Bill East on 14 Apr 2012 19:53:19 -0700


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Rsync failing in cron due to ssh permissions



On Sat, Apr 14, 2012 at 9:11 PM, Rich Freeman <r-plug@thefreemanclan.net> wrote:
On Sat, Apr 14, 2012 at 5:42 PM, Bill East <wm.east@gmail.com> wrote:
> I've got a simple task, rsyncing a couple of directories. So I first tested
> in command line, then in a shell script, then in cron. The first two...
> worked. The last... didn't. Cron reported "failed to exec ssh - Permission
> denied (13)" So after some fruitless fiddling around I thought to try ssh on
> its own. A shell script that just did 'ssh -vv -l user -i /path/to/key
> destination.domain touch fred.txt'
>
> Again, worked from the command line and the script, failed from cron. I got
> the incredibly helpful cron error:
> /usr/bin/ssh: Permission denied.
>

Your key does not have a password on it, does it?  If so, you need to
provide that password to ssh.  If you are running ssh from the command
line and have an ssh-agent running it could be helpfully providing the
key for you, which cron won't have access to.


No password... this public key has been happily used by a Windows client running pscp for yoinks now. Of course, I guess I should have just known, the problem did turn out to be the PATH.

I found a helpful note in /usr/local/etc/sshd_config which showed the full path with which sshd was compiled on the server, and guessing that the client might like to have at least the same environment, exported that as the first step in the script. And that did the job.

Aha! Even though there is a /usr/bin/ssh, it looks like in the local environment I'm executing /usr/local/bin/ssh - and because I'm thick, I did not at first notice that /usr/bin/ssh is 644 - NOT 755. So when I was dutifully explicitly pathing /usr/bin/ssh in the script and the rsync -e, I was shooting myself in the foot.

As a final note I want to state that I've not been working on this all night. I went out after writing the last email, saw family and friends, ate a nice dinner and had some smart juice, then came back to figure all this out. Sometimes getting away from a problem really does let you look at it afresh.

___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug