Skip to content

Instantly share code, notes, and snippets.

@Justintime50

Justintime50/ssh-agent-in-crontab.md

Last active October 4, 2024 05:31
Show Gist options
  • Save Justintime50/297d0d36da40834b037a65998d2149ca to your computer and use it in GitHub Desktop.
Save Justintime50/297d0d36da40834b037a65998d2149ca to your computer and use it in GitHub Desktop.
Download ZIP
Use Your SSH Agent in a Crontab
Raw
ssh-agent-in-crontab.md

Use Your SSH Agent in a Crontab

Getting access to SSH inside a Crontab is often a problem for many as the environment in which your cron runs is not the same as your normal shell. Simply running ssh-add will not allow you to use your SSH Agent inside your crontab. Follow the below guide to setup your crontab to use your ssh-agent:

Usage

  1. Install Keychain.
  2. Add the following to your ~/.zlogin file which will be invoked on each login. This will allow your crontab (and normal shell) to use your ssh keys and bypass needing to punch in your password each time you need SSH. This will also span across multiple sessions and shells.
# Use keychain to keep ssh-agent information available in a file
/usr/bin/keychain "$HOME/.ssh/id_rsa"
. "$HOME/.keychain/${HOSTNAME}-sh"
  1. Finally, prepend the following to your cron job command to allow it access to your new keychain.
. "$HOME/.keychain/${HOSTNAME}-sh"

A full crontab example may look like the following:

0 2 * * * . "$HOME"/.keychain/${HOSTNAME}-sh; my_command --someflag > /dev/null

Attribution

https://eli.thegreenplace.net/2013/10/08/some-notes-on-logging-and-ssh-access-from-cron-jobs

@engrinak
Copy link

engrinak commented Jan 31, 2022
edited
Loading

In Step 3, can you clarify how to prepend "source "$HOME/.keychain/${HOSTNAME}-sh" to the cron job? Should it be prepended to the command with '&&' ? For example, a cron job that runs at 12:10am every day:

10 0 * * * source "$HOME/.keychain/${HOSTNAME}-sh" && do my ssh stuff here

@Justintime50
Copy link
Author

Justintime50 commented Jan 31, 2022
edited
Loading

Ah man, after re-reading that I realize it's not super clear is it? I've updated the guide to be more descriptive on that part. Thanks for asking!

@engrinak
Copy link

engrinak commented Feb 1, 2022

Hi Justin, thank you so much for the reply, that was a huge help!
I did run into another problem, and I don't know if this is specific to raspberry pi or not but I had to specify in the crontab file to use bash as my shell:
SHELL=/bin/bash
Anyways, my cron job is working now, thanks again!

@durai23
Copy link

durai23 commented Mar 18, 2022

Hi Justin,

Is it possible to adapt keychain to the case where I am already ssh-ed into a server and need to run a cronjob that will ssh to a third server. That is as follows:

workstation (with ssh keys) -> ssh into server 1 (with agent forwarding) -> run cronjob that will ssh into server 2

So ideally I would want keychain on server 1 but the keys are not present in server 1. Is this doable?

@Justintime50
Copy link
Author

Justintime50 commented Mar 18, 2022
edited
Loading

@durai23 that's an interesting thought, I'm not sure to be honest as I've never attempted this. I'm curious if you could continue forwarding to the next machine or if you'd need an intermediate step. Sadly I wouldn't know.

@mikesmithgh
Copy link

I had to specify in the crontab file to use bash as my shell: SHELL=/bin/bash

same here about needing to set SHELL=/bin/bash

thanks @Justintime50 for this gist 👍

@Dosflange
Copy link

Dosflange commented Oct 4, 2024
edited
Loading

Really helpful Gist! I am using zsh and had to replace ${HOSTNAME}-sh by $HOST-sh👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment