为什么SSH从命令行执行时从crontab中,但succedes不成? [英] Why ssh fails from crontab but succedes when executed from a command line?
问题描述
我有一个bash脚本,做的ssh到远程计算机并执行命令存在,如:
I have a bash script that does ssh to a remote machine and executes a command there, like:
ssh -nxv user@remotehost echo "hello world"
当我从它工作正常的命令行中执行命令,但被作为crontab中的一部分执行时失败(错误code = 255 - 无法建立SSH连接)。联系方式:
When I execute the command from a command line it works fine, but it fails when is being executed as a part of crontab (errorcode=255 - cannot establish SSH connection). Details:
...
Waiting for server public key.
Received server public key and host key.
Host 'remotehost' is known and matches the XXX host key.
...
Remote: Your host key cannot be verified: unknown or invalid host key.
Server refused our host key.
Trying XXX authentication with key '...'
Server refused our key.
...
在本地执行,我作为一个根,工程的crontab作为root为好。
从crontab中和命令行执行'身份证'给出完全相同的结果:
When executing locally I'm acting as a root, crontab works as root as well. Executing 'id' from crontab and command line gives exactly the same result:
$ id
> uid=0(root) gid=0(root) groups=0(root),...
我做的ssh一些本地机器的机器运行的crond。我有SSH密钥和证书ssh到crond的机器和任何其他机器,该脚本连接到。
I do ssh from some local machine to the machine running crond. I have ssh key and credentials to ssh to crond machine and any other machine that the scripts connects to.
PS。请不要问/抱怨/评论说,执行任何以root身份是坏/错误的/ etc - 它不是这个问题的目的
PS. Please do not ask/complain/comment that executing anything as root is bad/wrong/etc - it is not the purpose of this question.
推荐答案
我猜测,通常当你从本地机器的ssh到本机运行crond的,你的私钥是ssh-agent的加载,并转发了连接。所以,当你在命令行中执行命令,它找到的ssh-agent你的私钥,并使用它来登录到远程机器。
I am guessing that normally when you ssh from your local machine to the machine running crond, your private key is loaded in ssh-agent and forwarded over the connection. So when you execute the command from the command line, it finds your private key in ssh-agent and uses it to log in to the remote machine.
在crond的执行命令,它没有进入的ssh-agent,所以不能用你的私钥。
When crond executes the command, it does not have access to ssh-agent, so cannot use your private key.
您必须创建在机器运行的crond根新的私钥,它的公共部分复制到相应的的authorized_keys 远程计算机上的文件你想crond的登录。
You will have to create a new private key for root on the machine running crond, and copy the public part of it to the appropriate authorized_keys file on the remote machine that you want crond to log in to.
这篇关于为什么SSH从命令行执行时从crontab中,但succedes不成?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
