Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Message-ID: <3DC97663.8070709@sleepygeek.com>
Date: Wed, 06 Nov 2002 12:06:59 -0800
From: Nathan Barham <nathan AT sleepygeek DOT com>
User-Agent: Mozilla/5.0 (Windows; U; WinNT4.0; en-US; rv:1.0.1) Gecko/20020823 Netscape/7.0
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: cygwin AT cygwin DOT com
Subject: Re: Can cron run ssh commands?
References: <BADF3C947A1BD54FBA75C70C241B0B9E76302D AT ex02 DOT idirect DOT net>
Content-Type: multipart/mixed;
 boundary="------------020607010205080406010008"

--------------020607010205080406010008
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

Thanks for the reply,

I don't have ssmtp set up yet, so I took your suggestion and tried redirecting
"env" and "ssh -v" output to a file.  Actually I did this both from the
Administrator's command line, and from the Administrator's crontab creating two
seperate files (attached) so I could compare.

  From the command line I ran these two commands:

/usr/bin/env > testcron.admin.txt
ssh -v baby ls 2>> testcron.admin.txt

  From Administrator's crontab I did this:

34 08 * * * /usr/bin/env > testcron.cron.txt
36 08 * * * ssh -v baby ls 2>> testcron.cron.txt

In comparing the output for the env command, I see that Administrator's
environment contains more environmet varibales, most notably those created by
ssh-agent, which is started by keychain in Administrator's ~/.bash_profile

SSH_AGENT_PID=517
SSH_AUTH_SOCK=/tmp/ssh-AhbAu553/agent.553

I also note that the $PATH variable for Administrator is prepended with Cygwin's
/usr/local/bin:/usr/bin:/usr/sbin: while it is *not* in the cron/system
environment. i.e.

For Administrator:
PATH=/usr/local/bin:/usr/bin:/usr/sbin:/c/WINNT/system32:/c/WINNT: etc...

For cron/system:
PATH=/c/WINNT/system32:/c/WINNT: etc ...

I'm assuming this is not the culprit however, since the ssh command *is* found
even though the full path to it is not provided in the crontab.  Is this because
the Administrator's $PATH is being used due to context switching?

In comparing the debug output from ssh -v, I see that when run from the command
line as Administrator, publickey auth succeeds, but fails when run from cron.  i.e.

# From command line:
#
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: next auth method to try is publickey
debug1: userauth_pubkey_agent: testing agent key /home/Administrator/.ssh/id_rsa
debug1: input_userauth_pk_ok: pkalg ssh-rsa blen 149 lastkey 0x100cdae0 hint -1
debug1: ssh-userauth2 successful: method publickey
debug1: fd 6 setting O_NONBLOCK
debug1: channel 0: new [client-session]
debug1: send channel open 0
debug1: Entering interactive session.

# From cron:
#
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: next auth method to try is publickey
debug1: try privkey: /home/Administrator/.ssh/identity
debug1: try pubkey: /home/Administrator/.ssh/id_rsa
debug1: input_userauth_pk_ok: pkalg ssh-rsa blen 149 lastkey 0x100c4548 hint 1
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>

It seems to me (in my newbie terminlogy) that either the cron/system environment
needs to become aware of and use the Administrator's public key via
Administrator's SSH_AGENT and SSH_AUTH_SOCK env variables, or that the SYSTEM
user needs to have it's own public key avalable for use.  I don't know how to
proceed along either of these paths.  Any help is much appreciated.



