sftp authentication failure only as cronjob

Lars Schade lars.schade at berlin.de
Sat Nov 3 04:55:47 EST 2012 

Hi Ben,

thanks for the hint. The machine is a standard centos 6.3 install so it
should be using a standard UNIX password database (/etc/passwd) as far
as I know. How can I check to be sure?

Regards
Lars


Am Donnerstag, den 01.11.2012, 17:41 -0500 schrieb Ben Lindstrom:
> Are you using krb5 as an internal authentication? If so your cron will need a krb5
> keytab to be given true permission to access and manipulate files.
> 
> - Ben
> 
> On Nov 1, 2012, at 5:12 PM, Lars Schade <lars.schade at berlin.de> wrote:
> 
> > Hi Damien,
> > 
> > thanks for the quick reply. I just ran the same test with SELinux in
> > permissive mode - same result. And SELinux is enabled on the fedora 13
> > machine where the script runs from the crontab.
> > 
> > Any other ideas, anything else I should check?
> > 
> > Regards, Lars
> > 
> > Am Freitag, den 02.11.2012, 07:48 +1100 schrieb Damien Miller:
> >> On Thu, 1 Nov 2012, Lars Schade wrote:
> >> 
> >>> Hi all,
> >>> 
> >>> I have a problem using sftp which I cannot get solved even after
> >>> searching all over the web, so maybe one of you has a useful hint:
> >>> 
> >>> I want to run a simple script that puts a file on a server using sftp.
> >>> Keys are setup correctly, everything works fine if I run the script from
> >>> within a terminal. When I run the same script from the crontab (my
> >>> personal crontab as user) the script runs fine on one installation
> >>> (running OpenSSH_5.4 on an older fedora 13 machine) but fails on another
> >>> machine (running OpenSSH_5.3 on a recent centos 6.3).
> >>> 
> >>> I assume that the failure is not caused by the older version of OpenSSH
> >>> but rather due to some difference in setup but simply cannot get to the
> >>> root of the problem. The ssh_config files are identical on both
> >>> machines.
> >>> 
> >>> The debug trace (using -v) when run interactively on the centos system
> >>> is a follows:
> >> 
> >> ...
> >> 
> >>> debug1: Offering public key: /home/lars/.ssh/id_rsa
> >>> debug1: Server accepts key: pkalg ssh-rsa blen 277
> >>> debug1: PEM_read_PrivateKey failed
> >> 
> >> The only thing that appears different is that the private key is failing
> >> to load. You aren't using ssh-agent are you? (it doesn't look like you are)
> >> 
> >> Is SELinux enabled? It might be preventing jobs launched by cron from
> >> accessing your private keys. You could test this by trying to run something
> >> like "md5sum /home/lars/.ssh/id_rsa" from cron and seeing if it succeeds
> >> (or by finding errors in the logs)
> >> 
> >> -d
> > 
> > 
> > _______________________________________________
> > openssh-unix-dev mailing list
> > openssh-unix-dev at mindrot.org
> > https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>

More information about the openssh-unix-dev mailing list