sftp authentication failure only as cronjob

Lars Schade lars.schade at berlin.de
Fri Nov 2 09:12:09 EST 2012


Hi Damien,

thanks for the quick reply. I just ran the same test with SELinux in
permissive mode - same result. And SELinux is enabled on the fedora 13
machine where the script runs from the crontab.

Any other ideas, anything else I should check?

Regards, Lars

Am Freitag, den 02.11.2012, 07:48 +1100 schrieb Damien Miller:
> On Thu, 1 Nov 2012, Lars Schade wrote:
> 
> > Hi all,
> > 
> > I have a problem using sftp which I cannot get solved even after
> > searching all over the web, so maybe one of you has a useful hint:
> > 
> > I want to run a simple script that puts a file on a server using sftp.
> > Keys are setup correctly, everything works fine if I run the script from
> > within a terminal. When I run the same script from the crontab (my
> > personal crontab as user) the script runs fine on one installation
> > (running OpenSSH_5.4 on an older fedora 13 machine) but fails on another
> > machine (running OpenSSH_5.3 on a recent centos 6.3).
> > 
> > I assume that the failure is not caused by the older version of OpenSSH
> > but rather due to some difference in setup but simply cannot get to the
> > root of the problem. The ssh_config files are identical on both
> > machines.
> > 
> > The debug trace (using -v) when run interactively on the centos system
> > is a follows:
> 
> ...
> 
> > debug1: Offering public key: /home/lars/.ssh/id_rsa
> > debug1: Server accepts key: pkalg ssh-rsa blen 277
> > debug1: PEM_read_PrivateKey failed
> 
> The only thing that appears different is that the private key is failing
> to load. You aren't using ssh-agent are you? (it doesn't look like you are)
> 
> Is SELinux enabled? It might be preventing jobs launched by cron from
> accessing your private keys. You could test this by trying to run something
> like "md5sum /home/lars/.ssh/id_rsa" from cron and seeing if it succeeds
> (or by finding errors in the logs)
> 
> -d




More information about the openssh-unix-dev mailing list