Score:0

Server

Using Crontab to run a shell script with SSH

vincecalpari

10/31/23, 6:29 AM

I’m trying to use a cronjob to run a shell script on my EC2 instance, which SSH’s to a server to get a mongodump of a database and restore at a given specific time without me having to login.

I’ve already ssh-copy-id id_rsa as well.

So after some research, this is my updated shell script (fake hosts for privacy reasons)

auth=`find /tmp -user $LOGNAME -type s -name "*agent*" -print 2>/dev/null`
SSH_AUTH_SOCK=$auth
export SSH_AUTH_SOCK

rm -rf tmp
mkdir tmp
ssh [email protected] '
rm -rf tmp
mongodump --host=$PRODUCTION_DB_HOST --forceTableScan --username=$PRODUCTION_DBALL_USER2 --password=$PRODUCTION_DB_KEY  --db=api_products_udm --ssl --authenticationDatabase admin --out=tmp
tar -cjf - tmp
' | tar xvjf - -C tmp
mongorestore tmp/tmp --drop

Using this, the cronjob worked perfectly as long as I’m logged into the EC2 instance server, but as soon as I logoff or session terminates, it won't work. Ideally I want this cron job to run without me having to log in every time before the specified time

Could some give me some guidance to achieve this. A bit new to linux world:)

This is my crontab -e

0 10 * * * sh /home/ec2-user/productsrestore.sh

555

1 + 3

ssh

shell

cron

amazon-ec2

Romeo Ninov

10/31/23, 7:04 AM

Why do not run the cron on AWS machine?

TommyPeanuts

10/31/23, 7:39 AM

Welcome to ServerFault @vincecalpari! This is good question. Firstly, how did you create the SSH key? It will probably need to have no password.

vincecalpari

10/31/23, 9:21 AM

hi @TommyPeanuts I used "ssh-keygen -p" to remove the passphrase from the SSH key.

Score:0

Server

diya

10/31/23, 9:29 AM

auth=`find /tmp -user $LOGNAME -type s -name "*agent*" -print >/dev/null`
SSH_AUTH_SOCK=$auth
export SSH_AUTH_SOCK

It looks like you're relying on a forwarded ssh-agent connection for the private key / passphrase. That appears to be what creates the dependancy on you keeping an interactive login session open or establishing one before the batch job runs.

How to avoid that dependancy?

Typically one sets up a dedicated ssh key-pair without a passphrase to be used by batch jobs.

You instruct the batch job to use that particular private key with an ssh -i /path/to/id_rsa.batch ...

Like always you copy the public key and add it to the remote ˜/.ssh/authorized_keys but for security you make use of the often ignored options field to add restrictions to what is allowed by connections authenticating with that particular key pair.

Add the for example the restrictions: no-port-forwarding no-X11-forwarding , no-agent-forwarding ,no-pty , from=IP-address and/or others.

See authorized_keys file format description in https://www.freebsd.org/cgi/man.cgi?sshd(8) for their meaning

cat ~/.ssh/authorized_keys

from=10.9.8.7  ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCB... comments start here 
no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDE... other comment

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Using Crontab to run a shell script with SSH

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.