First, Reason:
Before because the server can only login, and limit the root account login, so ssh through all the server, to achieve the public key forward SCP free password, etc., greatly facilitate the management of the server.
Recently there is a need to do offsite backup of data. The simplest use of SCP script, but script manual execution is OK, put crontab does not work properly.
Second, the solution:
Script execution failed, immediately thought to print verbose log debug, that scp-v then read the log, because the key authentication failed. Our SSH is based on SSH key forwarding,
Lenovo to the previous crontab can not get the environment variables, the problem is that crontab can't get ssh-agent, so authentication failed.
After a Google discovery, keychain can help us solve this problem.
Apt-get Install Keychain
Kechain ~/.ssh/id_rsa Enter your own encryption phrase
Of course. SSH directory to upload its own public key and key, permissions 600
Then modify ~/.profile, join
Export Hostname= ' HOSTNAME ' # HOSTNAME not set some machines
If [-x/usr/bin/keychain-a-F $HOME/.keychain/${hostname}-sh]; Then
/usr/bin/keychain--clear $HOME/.ssh/id_rsa
SOURCE $HOME/.keychain/${hostname}-sh
Fi
Then add in the script:
SOURCE $HOME/.keychain/${hostname}-sh
Third, reference:
http://www.snowfrog.net/2007/11/15/ssh-ssh-agent-keychain-and-cron-notes/
Https://wiki.gentoo.org/wiki/Keychain/zh-cn
Https://serverfault.com/questions/92683/execute-rsync-command-over-ssh-with-an-ssh-agent-via-crontab
Solution to the failure of "Linux" non-cipher SCP in crontab