Re: Erring out when using cron, but working on the command line.

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: Erring out when using cron, but working on the command line.

duplicity-talk mailing list
Under Ubuntu, it's not ssh-agent running, but `gnome-keyring-daemon --start --components=ssh`  (And FYI, that's not an agent for gpg keys since --components=gpg is not chosen.  But, I'm using symmetric encryption.  My issue here is the ssh key.)

So while getting ssh keys into the shell cron starts is a standard issue (https://stackoverflow.com/a/18041092), the canned solution there (keychain, which is in the repos) does not appear to be working if I try to run it on boot.  It's causing my machine to freeze.  It does work if I run it in a terminal after boot and before cron runs.

So I'm trying out other things, but if anyone else has input, I'd appreciate it.

/D

Date: Wed, 13 May 2020 13:43:25 +0200
From: [hidden email]

> what stumps me is that it does not simply find and provide the other ssh-agent instance running under as same user. gpg-agent seems to do so since some time.

> anyway, actually not an duplicity issue. but if you think it worth documenting we might probably add some lines in the man page under 'a Note on Ssh Backends'
> http://duplicity.nongnu.org/vers8/duplicity.1.html#sect26

> feel free to provide some concise mini howto.. ede/duply.net

> On 13.05.2020 13:20, Diagon via Duplicity-talk wrote:

>> This I was able to figure out. It's a standard issue in cron. Somehow you have to get information on how to access encrypted ssh keys to the subshell. Typically that would be via making an ssh-agent accessible to the subshell. The following link describes three approaches:
>>
>> https://stackoverflow.com/a/18041092
>>
>> This is apparently basic enough, that I might suggest that it should be in a duplicity FAQ somewhere? Maybe it is and I didn't see it.
>>
>> /D
>>
>> From: Diagon
>> Date: Tue, 12 May 2020 20:32:17 -0700
>>
>> > I'm backing up to a remote location via cron. The following command works on the command line, but fails in crontab:
>> >
>> > */10 * * * * PASSPHRASE="mypassword" flock -n /tmp/backuplock /usr/bin/duplicity --log-file /home/me/duplicity.log --backend-retry-delay 60 --asynchronous-upload --name TEST --volsize 50 --full-if-older-than 6M --exclude '**.lock' /home/me/Desktop/TEST sftp://[hidden email]/Backup
>> >
>> > The error is:
>> >
>> > ERROR 23 BackendException
>> > . BackendException: ssh connection to [hidden email]:22 failed: Private key file is encrypted
>> >
>> > I'm confused because my understanding is that my crontab will run under my same uname.
>> >
>> > Is there something I need to do with ssh-agent or somesuch? Does anyone have any suggestions? I've never looked into this end of things.
>> >
>> > Thanks! /D

_______________________________________________
Duplicity-talk mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/duplicity-talk
Reply | Threaded
Open this post in threaded view
|

Re: Erring out when using cron, but working on the command line.

duplicity-talk mailing list
Ok, so here's the way I found to do it on Ubuntu 16.04, Gnome.

In .bashrc I added:
SSH_AUTH_SOCK=/run/user/1000/keyring/ssh

That will set the socket that gnome-keyring-daemon will use when it runs on boot.  Then, in cron run the command as:

*/10 * * * * SSH_AUTH_SOCK=/run/user/1000/keyring/ssh PASSPHRASE="mypassword" flock -n /tmp/bkuplk /usr/bin/duplicity --log-file /home/me/duplicity.log --backend-retry-delay 60 --asynchronous-upload --name TEST --volsize 50 --full-if-older-than 6M --exclude '**.lock' /home/me/Desktop/TEST sftp://[hidden email]/Backup

/D.

From: Diagon
Date: Wed, 13 May 2020 19:42:58 -0700

 > Under Ubuntu, it's not ssh-agent running, but `gnome-keyring-daemon --start --components=ssh`  (And FYI, that's not an agent for gpg keys since --components=gpg is not chosen.  But, I'm using symmetric encryption.  My issue here is the ssh key.)
 >
 > So while getting ssh keys into the shell cron starts is a standard issue (https://stackoverflow.com/a/18041092), the canned solution there (keychain, which is in the repos) does not appear to be working if I try to run it on boot.  It's causing my machine to freeze.  It does work if I run it in a terminal after boot and before cron runs.
 >
 > So I'm trying out other things, but if anyone else has input, I'd appreciate it.
 >
 > /D
 >
 > Date: Wed, 13 May 2020 13:43:25 +0200
 > From: [hidden email]
 >
 > > what stumps me is that it does not simply find and provide the other ssh-agent instance running under as same user. gpg-agent seems to do so since some time.
 >
 > > anyway, actually not an duplicity issue. but if you think it worth documenting we might probably add some lines in the man page under 'a Note on Ssh Backends'
 > > http://duplicity.nongnu.org/vers8/duplicity.1.html#sect26
 >
 > > feel free to provide some concise mini howto.. ede/duply.net
 >
 > > On 13.05.2020 13:20, Diagon via Duplicity-talk wrote:
 >
 > >> This I was able to figure out. It's a standard issue in cron. Somehow you have to get information on how to access encrypted ssh keys to the subshell. Typically that would be via making an ssh-agent accessible to the subshell. The following link describes three approaches:
 > >>
 > >> https://stackoverflow.com/a/18041092
 > >>
 > >> This is apparently basic enough, that I might suggest that it should be in a duplicity FAQ somewhere? Maybe it is and I didn't see it.
 > >>
 > >> /D
 > >>
 > >> From: Diagon
 > >> Date: Tue, 12 May 2020 20:32:17 -0700
 > >>
 > >> > I'm backing up to a remote location via cron. The following command works on the command line, but fails in crontab:
 > >> >
 > >> > */10 * * * * PASSPHRASE="mypassword" flock -n /tmp/backuplock /usr/bin/duplicity --log-file /home/me/duplicity.log --backend-retry-delay 60 --asynchronous-upload --name TEST --volsize 50 --full-if-older-than 6M --exclude '**.lock' /home/me/Desktop/TEST sftp://[hidden email]/Backup
 > >> >
 > >> > The error is:
 > >> >
 > >> > ERROR 23 BackendException
 > >> > . BackendException: ssh connection to [hidden email]:22 failed: Private key file is encrypted
 > >> >
 > >> > I'm confused because my understanding is that my crontab will run under my same uname.
 > >> >
 > >> > Is there something I need to do with ssh-agent or somesuch? Does anyone have any suggestions? I've never looked into this end of things.
 > >> >
 > >> > Thanks! /D
 >

_______________________________________________
Duplicity-talk mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/duplicity-talk