rsync/ssh run by cron

[KernelOops]

I've setup an rsync command to run as cron. The command runs fine under the shell, but rsync can't connect to the remote server when run under cron.

The command is

Code: Select all

rsync -e "ssh -p 22 -l user" --password-file /home/user/.rsyncpass.conf --delete --safe-links -qtarxlz /mnt/photos/ photos@nas.server.local::photos

The above command simply rsync's the /mnt/photos/ directory to the remote rsyncd running on the NAS under the 'photos' tag. The issue must be the '-e' parameter, which uses SSH as a transfer method.

When run by cron, it produces the following error:

Code: Select all

Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,password).
rsync: connection unexpectedly closed (0 bytes received so far) [sender]
rsync error: error in rsync protocol data stream (code 12) at io.c(600) [sender=3.0.6]

Any suggestions please?

Thank you.

[TrevorH]

When run under cron, things have a very limited environment variable set. For example, PATH contains only about 2 or 3 directories and HOME is completly unset. It's this latter which I think is causing your current issue since ssh looks in $HOME/.ssh for the keys so it's trying to use /.ssh/. Set $HOME to point to the correct location for your user.

[KernelOops]

Thank you for your quick reply. I've set 'HOME=/home/user' and I'll see how that goes. Not all implementations of cron support variables, but hopefully the one that comes with centos6 does.

If that doesn't work, then maybe the problem is with the authentication agent (I use 'ssh-add' to add password protected keys to the memory resident agent).

[TrevorH]

You'll also need to pass or source the SSH_AGENT_PID= and SSH_AUTH_SOCK= variables.

[Whoever]

You appear to be attempting to pass a password file with "--password-file /home/user/.rsyncpass.conf", however, this does not work for ssh logins under rsync. From "man rsync":

Code: Select all

              This option does not supply a password to a remote shell transport such as ssh; to  learn
              how  to do that, consult the remote shell’s documentation.  When accessing an rsync daemon
              using a remote shell as the transport, this option only comes into effect after the remote
              shell  finishes its authentication (i.e. if you have also specified a password in the dae‐
              mon’s config file).

Probably, when run in the shell, the system has got access to an unlocked private key (the private key was added with "ssh-add") and the login is accomplished using the public/private key pair. When run under cron, it does not have access to the unlocked private key, hence the authorization failure.

[KernelOops]

Indeed, nicely said. The cron job runs with an unlocked key.

One solution is to use password-less keys. Otherwise I need to setup the environments for ssh-agent to be accessible from the cron job, as mentioned above.