Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Message-ID: <3DC975CB.9080505@sleepygeek.com> Date: Wed, 06 Nov 2002 12:04:27 -0800 From: Nathan Barham User-Agent: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0 X-Accept-Language: en-us, en MIME-Version: 1.0 To: cygwin AT cygwin DOT com Subject: Re: FW: Can cron run ssh commands? References: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Humble apoplgies. It was my intent to send it to the list. I think I must have mistakenly typed in cygwin AT cygwin DOT com in the Reply to: field instead of the To: field. I'll resend my last reply so that it shows up in the same thread. Harig, Mark A. wrote: > Please send all replies to the Cygwin users' mailing list. > This serves two purposes: > > 1. More people can see your problem description. This > will increase the chance that someone will know a > solution to your problem. > > 2. The problem and its solution are added to the > mailing-list archives. This is one of the main > knowledge databases for Cygwin. Even if a solution > is not found, then other readers are made aware of > the problem and know that it is not unique to them. > > >>-----Original Message----- >>From: Nathan Barham [mailto:nathan AT sleepygeek DOT com] >>Sent: Wednesday, November 06, 2002 1:17 PM >>To: Harig, Mark A. >>Subject: Re: Can cron run ssh commands? >> >> >>Thanks for the reply, >> >>I don't have ssmtp set up yet, so I took your suggestion and >>tried redirecting >>"env" and "ssh -v" output to a file. Actually I did this >>both from the >>Administrator's command line, and from the Administrator's >>crontab creating two >>seperate files (attached) so I could compare. >> >> From the command line I ran these two commands: >> >>/usr/bin/env > testcron.admin.txt >>ssh -v baby ls 2>> testcron.admin.txt >> >> From Administrator's crontab I did this: >> >>34 08 * * * /usr/bin/env > testcron.cron.txt >>36 08 * * * ssh -v baby ls 2>> testcron.cron.txt >> >>In comparing the output for the env command, I see that >>Administrator's >>environment contains more environmet varibales, most notably >>those created by >>ssh-agent, which is started by keychain in Administrator's >>~/.bash_profile >> >>SSH_AGENT_PID=517 >>SSH_AUTH_SOCK=/tmp/ssh-AhbAu553/agent.553 >> >>I also note that the $PATH variable for Administrator is >>prepended with Cygwin's >>/usr/local/bin:/usr/bin:/usr/sbin: while it is *not* in the >>cron/system >>environment. i.e. >> >>For Administrator: >>PATH=/usr/local/bin:/usr/bin:/usr/sbin:/c/WINNT/system32:/c/WI >>NNT: etc... >> >>For cron/system: >>PATH=/c/WINNT/system32:/c/WINNT: etc ... >> >>I'm assuming this is not the culprit however, since the ssh >>command *is* found >>even though the full path to it is not provided in the >>crontab. Is this because >>the Administrator's $PATH is being used due to context switching? >> >>In comparing the debug output from ssh -v, I see that when >>run from the command >>line as Administrator, publickey auth succeeds, but fails >>when run from cron. i.e. >> >># From command line: >># >>debug1: authentications that can continue: >>publickey,password,keyboard-interactive >>debug1: next auth method to try is publickey >>debug1: userauth_pubkey_agent: testing agent key >>/home/Administrator/.ssh/id_rsa >>debug1: input_userauth_pk_ok: pkalg ssh-rsa blen 149 lastkey >>0x100cdae0 hint -1 >>debug1: ssh-userauth2 successful: method publickey >>debug1: fd 6 setting O_NONBLOCK >>debug1: channel 0: new [client-session] >>debug1: send channel open 0 >>debug1: Entering interactive session. >> >># From cron: >># >>debug1: authentications that can continue: >>publickey,password,keyboard-interactive >>debug1: next auth method to try is publickey >>debug1: try privkey: /home/Administrator/.ssh/identity >>debug1: try pubkey: /home/Administrator/.ssh/id_rsa >>debug1: input_userauth_pk_ok: pkalg ssh-rsa blen 149 lastkey >>0x100c4548 hint 1 >>debug1: PEM_read_PrivateKey failed >>debug1: read PEM