS the keychain bundled with openssh.
Oh, and sorry I forgot the variable definition...goes before the function. Now it should work
SSH_ENV="$HOME/.ssh/environment"
Scott
Thanks Scott, I seem to finally got it to work by adding
# Load keychain variables and check for id_dsa
[ -z "$HOSTNAME" ] && HOSTNAME=`uname -n`
. $HOME/.keychain/$HOSTNAME-sh 2>/dev/null
ssh-add -l 2>/dev/null | grep -q id_dsa || exit 1
before the the script I need to run.
Thanks for all your help guys!
Offline
You don't need anything else running -- ssh-agent IS the keychain bundled with openssh.
Oh, and sorry I forgot the variable definition...goes before the function. Now it should work
SSH_ENV="$HOME/.ssh/environment"
Scott
To each his own - but I prefer a single line like
´eval keychain´
in my scripts over four or five lines that you wil have to copy/paste every single time . Keychain is just a single command, you need to run ssh-add for every key you want to add, if I'm not mistaken.
Got Leenucks? :: Arch: Power in simplicity :: Get Counted! Registered Linux User #392717 :: Blog thingy
Offline
True -- I think when set all this up initially, I didn't know about keychain at the time, and it works for the few things I use so I never bothered to look for alternatives. I'm certainly not one of the 'MUST NOT INSTALL ANY EXTRA PACKAGES' crowd :-P I'll definitely look into setting it up, though...easy is good.
Thanks!
Scott
Offline