LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 12-20-2006, 11:06 PM   #1
OzTEXS
LQ Newbie
 
Registered: Dec 2006
Distribution: Redhat ES 4.0
Posts: 21

Rep: Reputation: 15
sftp script via cronjob ??


Hi All,

Iam having issues with my sftp script running as a cronjob. I have a script ftp.sh that when I run manually, it sends a file to a remote host via sftp.

However when i try and schedule this to run as a cron job I get a authentication error, eventhough I have added the private key to the entire session, ie I can open a new terminal and run my ftp script and it will authenticate without issues. Here is my script and cron job.

ftp.sh

cd/home/saturn
sftp user@host
mput *
bye

cronjob

00 10 * * * /home/saturn/bin/saturn.sh


any idea's ???
 
Old 12-21-2006, 12:16 AM   #2
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
You should put the commands in a separate file and call sftp like this:

Code:
sftp -b batchfile user@host
 
Old 12-21-2006, 12:40 AM   #3
Micro420
Senior Member
 
Registered: Aug 2003
Location: Berkeley, CA
Distribution: Mac OS X Leopard 10.6.2, Windows 2003 Server/Vista/7/XP/2000/NT/98, Ubuntux64, CentOS4.8/5.4
Posts: 2,986

Rep: Reputation: 45
RENAME YOUR CRON JOB. saturn.sh is not a valid cron name. just call it 'saturn'. '.' are not allowed. I had this same problem and finally a fellow Linuxquestions.org users alerted me to this minor annoyance. It was driving me crazy because I knew my script was 100% correct!

Might also want to have the full path in your script, which may or may not make a difference.
Code:
#!/bin/bash
/usr/bin/sftp user@host
mput /home/saturn/*
bye

Last edited by Micro420; 12-21-2006 at 12:42 AM.
 
Old 12-21-2006, 12:47 AM   #4
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Quote:
Originally Posted by Micro420
RENAME YOUR CRON JOB. saturn.sh is not a valid cron name. just call it 'saturn'. '.' are not allowed. I had this same problem and finally a fellow Linuxquestions.org users alerted me to this minor annoyance. It was driving me crazy because I knew my script was 100% correct!
Huh?!?! On what OS is this? I've always been able to execute .pl and .sh scripts from cron, yes named script.pl, script.sh, etc. Solaris, BSD, SLES, etc...
 
Old 12-21-2006, 01:20 AM   #5
OzTEXS
LQ Newbie
 
Registered: Dec 2006
Distribution: Redhat ES 4.0
Posts: 21

Original Poster
Rep: Reputation: 15
yeah .. I am using Redhat ES 3.0
 
Old 12-21-2006, 01:22 AM   #6
OzTEXS
LQ Newbie
 
Registered: Dec 2006
Distribution: Redhat ES 4.0
Posts: 21

Original Poster
Rep: Reputation: 15
chort .. i think u may have cracked the case .. i will try this tomorrow.

cheers !!
 
Old 12-21-2006, 02:42 AM   #7
Micro420
Senior Member
 
Registered: Aug 2003
Location: Berkeley, CA
Distribution: Mac OS X Leopard 10.6.2, Windows 2003 Server/Vista/7/XP/2000/NT/98, Ubuntux64, CentOS4.8/5.4
Posts: 2,986

Rep: Reputation: 45
Quote:
Originally Posted by chort
Huh?!?! On what OS is this? I've always been able to execute .pl and .sh scripts from cron, yes named script.pl, script.sh, etc. Solaris, BSD, SLES, etc...
Ubuntu 6.10. Check out my thread on it. You'd be surprised as others did not know this either.

http://www.linuxquestions.org/questi...d.php?t=502661

Quote:
Originally Posted by cron_manual_page
...Such files should be named after the package that supplies them. Files must conform to the same naming convention as used by run-parts(8): they must consist solely of upper- and lower-case letters, digits, underscores, and hyphens.
extensions seem to work fine in BSD or Solaris, but I'm just saying that this could be one reason why his cron script might not work in his Linux distro. It seems to affect certain Linux distro, such as Debian/Ubuntu. Not sure about RedHat

Last edited by Micro420; 12-21-2006 at 02:50 AM.
 
Old 12-21-2006, 02:54 AM   #8
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Quote:
HUH? WHAT? HUH? DUURRRR?!!?! Ubuntu 6.10.
In case you forgot, your listed distributions (plural) are: CentOS4, Ubuntu...

Secondly, this statement:
Quote:
RENAME YOUR CRON JOB. saturn.sh is not a valid cron name. just call it 'saturn'. '.' are not allowed.
Is not correct. The limitation you ran into is apparently some arbitrary restriction imposed by Ubuntu, and as such would not apply to the OP since they appear to be running RHEL.

You might want to tone down your rude caps a little bit, especially when you're wrong.
 
Old 12-21-2006, 03:41 AM   #9
Micro420
Senior Member
 
Registered: Aug 2003
Location: Berkeley, CA
Distribution: Mac OS X Leopard 10.6.2, Windows 2003 Server/Vista/7/XP/2000/NT/98, Ubuntux64, CentOS4.8/5.4
Posts: 2,986

Rep: Reputation: 45
I've only experienced the cron file name extension problem on my Ubuntu system. Not sure if the cron extension problem would be applicable to CentOS, RedHat, or to any other Linux distros as I mentioned earlier.