private key done: type >> >>It seems to me (in my newbie terminlogy) that either the >>cron/system environment >>needs to become aware of and use the Administrator's public key via >>Administrator's SSH_AGENT and SSH_AUTH_SOCK env variables, or >>that the SYSTEM >>user needs to have it's own public key avalable for use. I >>don't know how to >>proceed along either of these paths. Any help is much appreciated. >> >> >> >>Harig, Mark A. wrote: >> >>>Of course, a simpler alternative to setting up >>>'ssmtp' with cron would be to write your >>>cron job to redirect the output of 'ssh -v ...' >>>to a file. >>> >>> >>> >>>>-----Original Message----- >>>>From: Harig, Mark A. >>>>Sent: Tuesday, November 05, 2002 3:40 PM >>>>To: nathan AT sleepygeek DOT com; cygwin AT cygwin DOT com >>>>Subject: RE: Can cron run ssh commands? >>>> >>>> >>>> >>>>Try adding '-v' to your ssh command in your cron job. >>>>This assumes that you have cron's integration with >>>>email working. If you don't have the 'ssmtp' package >>>>installed (via setup.exe), then you'll want to do that >>>>so that any output is emailed to you. >>>> >>>>See: /usr/doc/Cygwin/ >>>> cron.README >>>> ssmtp-.README >>>> >>>>Of course, you should probably start with a simpler >>>>cron job, say, the output of '/usr/bin/env' so that >>>>you can see what cron thinks its environment is. >>>> >>>> >>>> >>>> >>>>>-----Original Message----- >>>>>From: Nathan Barham [mailto:nathan AT sleepygeek DOT com] >>>>>Sent: Tuesday, November 05, 2002 3:09 PM >>>>>To: cygwin AT cygwin DOT com >>>>>Subject: Can cron run ssh commands? >>>>> >>>>> >>>>>Hello all, >>>>> >>>>>I'm trying to use Cygwin to rsync between an NT 4 server and >>>>>a Win2K server, >>>>>using the "-e ssh" option to rsync. It works beautifully at >>>>>the command line >>>>>like this: >>>>> >>>>>rsync -e ssh -trzv --delete /d/winapps/ >>>> >>>>Administrator AT baby:/c/winapps >>>> >>>> >>>>>My problem is that this won't work from cron, nor will any of >>>>>the other Openssh >>>>>tools (scp, ssh etc). I have Cygwin sshd running as >>>>>Administrator on the remote >>>>>W2K box, i.e.*without* privsep. I have Cygwin cron running >>>>>as SYSTEM on the >>>>>local NT 4 box. I've tested cron and it works except for ssh >>>>>stuff. I also >>>>>have ssh-agent loaded on the local box (via keychain), and I >>>>>can ssh to the >>>>>remote box as Administrator without typing a passphrase. >>>>> >>>>>I'm pretty sure my problem is related to permissions of the >>>>>SYSTEM user and/or >>>>>the switching of user context, but I can't figure out what to >>>>>change. I've read >>>>>the user guide and FAQ, googled, and searched the mail >>>>>archives, but if it's >>>>>there I'm missing it. Has anyone out there managed to >>>>>automate ssh commands >>>> >>>>>from cron? If so can you please enlighten me, or at least >>>> >>>>>kick me in the >>>>>direction of self-enlightment? >>>>> >>>>>cygcheck stuff for each machine is attached. >>>>> >>>>>Thanks tons for any help. >>>>> >>>>>Nathan Barham >>>>> >>>> >>>>-- >>>>Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple >>>>Bug reporting: http://cygwin.com/bugs.html >>>>Documentation: http://cygwin.com/docs.html >>>>FAQ: http://cygwin.com/faq/ >>>> >>>> >>> >>> >>>-- >>>Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple >>>Bug reporting: http://cygwin.com/bugs.html >>>Documentation: http://cygwin.com/docs.html >>>FAQ: http://cygwin.com/faq/ >>> >> > > > ------------------------------------------------------------------------ > > COMPUTERNAME=MERLIN > COMSPEC=C:\WINNT\system32\cmd.exe > CYGWIN=binmode ntsec tty > HOME=/home/Administrator > HOMEDRIVE=D: > HOMEPATH=\cygwin\home\Administrator > LOGNAME=Administrator > LOGONSERVER=\\MERLIN > MAIL=/var/spool/mail/Administrator > MAKE_MODE=unix > MANPATH=:/usr/ssl/man > NTRESKIT=C:\NTRESKIT > NUMBER_OF_PROCESSORS=2 > OLDPWD=/home/Administrator > OS2LIBPATH=C:\WINNT\system32\os2\dll; > OS=Windows_NT > PATH=/usr/local/bin:/usr/bin:/usr/sbin:/c/WINNT/system32:/c/WINNT:/c/NTRESKIT:/c/NTRESKIT/Perl:/c/Program Files/Common Files/Network Associates/VirusScan Engine/4.0.xx/:/d/WINAPPS/Network Associates/ePO/MSSQL7/BINN:/bin > PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH > PROCESSOR_ARCHITECTURE=x86 > PROCESSOR_IDENTIFIER=x86 Family 6 Model 7 Stepping 3, GenuineIntel > PROCESSOR_LEVEL=6 > PROCESSOR_REVISION=0703 > PS1=\[\033]0;\w\007 > \033[32m\]\u@\h \[\033[33m\w\033[0m\] > $ > PWD=/home/Administrator > SHELL=/bin/bash > SHLVL=1 > SSH_AGENT_PID=517 > SSH_AUTH_SOCK=/tmp/ssh-AhbAu553/agent.553 > SSH_CLIENT=192.168.100.11 3901 22 > SSH_TTY=/dev/tty0 > SYSTEMDRIVE=C: > SYSTEMROOT=C:\WINNT > TERM=xterm > TZ=PST8PDT7,M4.1.0/2,M10.5.0/2 > USER=Administrator > USERDOMAIN=BBH > USERNAME=Administrator > WINDIR=C:\WINNT > _=/usr/bin/env > > OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090607f > debug1: Reading configuration data /etc/ssh_config > debug1: Rhosts Authentication disabled, originating port will not be trusted. > debug1: ssh_connect: needpriv 0 > debug1: Connecting to baby [192.168.90.10] port 22. > debug1: Connection established. > debug1: identity file /home/Administrator/.ssh/identity type -1 > debug1: identity file /home/Administrator/.ssh/id_rsa type 1 > debug1: identity file /home/Administrator/.ssh/id_dsa type -1 > debug1: Remote protocol version 1.99, remote software version OpenSSH_3.4p1 > debug1: match: OpenSSH_3.4p1 pat OpenSSH* > Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_3.4p1 > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug1: kex: server->client aes128-cbc hmac-md5 none > debug1: kex: client->server aes128-cbc hmac-md5 none > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP > debug1: dh_gen_key: priv key bits set: 132/256 > debug1: bits set: 1623/3191 > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY > debug1: Host 'baby' is known and matches the RSA host key. > debug1: Found key in /home/Administrator/.ssh/known_hosts:2 > debug1: bits set: 1558/3191 > debug1: ssh_rsa_verify: signature correct > debug1: kex_derive_keys > debug1: newkeys: mode 1 > debug1: SSH2_MSG_NEWKEYS sent > debug1: waiting for SSH2_MSG_NEWKEYS > debug1: newkeys: mode 0 > debug1: SSH2_MSG_NEWKEYS received > debug1: done: ssh_kex2. > debug1: send SSH2_MSG_SERVICE_REQUEST > debug1: service_accept: ssh-userauth > debug1: got SSH2_MSG_SERVICE_ACCEPT > debug1: authentications that can continue: publickey,password,keyboard-interactive > debug1: next auth method to try is publickey > debug1: userauth_pubkey_agent: testing agent key /home/Administrator/.ssh/id_rsa > debug1: input_userauth_pk_ok: pkalg ssh-rsa blen 149 lastkey 0x100cdae0 hint -1 > debug1: ssh-userauth2 successful: method publickey > debug1: fd 6 setting O_NONBLOCK > debug1: channel 0: new [client-session] > debug1: send channel open 0 > debug1: Entering interactive session. > debug1: ssh_session2_setup: id 0 > debug1: Sending command: ls > debug1: channel request 0: exec > debug1: channel 0: open confirm rwindow 0 rmax 32768 > debug1: channel 0: rcvd eof > debug1: channel 0: output open -> drain > debug1: channel 0: obuf empty > debug1: channel 0: close_write > debug1: channel 0: output drain -> closed > debug1: client_input_channel_req: channel 0 rtype exit-status reply 0 > debug1: channel 0: rcvd close > debug1: channel 0: close_read > debug1: channel 0: input open -> closed > debug1: channel 0: almost dead > debug1: channel 0: gc: notify user > debug1: channel 0: gc: user detached > debug1: channel 0: send close > debug1: channel 0: is dead > debug1: channel 0: garbage collecting > debug1: channel_free: channel 0: client-session, nchannels 1 > debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 1.4 seconds > debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0 > debug1: Exit status 0 > > > ------------------------------------------------------------------------ > > COMPUTERNAME=MERLIN > COMSPEC=C:\WINNT\system32\cmd.exe > CYGWIN=binmode tty ntsec > HOME=/home/Administrator > HOMEDRIVE=D: > HOMEPATH=\cygwin\home\Administrator > LOGNAME=Administrator > LOGONSERVER=\\MERLIN > NTRESKIT=C:\NTRESKIT > NUMBER_OF_PROCESSORS=2 > OS2LIBPATH=C:\WINNT\system32\os2\dll; > OS=Windows_NT > PATH=/c/WINNT/system32:/c/WINNT:/c/NTRESKIT:/c/NTRESKIT/Perl:/c/Program Files/Common Files/Network Associates/VirusScan Engine/4.0.xx/:/d/WINAPPS/Network Associates/ePO/MSSQL7/BINN:/bin > PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH > PROCESSOR_ARCHITECTURE=x86 > PROCESSOR_IDENTIFIER=x86 Family 6 Model 7 Stepping 3, GenuineIntel > PROCESSOR_LEVEL=6 > PROCESSOR_REVISION=0703 > SHELL=/bin/sh > SYSTEMDRIVE=C: > SYSTEMROOT=C:\WINNT > TERM=cygwin > TZ=PST8PDT7,M4.1.0/2,M10.5.0/2 > USERDOMAIN=BBH > USERNAME=Administrator > WINDIR=C:\WINNT > > OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090607f > debug1: Reading configuration data /etc/ssh_config > debug1: Rhosts Authentication disabled, originating port will not be trusted. > debug1: ssh_connect: needpriv 0 > debug1: Connecting to baby [192.168.90.10] port 22. > debug1: Connection established. > debug1: identity file /home/Administrator/.ssh/identity type -1 > debug1: identity file /home/Administrator/.ssh/id_rsa type 1 > debug1: identity file /home/Administrator/.ssh/id_dsa type -1 > debug1: Remote protocol version 1.99, remote software version OpenSSH_3.4p1 > debug1: match: OpenSSH_3.4p1 pat OpenSSH* > Enabling compatibility mode for protocol 2.0 > debug1: Local version string SSH-2.0-OpenSSH_3.4p1 > debug1: SSH2_MSG_KEXINIT sent > debug1: SSH2_MSG_KEXINIT received > debug1: kex: server->client aes128-cbc hmac-md5 none > debug1: kex: client->server aes128-cbc hmac-md5 none > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP > debug1: dh_gen_key: priv key bits set: 123/256 > debug1: bits set: 1595/3191 > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY > debug1: Host 'baby' is known and matches the RSA host key. > debug1: Found key in /home/Administrator/.ssh/known_hosts:2 > debug1: bits set: 1620/3191 > debug1: ssh_rsa_verify: signature correct > debug1: kex_derive_keys > debug1: newkeys: mode 1 > debug1: SSH2_MSG_NEWKEYS sent > debug1: waiting for SSH2_MSG_NEWKEYS > debug1: newkeys: mode 0 > debug1: SSH2_MSG_NEWKEYS received > debug1: done: ssh_kex2. > debug1: send SSH2_MSG_SERVICE_REQUEST > debug1: service_accept: ssh-userauth > debug1: got SSH2_MSG_SERVICE_ACCEPT > debug1: authentications that can continue: publickey,password,keyboard-interactive > debug1: next auth method to try is publickey > debug1: try privkey: /home/Administrator/.ssh/identity > debug1: try pubkey: /home/Administrator/.ssh/id_rsa > debug1: input_userauth_pk_ok: pkalg ssh-rsa blen 149 lastkey 0x100c4548 hint 1 > debug1: PEM_read_PrivateKey failed > debug1: read PEM private key done: type > debug1: try privkey: /home/Administrator/.ssh/id_dsa > debug1: next auth method to try is keyboard-interactive > debug1: authentications that can continue: publickey,password,keyboard-interactive > debug1: next auth method to try is password > debug1: authentications that can continue: publickey,password,keyboard-interactive > Permission denied, please try again. > debug1: authentications that can continue: publickey,password,keyboard-interactive > Permission denied, please try again. > debug1: authentications that can continue: publickey,password,keyboard-interactive > debug1: no more auth methods to try > Permission denied (publickey,password,keyboard-interactive). > debug1: Calling cleanup 0x419440(0x0) > > > > ------------------------------------------------------------------------ > > -- > Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple > Bug reporting: http://cygwin.com/bugs.html > Documentation: http://cygwin.com/docs.html > FAQ: http://cygwin.com/faq/ -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Bug reporting: http://cygwin.com/bugs.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/