So I semi-solved this (sort of). I opened up a new server with a private key, and the key was not password protected like my previous key was for the previous server (the one in question this entire post until this response here).
Interestingly enough, when editing the cron jobs (via
crontab -e
) the syntax required was different for the
scp
command itself, and is as follows:
Code: Select all
#COPYING FROM CLIENT TO SERVER
* * * * * scp /home/jay/hi.log root@111.111.111.111:/root/
#COPYING FROM SERVER TO CLIENT
* * * * * /usr/bin/scp root@111.111.111.111:/root/performance.log /home/jay
* * * * * /usr/bin/scp root@111.111.111.111:/root/ip.txt /home/jay
From the
client to server: scp
by itself sufficed. Cron job ran with no issues. It probably would run with the full path as well, but interesting to point out that it didn't require it like when the copying direction was switched.
From the
server to the client: /usr/bin/scp
was required for the files to get copied. Putting
scp
by itself did not run the cron job.
Why would there be a difference in requirements for the cron job to run depending on the direction of the copying? Both commands run in the same environment, or lack thereof, it's the same context. So what happened here?
Coggy wrote: ⤴Wed Oct 05, 2022 2:05 pm
Is the private key on the client (the machine with the crontab) password protected? Remember that there are two points where you may need to supply a password:
1: The server may ask for a password if you don't supply an acceptable key. With PasswordAuthentication set to no, it will simply drop the connection instead.
This certainly seems to have been part of the problem. Even after I lifted the password requirement, nothing worked at all. Except when running command line directly, but not as a cron job.
Coggy wrote: ⤴Wed Oct 05, 2022 2:05 pm
2: The private key file on the client might be password protected. I really don't know how to cope with that requirement in a cron job.
Yeah, me neither. I do not know almost anything about SSH (literally started learning about 3 days ago for the first time). But as a general question, perhaps you know, if the only way to do cron jobs is to not have a password on the private SSH key, wouldn't that be a potential security risk of some sort? For example, if someone gained unauthorized access the computer that the private key is on.
I am just trying to build good security habits from the get-go, but I want this all to work too! haha
Coggy wrote: ⤴Wed Oct 05, 2022 2:05 pm
Who is the cron job running as? Did you use
crontab -e
to edit it? If so, the job is running as you and probably doesn't have permission to write to /var/log.]
If it's running as root, then it won't know to look at your private key file in /home/jay/.ssh, and probably wouldn't like the differing ownership if you gave it
-i filename
to point it to the right file.
Yes, I used
crontab -e
on my local machine. What does this part of your answer mean as far as "...wouldn't like differing ownership.."? I did not understand that part or what the
-i filename
refers to or means.
Coggy wrote: ⤴Wed Oct 05, 2022 2:05 pm
On which machine did you do systemctl restart ssh? Confusingly,
restart ssh
actually restarts the sshd daemon, the ssh listening service. This is something you would do on the server, not the client. But /etc/ssh_config affects the ssh client only: /etc/sshd_config is for the daemon running on the server.
Very possible that I did the wrong command, this is literally my first attempt at working with SSH.