I recently scheduled some backup tasks on my VPS using backup-manager which is a neat program for this job. Everything is fine for that.
Then I wanted to set up a cron on my home computer to download the backup archives everyday. This wasn’t as easy as it sounded at first.
You might even get those errors:
Permission denied, please try again. Permission denied, please try again. Permission denied (publickey,password). rsync: connection unexpectedly closed (0 bytes received so far) [receiver] rsync error: unexplained error (code 255) at io.c(635) [receiver=3.0.3]
I need to connect to my VPS using a SSH key that is protected by a passphrase (password). This ssh key is added to my ssh agent (at login time).
The main problem is that cron is run using a restricted environment, meaning it doesn’t give environment variables like SSH_AUTH_SOCK.
This variable is needed by the ssh client in order to communicate with the ssh agent that will provide the information on the ssh key.
Here’s a workaround for it. It’s a quite secure way to fix this.
The technique is to find the socket path in the /tmp directory. Usually for ubuntu, it is /tmp/keyring-*/ssh.
Note that this may not work and might need a little customization if you have multiple ssh-agents running.
So here’s how I do it:
Open your crontab, type:
And add or edit your command to look like mine:
SHELL=/bin/bash BASH_ENV=/home/YOURUSER/.bashrc # m h dom mon dow command 0 9 * * * SSH_AUTH_SOCK="$(find /tmp/keyring*/ -perm 0755 -type s -user YOURUSER -group YOURUSER -name '*ssh' | head -n 1)" /home/YOURUSER/PATH/TO/backup-script >> /home/YOURUSER/backup.log 2>&1
Replace YOURUSER with the concerned user name.
This is quite secure as the find command is very specific with permissions, ownership, type (socket) and names.
Any ideas to improve this are welcome!