Ssh on Nicola Iarocci https://nicolaiarocci.com/tags/ssh/ Recent content in Ssh on Nicola Iarocci Hugo -- 0.143.1 en Produced / Written / Maintained by Nicola Iarocci since 2010 Wed, 17 Mar 2021 07:05:25 +0100 Battling with SSH, cron jobs, and macOS Keyring https://nicolaiarocci.com/battling-with-ssh-cron-jobs-and-macos-keyring/ Wed, 17 Mar 2021 07:05:25 +0100 https://nicolaiarocci.com/battling-with-ssh-cron-jobs-and-macos-keyring/ <p>So today, I was setting up a cronjob on my trusty MacBook Pro. The goal was to backup some folders from a remote Linux server via rsync. The script is simple. It goes something like this:</p> <pre><code>rsync -avz -e &quot;ssh -i ~/.ssh/my_rsa_keyfile&quot; myuser@myserver:remotedir/ ~/localdir/ </code></pre> <p>Launched by hand, it works seamlessly. Call it from a cron job via crontab, and I get a permission denied error. I then enabled ssh <code>-v</code> option to gather a little intel on what was actually going on. As it turns out, the exact error was:</p> So today, I was setting up a cronjob on my trusty MacBook Pro. The goal was to backup some folders from a remote Linux server via rsync. The script is simple. It goes something like this:

rsync -avz -e "ssh -i ~/.ssh/my_rsa_keyfile" myuser@myserver:remotedir/ ~/localdir/

Launched by hand, it works seamlessly. Call it from a cron job via crontab, and I get a permission denied error. I then enabled ssh -v option to gather a little intel on what was actually going on. As it turns out, the exact error was:

`read_passphrase: can't open /dev/tty: Device not configured`

Quite puzzling. Long story short, the error message was misleading. It took me an embarrassingly long time to figure out what the real problem was. The identity file I was using has a passphrase, which is saved in macOS Keyring. When the ssh -i command is launched via cron, no Keyring is used. Not unless you explicitly instruct ssh to do. See, my ~/.ssh/config file was something like this:

Host *
    ServerAliveInterval 360
    AddKeysToAgent yes

[...]

Host myserver
    HostName 123.123.123.123
    User myuser

See, in myserver section there was no Usekeychain option. Launching the script interactively worked because of AddkeysToAgent in the general section. It enables the ssh-agent for the current terminal session, for all hosts. But cron jobs, well, they don’t run in the same session, and certainly don’t run the agent. I could eval the agent in the script, of course, but the simplest solution was to update myserver section:

Host myserver
    HostName 123.123.123.123
    Usekeychain yes
    User myuser

Now ssh knows it should use the keychain when resolving myserver RSA key, even when no agent is running. I am not sure why I did not have Usekeychain there; I do have it enabled for other hosts in the same file. As said, I wasted way too much time on this issue. At least, I hope my experience will be useful to someone else, or, more likely, to my future self in a few months or years.

]]> Primi passi con SSH https://nicolaiarocci.com/primi-passi-con-ssh/ Wed, 23 May 2012 00:00:00 +0000 https://nicolaiarocci.com/primi-passi-con-ssh/ <p>Se siete ai primi passi nello sviluppo di applicazioni web vi consiglio la lettura di <!-- raw HTML omitted -->SSH: What and How<!-- raw HTML omitted -->. Senza troppi fronzoli l’articolo spiega le basi di SSH mettendo bene in luce le possibilità offerte da questo importante strumento di lavoro.</p> <blockquote> <p>Ogni giorno molti sviluppatori web usano SSH (“Secure Shell”) per gestire i loro server, fare backup, lavorare in remoto e una miriade di altre cosette. Oggi vi spiego cos’è e da dove viene SSH e, soprattutto, vi insegno come configurarlo sul vostro server remoto o sulla vostra rete locale. Cominciamo!</p> Se siete ai primi passi nello sviluppo di applicazioni web vi consiglio la lettura di SSH: What and How. Senza troppi fronzoli l’articolo spiega le basi di SSH mettendo bene in luce le possibilità offerte da questo importante strumento di lavoro.

Ogni giorno molti sviluppatori web usano SSH (“Secure Shell”) per gestire i loro server, fare backup, lavorare in remoto e una miriade di altre cosette. Oggi vi spiego cos’è e da dove viene SSH e, soprattutto, vi insegno come configurarlo sul vostro server remoto o sulla vostra rete locale. Cominciamo!

]]>