There is a script for backing up some directories with documents on the server. Inside the script is a call to rsync. The utility connects with the server via ssh. There was a strange situation:

If I run the script from the command line, then it normally logs into the server and performs a backup.

If I run it in time using cron, it is issued:

Permission denied, please try again. Permission denied, please try again. Permission denied (publickey,password).

And the server closes the connection. It is clear that there is some problem in the environment of the process being launched. However - what exactly is the matter ?! Variables

 LOGNAME=... PASSWORD=...

twisted on everyone.

  • 2
    The difference in user and environment variables. You can verify this by inserting the line env &> log.txt - sergw in the script
  • 2
    Provide an example of running the script in the crown and in the terminal and from what user the launch occurs in the console and from which user the crontab was installed - Andrew Paramoshkin
  • The difference in user and environment variables. I myself understood that. from which user the crontab was installed - the fact of the matter is that the user is the same everywhere! I printed (via echo) the value of the LOGNAME - always one! - Sergey

1 answer 1

Permission denied (publickey, password)

probably, authentication should be performed on a pair of a secret-public key.

for this, either the rsync program must explicitly specify the secret key, or it will use the fact that it is located in the ~/.ssh the user on whose behalf it is running.

most likely, the cron job is performed on behalf of the root user (and in the terminal emulator, on behalf of the “ordinary” user). therefore, rsync and “does not find” a suitable secret key.

solutions (in order of "decreasing rationality" from my point of view):

  • Write the task itself to the crontab file of the desired user by running the following command on behalf of this user (and not root ):

     $ crontab -e

  • run the rsync program on behalf of the user using the sudo program:

     sudo -u пользователь rsync ...

  • specify the rsync program (more precisely, the ssh program it calls ) the file with the secret key (for example, /home/пользователь/.ssh/id_rsa ), adding the option -e команда :

     rsync -e 'ssh -i /home/пользователь/.ssh/id_rsa' ...

  • Copy the secret key from the directory of an "ordinary" user to the directory of the root user (creating a directory if necessary and setting up the "correct" rights for it and its content):

     $ sudo mkdir -p /root/.ssh $ sudo cp /home/пользователь/.ssh/id_rsa /root/.ssh $ sudo chown -R root:root /root/.ssh $ sudo chmod -R go= /root/.ssh

if, as written in the comments, cron performs a task from the same user as when starting up in the terminal emulator, then you should compare the output of the env command, executed in the terminal emulator and the cron program. some key (for the script being executed) variables are present in one place and absent (or have a different meaning) - in another. it is more convenient to compare the diff -ruaN файл1 файл2 , having previously sorted both files by the sort program.

First of all, you should pay attention to the presence and value of the HOME variable. for by default, the secret key is searched for in the $HOME/.ssh .

  • probably, authentication should be performed on a pair of a secret-public key. - Absolutely! Those. if I log in via ssh to the server, then I specify only the login. The password is already there. - Sergey
  • $ crontab -e This is exactly what I did. - Sergey
  • indicate to the rsync program (more precisely, the ssh program it calls) the secret key file - Hurray !!!! It helped !!! - Sergey
  • it is more convenient to compare the diff command - well, there was nothing special to compare here! In the env, which in the script launched from the console - 78 lines, and in the crown - 17 ... But what amazes me is the LOGNAME match! But the USER variable is present only during manual startup. - Sergey
  • the presence and value of the $ HOME variable are more important - you are probably right! - Sergey