Skip to contentMinimalist version of this page

Can't auth Non-interactive SSH with Ubuntu

Impossible to make a cron rsync that uses a ssh key. The script works well when you manually launch it but not the cron.

Create a ssh key dedicated to the cron task without any passphrase by running `ssh-keygen -t rsa` and launch ssh with the `-i` option that points to the rsa key without passphrase.

It’s been a while since I got this problem waiting to be solved, and tonight I finally found a solution!

Le problème

I have a shell script that makes a rsync of a remote machine via ssh. Something like this:

#!/bin/bash
rsync -e ssh -a user@123.456.789.123:/folder/to/be/saved /home/nico/backup

When I run the script by doing this :

$ sh MyScript.sh

…rsync doesn’t ask me for a password for the ssh connection because I have my public key that is well recorded in the ~/.ssh/authorized_keys file on the remote computer for the user user.

the public key was generated by default (I guess), by ubuntu and/or Gnome-keyring.

So far, everything’s fine. The script works very well without asking me any password.

My problem starts when I try to automate the exiecution of my backup. For example, I would like it to start every 30 minutes.

$ crontab -e

…and I add this line:

*/30 * * * * sh ~/MyScript.sh

Unfortunately, it doesn’t work. To understand where the problem is, I log to find out what’s going on.

*/30 * * * * sh ~/MyScript.sh > ~/logs.txt 2>&1

And unfortunately I don’t learn much more. Except that the SSH connection is refused.

To find out, I ask rsync to make ssh a little more verbose bavard in my script by adding the -vv to the command ssh (and some apostrophes around the 'ssh -vv'):

#!/bin/bash
rsync -e 'ssh -vv' -a user@123.456.789.123:/folder/to/be/saved /home/nico/backup

That’s how I got the details of the SSH error:

read_passphrase: can't open /dev/tty

I tried several things to make SSH agree to log in using my SSH key:

  • param -T
  • param -o StrictHostKeyChecking=no
  • param -i /home/nico/.ssh/id_rsa

…but no change. Actually the problem was elsewhere. If I understood it correctly, the problem is that my SSH key was generated with a passphrase managed by Gnome-Keyring. So it’s flowless when I make a SSH connection via the console. but when I try to make a SSH connection in non-interactive mode (as is the case for a cron task), then the passphrase is not communicated to the cron task because no gnome interface is related to it.

The solution

To avoid this, the only way that was within my reach was to generate a new ssh key without passphrase:

$ ssh-keygen -t rsa

Generating public/private rsa key pair.
Enter file in which to save the key (/home/nico/.ssh/id_rsa): 
# /home/nico/.ssh/id_rsa_without_passphrase
Enter passphrase (empty for no passphrase): 
# leave empty

After that, there’s only two things left to:

  • add my new public key to the ~/.ssh/authorized_keys file on the remote computer.
  • explain to SSH in my rsync command that it needs to use the key without passphrase rather than using the default ~/.ssh/id_rsa key. To do this, we simply put the -i option to the ssh command.
#!/bin/bash
rsync -e 'ssh -i /home/nico/.ssh/id_rsa_without_passphrase' -a user@123.456.789.123:/folder/to/be/saved /home/nico/backup

…and voilà. My sync finally works automatically without asking for a password.

Here’s the page which eventually gave me the real answer to my problem.

Last update :
Did you know ? I have absolutly no mean to know if your read this blog post or not. I respect your privacy too much to install any kind of analytic tracker or some cookie sh*t. So.. if you want to let me know you read it and (dis)like it, you'll have to leave a comment below !
Would you like to comment ?
About yourself
You're not a naughty spammer bot, are you ?
Minimalist version of this pageGo to top