Harig, Mark A. wrote:
 > Of course, a simpler alternative to setting up
 > 'ssmtp' with cron would be to write your
 > cron job to redirect the output of 'ssh -v ...'
 > to a file.
 >
 >
 >>-----Original Message-----
 >>From: Harig, Mark A.
 >>Sent: Tuesday, November 05, 2002 3:40 PM
 >>To: nathan AT sleepygeek DOT com; cygwin AT cygwin DOT com
 >>Subject: RE: Can cron run ssh commands?
 >>
 >>
 >>
 >>Try adding '-v' to your ssh command in your cron job.
 >>This assumes that you have cron's integration with
 >>email working.  If you don't have the 'ssmtp' package
 >>installed (via setup.exe), then you'll want to do that
 >>so that any output is emailed to you.
 >>
 >>See: /usr/doc/Cygwin/
 >>                     cron.README
 >>                     ssmtp-<version>.README
 >>
 >>Of course, you should probably start with a simpler
 >>cron job, say, the output of '/usr/bin/env' so that
 >>you can see what cron thinks its environment is.
 >>
 >>
 >>
 >>>-----Original Message-----
 >>>From: Nathan Barham [mailto:nathan AT sleepygeek DOT com]
 >>>Sent: Tuesday, November 05, 2002 3:09 PM
 >>>To: cygwin AT cygwin DOT com
 >>>Subject: Can cron run ssh commands?
 >>>
 >>>
 >>>Hello all,
 >>>
 >>>I'm trying to use Cygwin to rsync between an NT 4 server and
 >>>a Win2K server,
 >>>using the "-e ssh" option to rsync.  It works beautifully at
 >>>the command line
 >>>like this:
 >>>
 >>>rsync -e ssh -trzv --delete /d/winapps/
 >>
 >>Administrator AT baby:/c/winapps
 >>
 >>>My problem is that this won't work from cron, nor will any of
 >>>the other Openssh
 >>>tools (scp, ssh etc).  I have Cygwin sshd running as
 >>>Administrator on the remote
 >>>W2K box, i.e.*without* privsep.  I have Cygwin cron running
 >>>as SYSTEM on the
 >>>local NT 4 box.  I've tested cron and it works except for ssh
 >>>stuff.  I also
 >>>have ssh-agent loaded on the local box (via keychain), and I
 >>>can ssh to the
 >>>remote box as Administrator without typing a passphrase.
 >>>
 >>>I'm pretty sure my problem is related to permissions of the
 >>>SYSTEM user and/or
 >>>the switching of user context, but I can't figure out what to
 >>>change.  I've read
 >>>the user guide and FAQ, googled, and searched the mail
 >>>archives, but if it's
 >>>there I'm missing it.  Has anyone out there managed to
 >>>automate ssh commands
 >>>from cron?  If so can you please enlighten me, or at least
 >>>kick me in the
 >>>direction of self-enlightment?
 >>>
 >>>cygcheck stuff for each machine is attached.
 >>>
 >>>Thanks tons for any help.
 >>>
 >>>Nathan Barham
 >>>
 >>
 >>--
 >>Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
 >>Bug reporting:         http://cygwin.com/bugs.html
 >>Documentation:         http://cygwin.com/docs.html
 >>FAQ:                   http://cygwin.com/faq/
 >>
 >>
 >
 >
 > --
 > Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
 > Bug reporting:         http://cygwin.com/bugs.html
 > Documentation:         http://cygwin.com/docs.html
 > FAQ:                   http://cygwin.com/faq/
 >



--------------020607010205080406010008
Content-Type: text/plain;
 name="testcron.admin.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="testcron.admin.txt"

COMPUTERNAME=MERLIN
COMSPEC=C:\WINNT\system32\cmd.exe
CYGWIN=binmode ntsec tty
HOME=/home/Administrator
HOMEDRIVE=D:
HOMEPATH=\cygwin\home\Administrator
LOGNAME=Administrator
LOGONSERVER=\\MERLIN
MAIL=/var/spool/mail/Administrator
MAKE_MODE=unix
MANPATH=:/usr/ssl/man
NTRESKIT=C:\NTRESKIT
NUMBER_OF_PROCESSORS=2
OLDPWD=/home/Administrator
OS2LIBPATH=C:\WINNT\system32\os2\dll;
OS=Windows_NT
PATH=/usr/local/bin:/usr/bin:/usr/sbin:/c/WINNT/system32:/c/WINNT:/c/NTRESKIT:/c/NTRESKIT/Perl:/c/Program Files/Common Files/Network Associates/VirusScan Engine/4.0.xx/:/d/WINAPPS/Network Associates/ePO/MSSQL7/BINN:/bin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 7 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0703
PS1=\[\033]0;\w\007
\033[32m\]\u@\h \[\033[33m\w\033[0m\]
$ 
PWD=/home/Administrator
SHELL=/bin/bash
SHLVL=1
SSH_AGENT_PID=517
SSH_AUTH_SOCK=/tmp/ssh-AhbAu553/agent.553
SSH_CLIENT=192.168.100.11 3901 22
SSH_TTY=/dev/tty0
SYSTEMDRIVE=C:
SYSTEMROOT=C:\WINNT
TERM=xterm
TZ=PST8PDT7,M4.1.0/2,M10.5.0/2
USER=Administrator
USERDOMAIN=BBH
USERNAME=Administrator
WINDIR=C:\WINNT
_=/usr/bin/env
 
OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090607f
debug1: Reading configuration data /etc/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to baby [192.168.90.10] port 22.
debug1: Connection established.
debug1: identity file /home/Administrator/.ssh/identity type -1
debug1: identity file /home/Administrator/.ssh/id_rsa type 1
debug1: identity file /home/Administrator/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.4p1
debug1: match: OpenSSH_3.4p1 pat OpenSSH*
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.4p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 132/256
debug1: bits set: 1623/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'baby' is known and matches the RSA host key.
debug1: Found key in /home/Administrator/.ssh/known_hosts:2
debug1: bits set: 1558/3191
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: next auth method to try is publickey
debug1: userauth_pubkey_agent: testing agent key /home/Administrator/.ssh/id_rsa
debug1: input_userauth_pk_ok: pkalg ssh-rsa blen 149 lastkey 0x100cdae0 hint -1
debug1: ssh-userauth2 successful: method publickey
debug1: fd 6 setting O_NONBLOCK
debug1: channel 0: new [client-session]
debug1: send channel open 0
debug1: Entering interactive session.
debug1: ssh_session2_setup: id 0
debug1: Sending command: ls
debug1: channel request 0: exec
debug1: channel 0: open confirm rwindow 0 rmax 32768
debug1: channel 0: rcvd eof
debug1: channel 0: output open -> drain
debug1: channel 0: obuf empty
debug1: channel 0: close_write
debug1: channel 0: output drain -> closed
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: rcvd close
debug1: channel 0: close_read
debug1: channel 0: input open -> closed
debug1: channel 0: almost dead
debug1: channel 0: gc: notify user
debug1: channel 0: gc: user detached
debug1: channel 0: send close
debug1: channel 0: is dead
debug1: channel 0: garbage collecting
debug1: channel_free: channel 0: client-session, nchannels 1
debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 1.4 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug1: Exit status 0


--------------020607010205080406010008
Content-Type: text/plain;
 name="testcron.cron.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="testcron.cron.txt"

COMPUTERNAME=MERLIN
COMSPEC=C:\WINNT\system32\cmd.exe
CYGWIN=binmode tty ntsec
HOME=/home/Administrator
HOMEDRIVE=D:
HOMEPATH=\cygwin\home\Administrator
LOGNAME=Administrator
LOGONSERVER=\\MERLIN
NTRESKIT=C:\NTRESKIT
NUMBER_OF_PROCESSORS=2
OS2LIBPATH=C:\WINNT\system32\os2\dll;
OS=Windows_NT
PATH=/c/WINNT/system32:/c/WINNT:/c/NTRESKIT:/c/NTRESKIT/Perl:/c/Program Files/Common Files/Network Associates/VirusScan Engine/4.0.xx/:/d/WINAPPS/Network Associates/ePO/MSSQL7/BINN:/bin
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 7 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0703
SHELL=/bin/sh
SYSTEMDRIVE=C:
SYSTEMROOT=C:\WINNT
TERM=cygwin
TZ=PST8PDT7,M4.1.0/2,M10.5.0/2
USERDOMAIN=BBH
USERNAME=Administrator
WINDIR=C:\WINNT

OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090607f
debug1: Reading configuration data /etc/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to baby [192.168.90.10] port 22.
debug1: Connection established.
debug1: identity file /home/Administrator/.ssh/identity type -1
debug1: identity file /home/Administrator/.ssh/id_rsa type 1
debug1: identity file /home/Administrator/.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_3.4p1
debug1: match: OpenSSH_3.4p1 pat OpenSSH*
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.4p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: dh_gen_key: priv key bits set: 123/256
debug1: bits set: 1595/3191
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'baby' is known and matches the RSA host key.
debug1: Found key in /home/Administrator/.ssh/known_hosts:2
debug1: bits set: 1620/3191
debug1: ssh_rsa_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: next auth method to try is publickey
debug1: try privkey: /home/Administrator/.ssh/identity
debug1: try pubkey: /home/Administrator/.ssh/id_rsa
debug1: input_userauth_pk_ok: pkalg ssh-rsa blen 149 lastkey 0x100c4548 hint 1
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
debug1: try privkey: /home/Administrator/.ssh/id_dsa
debug1: next auth method to try is keyboard-interactive
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: next auth method to try is password
debug1: authentications that can continue: publickey,password,keyboard-interactive
Permission denied, please try again.
debug1: authentications that can continue: publickey,password,keyboard-interactive
Permission denied, please try again.
debug1: authentications that can continue: publickey,password,keyboard-interactive
debug1: no more auth methods to try
Permission denied (publickey,password,keyboard-interactive).
debug1: Calling cleanup 0x419440(0x0)




--------------020607010205080406010008
Content-Type: text/plain; charset=us-ascii

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/
--------------020607010205080406010008--