l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
October 20: Web Application Hacking: How to Make and Break Security on the Web
Next Installfest:
TBD
Latest News:
Oct. 10: LUGOD Installfests coming again soon
Page last updated:
2011 Mar 16 11:25

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] crontab and scp puzzle
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] crontab and scp puzzle



On Wed, Mar 16, 2011 at 09:43:26AM -0700, Bruce Wolk wrote:
> I need to copy a file from my server to a workstation on a regular 
> basis.  I have set up passwordless ssh access to the server from my 
> workstation.  When I execute the following on the workstation, the 
> command succeeds and the file is copied:
> 
> scp -P 33303 bruce@myserver.com:backup/db.sql.gz 
> /home/bruce/backup/db.sql.gz
> 
> But when I put the same command into a cron file on the workstation, the 
> command fails.  The relevant output from the scp command is:
> 
> debug1: Found key in /home/bruce/.ssh/known_hosts:5
> debug1: ssh_rsa_verify: signature correct
> debug1: SSH2_MSG_NEWKEYS sent
> debug1: expecting SSH2_MSG_NEWKEYS
> debug1: SSH2_MSG_NEWKEYS received
> debug1: Roaming not allowed by server
> debug1: SSH2_MSG_SERVICE_REQUEST sent
> debug1: SSH2_MSG_SERVICE_ACCEPT received
> debug1: Authentications that can continue: publickey
> debug1: Next authentication method: publickey
> debug1: Offering public key: /home/bruce/.ssh/id_rsa.pub
> debug1: Server accepts key: pkalg ssh-rsa blen 279
> debug1: PEM_read_PrivateKey failed
> debug1: read PEM private key done: type <unknown>
> debug1: read_passphrase: can't open /dev/tty: No such device or address
> debug1: No more authentication methods to try.
> Permission denied (publickey).

Do you use a passphrase on your private key? If you do, you will need to create
a private/public key pair that does not have a passphrase.  

ssh-keygen -t rsa -f fookeyfile

It will create a separate private key. It seems that you probably use a private key
that is unlocked with gnome-ssh-agent when you are using your desktop. That is why
it works when you do it interactively. 

Some will note that the having this private key would allow an attacker to get access to
your your destination system if she compromised your server from which you are sending
files. I believe in the authorized_keys file, you can put in that only a certain command
is allowed to be executed. 

brian
-- 
Brian Lavender
http://www.brie.com/brian/

"There are two ways of constructing a software design. One way is to
make it so simple that there are obviously no deficiencies. And the other
way is to make it so complicated that there are no obvious deficiencies."

Professor C. A. R. Hoare
The 1980 Turing award lecture
_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
O'Reilly and Associates
For numerous book donations.