As far as I am concerned about the cron filename extension, I am not wrong about it as that was the problem that was pertaining to me when using Ubuntu. Again, I'm just merely putting it out there for the original poster as a possible problem to look at. I don't claim it to be the solution. What you seem to be suggesting is to ONLY post if you have THE SOLUTION. Unfortunately we're just not as highly knowledgeable as you so we resort to offering ideas and suggestions to solving problems.

As for my rude caps, I had originally put that there because your initial reaction of "HUH?!?!?!?!?!?!?!!?!?!?!?" struck me as "NO WAY! YOU DON'T KNOW WHAT YOU'RE TALKING ABOUT!!!!!!! I AM THE OS MASTER!" I then edited it out feeling that it wasn't appropriate, but you seem to have caught it before I edited it. So lets just be mature about this and focus back on the original poster's problem. Hopefully he will get his SFTP cron job working.
 
Old 12-21-2006, 01:10 PM   #10
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Quote:
Originally Posted by Micro420
I've only experienced the cron file name extension problem on my Ubuntu system. Not sure if the cron extension problem would be applicable to CentOS, RedHat, or to any other Linux distros as I mentioned earlier.
You didn't mention that in your original post, you just made an absolute statement... in ALLCAPS, none the less.

Quote:
As far as I am concerned about the cron filename extension, I am not wrong about it as that was the problem that was pertaining to me when using Ubuntu. Again, I'm just merely putting it out there for the original poster as a possible problem to look at. I don't claim it to be the solution.
Yes, you did claim to have the answer. You did not make any qualifying statements or disclaimers around your advice. It was wrong because it only applied to the one environment you had tried, which is the exception, not the rule. Your system also happend to not be the same as what the OP was using, which you should have pointed out.

Quote:
What you seem to be suggesting is to ONLY post if you have THE SOLUTION. Unfortunately we're just not as highly knowledgeable as you so we resort to offering ideas and suggestions to solving problems.
Then make sure you appropriately qualify it as a suggestion, not an absolute answer.

Quote:
As for my rude caps, I had originally put that there because your initial reaction of "HUH?!?!?!?!?!?!?!!?!?!?!?" struck me as "NO WAY! YOU DON'T KNOW WHAT YOU'RE TALKING ABOUT!!!!!!!
Which is true: You didn't know what you were talking about.

You could have avoided the whole situation by a) not posting your original answer in ALLCAPS and b) pointing out that the situation you ran into was on Ubuntu and might not apply to the OP since they were running a different OS.
 
Old 12-21-2006, 03:49 PM   #11
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,791
Blog Entries: 54

Rep: Reputation: 2980Reputation: 2980Reputation: 2980Reputation: 2980Reputation: 2980Reputation: 2980Reputation: 2980Reputation: 2980Reputation: 2980Reputation: 2980Reputation: 2980
Easy, easy, let's try to cut back on the digressions and focus on the OP's probs, OK?
(actually that was *not* a question ;-p)
 
Old 12-21-2006, 07:03 PM   #12
OzTEXS
LQ Newbie
 
Registered: Dec 2006
Distribution: Redhat ES 4.0
Posts: 21

Original Poster
Rep: Reputation: 15
Question

chort .. i tried the sftp -b option and i got the following output from my log

connecting to $host
permission denied, please try again
received disconnect from $host
11: Authentication timeout, couldn't read packet
connection reset by peer.


here what i added to the ftp.sh script

sftp -b /home/saturn/bin/send.sh user@host


contents of send.sh

mput *
ls
bye


am i missing something else ??
 
Old 12-21-2006, 08:09 PM   #13
OzTEXS
LQ Newbie
 
Registered: Dec 2006
Distribution: Redhat ES 4.0
Posts: 21

Original Poster
Rep: Reputation: 15
maybe since the private key is encrypted into the Gnome session .. the crontab cannot pickup on this ?????
 
Old 12-21-2006, 09:40 PM   #14
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Yes, how are you accessing the private key? Generally when you do "unattended" (i.e. automatic/scripted) file transfers you generate a seperate SSH key and don't put a passphrase on it. Then you upload that public key to your target system and add it to the ~/.ssh/authorized_keys file of the target account. Note: Be very careful with the priate key that you generated, since anyone can use it without the passphrase. This is why it's essential to keep ~/.ssh chmod 700 and the same for any private keys (600).

PS if you do generate a new key to use for the batch transfer, make sure you specify it with -i:
Code:
sftp -o IdentityFile=/home/saturn/.ssh/id_rsa_batch -b /home/saturn/bin/send.sh user@host
Edit: -i -> -o IdentityFile=

Last edited by chort; 12-22-2006 at 01:34 AM.
 
Old 12-21-2006, 11:13 PM   #15
OzTEXS
LQ Newbie
 
Registered: Dec 2006
Distribution: Redhat ES 4.0
Posts: 21

Original Poster
Rep: Reputation: 15
initially .. i had the private key added using the ssh-add command .. but that only worked per terminal session.

then i addded the private key to the Gnome session and now all terminals can login with out the passphrase .. although my problem now is that it doesn't work via the crontab.

I am now going to try your suggestion above and see how i go.

ps: should i be looking at adding the private key as a system wide config ? ie ssh_config file.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SFTP in shell script jantman Linux - Software 3 11-27-2006 11:12 PM
cronjob php script MrSako Linux - General 1 08-27-2006 08:30 PM
cronjob not working but script works dtra Linux - Newbie 4 02-28-2005 06:05 PM
sftp over shell script naughtymutt Linux - General 1 08-20-2004 06:56 AM
sftp script error JeRrYmAn Linux - Networking 1 11-27-2003 08:21 PM


All times are GMT -5. The time now is 04:03 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration