Cron – Execute rsync command over ssh with an ssh agent via crontab

cronrsync

i have a cronjob:

0 9 * * * rsync -a mydir remote_machine:

i installed this with 'crontab -e'. i have an ssh-agent running, and when i execute the rsync command itself it works w/o any user interaction or password entry, but the cronjob fails with the following message:

Date: Wed,  9 Dec 2009 11:11:00 -0600 (CST)
From: Cron Daemon <me@my_machine.my_domain>
To: me@my_machine.my_domain
Subject: Cron <me@my_machine> rsync -a /home/me/mydir remote_machine:

Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,gssapi-with-mic,password).
rsync: connection unexpectedly closed (0 bytes received so far) [sender]
rsync error: unexplained error (code 255) at /SourceCache/rsync/rsync-35.2/rsync/io.c(452)
[sender=2.6.9]

why doesn't this work? i know the cronjobs run w/ me as the user (if i run '* * * * * touch /tmp/a' i own the file) so i assume the rsync is logging in as me using my private key…

Best Answer

Your cron session shell has no knowledge of the ssh agent, so can't talk to it.

When the agent is started, you can put the information needed for the agent someplace for the cron session to pick up.

Example:

AGENT="ssh-agent -s"
if [ ! -d $HOME/.ssh/agent ]; then
        mkdir -p $HOME/.ssh/agent
fi
#
# Start an agent if there isn't one running already.
#
pid=`ps -u$LOGNAME | grep ssh-age | awk '{print $1}'`
if [ -z "$pid" ]; then
        $AGENT | grep -v echo > $HOME/.ssh/agent/$HOST & pid=$!
        sleep 1 # Let it fork and stuff
fi

Then add your key to the agent.

ssh-add $HOME/.ssh/id_dsa

Now your cron job should do this before attempting to use ssh:

#
# Get our parent to pick up the required SSH env vars.
#
. $HOME/.ssh/agent/$HOST

...after which, the ssh session should proceed normally.

Related Solutions

How to Use Rsync Over FTP

You don't. rsync can't do that for you, it is a protocol of its own and doesn't work over FTP.

You might, however, want to try csync. IIRC it provides rsync-like behaviour over HTTP. I can't comment on whether it works over FTP, you'll have to try it.

Ssh – Crontab + Rsync – nothing happens :(

Put full path to rsync even to your /usr/bin/backup, so the line in that file would start

/usr/bin/rsync <your other options>

And try to put a line like

logger -t my_backup Hello from /usr/bin/backup

to your /usr/bin/backup script and see if anything gets logged to /var/log/messages (or other log file, depending on your syslog setup). Alternatively you might replace the logger with

echo "Hello from /usr/bin/backup" >/tmp/backuptest

Oh, sometimes SELinux might cause problems like you have encountered. Is it in use?

Hope this helps.

EDIT: Make your /usr/bin/backup rsync line be like

/usr/bin/rsync <your options> || echo "rsync died with error code $?" >> your_log

Perhaps we'll catch why rsync is so upset.

YET ANOTHER EDIT: OK, rsync error code 5. That means

rsync error: error starting client-server protocol

Most of the time that happens due the wrong password, even though the message looks more cryptic.

If you manually run your rsync script as niklas, that works, right?

EDIT 3: Spotted your mention about keyring. I think cron doesn't use the same keyring than the user niklas during your login. That's why the login goes p00f when trying to run it from cron. Could you use a passwordless RSA key for this instead and just restrict it to run rsync?

EDIT 4: Use RSYNC_PASSWORD environment variable. That can be done by putting this to top of your backup script:

export RSYNC_PASSWORD="myprecioussssssss"

or if you would like to store the password in a textfile, create a file and provide a --password-file option to rsync.

If that doesn't work, you may provide -e 'ssh -o IdentityFile=/path/to/your_file option to rsync.

Best Answer

Related Solutions

How to Use Rsync Over FTP

Ssh – Crontab + Rsync – nothing happens :(

Related Topic