sftp authentication failure only as cronjob

Ben Lindstrom mouring at offwriting.org
Fri Nov 2 09:41:43 EST 2012

Are you using krb5 as an internal authentication? If so your cron will need a krb5
keytab to be given true permission to access and manipulate files.

- Ben

On Nov 1, 2012, at 5:12 PM, Lars Schade <lars.schade at berlin.de> wrote:

> Hi Damien,
> thanks for the quick reply. I just ran the same test with SELinux in
> permissive mode - same result. And SELinux is enabled on the fedora 13
> machine where the script runs from the crontab.
> Any other ideas, anything else I should check?
> Regards, Lars
> Am Freitag, den 02.11.2012, 07:48 +1100 schrieb Damien Miller:
>> On Thu, 1 Nov 2012, Lars Schade wrote:
>>> Hi all,
>>> I have a problem using sftp which I cannot get solved even after
>>> searching all over the web, so maybe one of you has a useful hint:
>>> I want to run a simple script that puts a file on a server using sftp.
>>> Keys are setup correctly, everything works fine if I run the script from
>>> within a terminal. When I run the same script from the crontab (my
>>> personal crontab as user) the script runs fine on one installation
>>> (running OpenSSH_5.4 on an older fedora 13 machine) but fails on another
>>> machine (running OpenSSH_5.3 on a recent centos 6.3).
>>> I assume that the failure is not caused by the older version of OpenSSH
>>> but rather due to some difference in setup but simply cannot get to the
>>> root of the problem. The ssh_config files are identical on both
>>> machines.
>>> The debug trace (using -v) when run interactively on the centos system
>>> is a follows:
>> ...
>>> debug1: Offering public key: /home/lars/.ssh/id_rsa
>>> debug1: Server accepts key: pkalg ssh-rsa blen 277
>>> debug1: PEM_read_PrivateKey failed
>> The only thing that appears different is that the private key is failing
>> to load. You aren't using ssh-agent are you? (it doesn't look like you are)
>> Is SELinux enabled? It might be preventing jobs launched by cron from
>> accessing your private keys. You could test this by trying to run something
>> like "md5sum /home/lars/.ssh/id_rsa" from cron and seeing if it succeeds
>> (or by finding errors in the logs)
>> -d
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

More information about the openssh-unix-dev mailing list