Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Debian User (http://www.linux-archive.org/debian-user/)
-   -   Cron and ssh keys (http://www.linux-archive.org/debian-user/428390-cron-ssh-keys.html)

T o n g 09-17-2010 04:22 PM

Cron and ssh keys
 
Hi,

How do you handle situations that you need to do rsync etc ssh related
tasks in cron?

I know it need my passphrase before hand, but what if (somehow) the
machine is rebooted and I haven't get around keying the passphrase yet?

Is there any test mechanism before I let the ssh related tasks kick in?

I tried the following,

$ date; keychain --timeout 1 --nogui id_rsa; echo $?; date

but it never timeout as advertised:

--timeout minutes
Set a timeout in minutes on your keys. This is conveyed to
ssh-
agent which does the actual timing out of keys since keychain
doesn't run continuously.

Debian Squeeze.

Thanks

--
Tong (remove underscore(s) to reply)
http://xpt.sourceforge.net/techdocs/
http://xpt.sourceforge.net/tools/


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: i704k6$go8$3@dough.gmane.org">http://lists.debian.org/i704k6$go8$3@dough.gmane.org

Bob Proulx 09-20-2010 10:15 PM

Cron and ssh keys
 
T o n g wrote:
> How do you handle situations that you need to do rsync etc ssh related
> tasks in cron?

When running under cron you cannot use a passphrase on your ssh
private key. Since no passphrase can be used you have to ask if you
are working in an NFS environment or not. If under NFS then the only
safe user is the root user since root is converted to nobody due to
root_squash behavior. In which case all cron activity would need to
be under root's account. If not in an NFS environment then you can
safely use filesystem permissions to protect your key. Create a key
without a passphrase and use it for use in cron.

> I know it need my passphrase before hand, but what if (somehow) the
> machine is rebooted and I haven't get around keying the passphrase yet?

That is exactly why going that path can't work.

Bob

T o n g 09-21-2010 04:32 AM

Cron and ssh keys
 
On Mon, 20 Sep 2010 16:15:32 -0600, Bob Proulx wrote:

> If not in an NFS environment then you can safely use filesystem
> permissions to protect your key. Create a key without a passphrase and
> use it for use in cron.

Oh, that's how you handle it.

Thanks for sharing.

--
Tong (remove underscore(s) to reply)
http://xpt.sourceforge.net/techdocs/
http://xpt.sourceforge.net/tools/


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: i79cgq$tkt$2@dough.gmane.org">http://lists.debian.org/i79cgq$tkt$2@dough.gmane.org


All times are GMT. The time now is 07:19 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.