non-interactive ssh connections (was Re: RSYNC ISSUE)

tim.conway at philips.com tim.conway at philips.com
Wed Jul 24 15:42:02 EST 2002 

First, an item to fix:  the substitution of "-P" for "-p".  All good 
operating systems are case-sensitive, and many utilities, ssh included, 
are case sensitive about their options.  "-P" is passed along with the 
"-p" to signal that the next parameter is the passphrase, to enable 
passphrase setting directly in the commandline.  If that's wrong, you're 
not touching the key at all.

Secondly:  Are you sure you're actually using the key?  If the public key 
isn't in the authorized_keys file on the destination system, or if, for 
whatever other reason, the remote system won't use you key, you've got to 
solve that, first.  It's common for people setting up ssh to make the 
passphrase the same as their login password.  They test it, their password 
works, and they think they used the key, when in fact, they did password 
authentication.  If, in fact, after setting the passphrase empty, you are 
able to ssh destination without providing a password, then we have 
something wierd going on.

Tim Conway
tim.conway at philips.com
303.682.4917 office, 3039210301 cell
Philips Semiconductor - Longmont TC
1880 Industrial Circle, Suite D
Longmont, CO 80501
Available via SameTime Connect within Philips, n9hmg on AIM
perl -e 'print pack(nnnnnnnnnnnn, 
19061,29556,8289,28271,29800,25970,8304,25970,27680,26721,25451,25970), 
".\n" '
"There are some who call me.... Tim?"




"Kar, Gouri X. -ND" <Gouri.X.Kar.-ND at disney.com>
Sent by: rsync-admin at lists.samba.org
07/24/2002 11:52 AM

 
        To:     "Kar, Gouri X. -ND" <Gouri.X.Kar.-ND at disney.com>
mbp at samba.org
rsync at lists.samba.org
        cc:     (bcc: Tim Conway/LMT/SC/PHILIPS)
        Subject:        RE: non-interactive ssh connections (was Re: RSYNC ISSUE)
        Classification: 



Hi, I have tried to generate the key with ssh-keygen -P ( remove the
passphrase) and copied it to the target system. However, it doesn't work.
Any insite with the way I am distributing the KEYS

-----Original Message-----
From: Martin Pool [mailto:mbp at samba.org] 
Sent: Tuesday, July 23, 2002 6:53 PM
To: Kar, Gouri X. -ND
Cc: rsync at lists.samba.org; Johnson, Gary X. -ND; Minyard, Mark X. -ND
Subject: non-interactive ssh connections (was Re: RSYNC ISSUE)


(Gouri: a more descriptive subject line will help you get repsonses in
future, and please send your mail to rsync at lists.samba.org.  Read
<http://www.tuxedo.org/~esr/faqs/smart-questions.html>)

On 23 Jul 2002, "Kar, Gouri X. -ND" <Gouri.X.Kar.-ND at disney.com> wrote:
> Hi guys, I am trying to schdule a script which makes call to RSYNC
> over SSH. The same script works fine on the command prompt and 
> sucessfully transfer the file from source to destination system with 
> SSH.
> 
> However, executing the script from CRONJOB doesn't work. It comes up
> with following error message
> 
> From: daemon
> To: db2log
> 
> You have no controlling tty and no DISPLAY.  Cannot read passphrase.
> You have no controlling tty and no DISPLAY.  Cannot read passphrase.
> warning: Authentication failed.
> Disconnected; authentication cancelled by user (Authentication 
> cancelled by user.). unexpected EOF in read_timeout

The problem is that ssh, as it says, cannot read the passphrase to unlock
your ssh key. 

If you want to do ssh from a cron job, you must have a key with no
passphrase.  You can remove a passphrase from an existing key using
"ssh-keygen -p" (see the manual).  You should probably make sure that the
key is authorized only for the accounts necessary to make the backup.

-- 
Martin 

-- 
To unsubscribe or change options: 
http://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.tuxedo.org/~esr/faqs/smart-questions.html

More information about the rsync mailing list