• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3415
  • Last Modified:

lftp (sftp through proxy) won't connect when using cron

Hi Experts

I have a testing problem. I am mirroring some files with lftp from an akamai host to a local server. I am connecting using sftp via a SOCKS proxy and using cron to automate the job.

My problem is when the script is run by cron I cannot connect to host. I can run the script manually and connect to akamai by command line (using user root and the crontab is installed for root) but I am not sure, when using cron, it is picking up the socks proxyconnect command from ssh_config.

Has anyone come across this problem before?

Many thanks
0
Taniap
Asked:
Taniap
  • 6
  • 5
  • 3
1 Solution
 
woolmilkporcCommented:
Check the environment!

cron doesn't run shell initialization profiles, so you might be missing some required environment variable, or a PATH.

wmp
0
 
TaniapAuthor Commented:
hmmm, I have
X-Cron-Env: <HOME=/root>
X-Cron-Env: <PATH=/usr/bin:/bin>
X-Cron-Env: <LOGNAME=root>
X-Cron-Env: <USER=root>

everything has a defined path in the cron and the script
I also have another lftp script automated through cron - again mirroring a server which has been running for ages with no problems - the only difference is it is not using a proxy to connect.

I am a bit stumped
0
 
woolmilkporcCommented:
Do I understand you right that cron uses the wrong "ProxyCommand"?

Well, you can pass ssh options to sftp, like

sftp -o ProxyCommand='my proxy command string' ... ... ...

 

0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
TaniapAuthor Commented:
I'm not sure but that's what I'm suspecting.

my ~/.ssh/ssh_config has the following
Host xxx.xxx.akamai.com
   ProxyCommand connect -S socks.xxx.xxx.xx.xx:1080 %h %p

my cron is:
5 **** /usr/bin/lftp -f /root/download.x

and download.x is:
debug -o /root/debug.txt 1
open -u xxx,xxx -p 22 sftp://xxx.xxx.akamai.com
...plus all the mirroring commands  

The debug.txt is just saying ****peer closed connection
0
 
parparovCommented:
You should add the same entry in ~root/.ssh/ssh_config for Host xxx.xxx.akamai.com
0
 
woolmilkporcCommented:
I hope that you have spaces between the asterisks in crontab ( 5 * * * * )!

You could indeed try to add the ProxCommand to the crontab entry, but please be aware that under cron you must escape the percent signs ( % ) with a backslash ( \% ), because they have a special meaning there (start of stdin).

Like this:

5 * * * * /usr/bin/lftp -o ProxyCommand='connect -S socks.xxx.xxx.xx.xx:1080 \%h \%p' -f /root/download.x


0
 
TaniapAuthor Commented:
Thanks I'll give that a go tomorrow - I've given up for tonight

(and yep, there are spaces between the asterisks - I didn't cut & paste just typed it quickly...)
Many thanks for you input with this
0
 
woolmilkporcCommented:
Did you get any further with this issue?
0
 
TaniapAuthor Commented:
Hi Woolmilkporc

No I'm still having issues with it. I tried:

5 * * * * /usr/bin/lftp -o ProxyCommand='connect -S socks.xxx.xxx.xx.xx:1080 \%h \%p' -f /root/download.x

lftp: invalid option -- 'o'


5 * * * * /usr/bin/lftp -c ProxyCommand='connect -S socks.xxx.xxx.xx.xx:1080 \%h \%p' -f /root/download.x

connection refused

5 * * * * /usr/bin/lftp set ftp:proxy='socks.xxx.xxx.xx.xx:1080 \%h \%p' -f /root/download.x

lftp: invalid option -- 'f'

I then reverted back to:
5 **** /usr/bin/lftp -f /root/download.x

and amended download.x to:
debug -o /root/debug.txt 5
set ftp:proxy=socks.xxx.xxx.xxx.xxx:1080
set ftp:proxy-auth-type=open
open -u xxx,xxx -p 22 sftp://xxx.xxx.akamai.com
...plus all the mirroring commands

running lftp -f /root/download.x as root from command line works but from cron once again - connection refused in the debug.txt  

..now there must be a way to get to cron to use the proxy but I can't for the life in me find it!!!

0
 
woolmilkporcCommented:

It find it strange that it should work from command line because I suspect that the option "-u xxx,xxx" does not work with lftp as an sftp client.

What is "xxx,xxx"? root and his password?

If there is public key authentication configured you could try

open -p 22 sftp://xxx@xxx.xxx.akamai.com

with xxx being the username from "-u xxx,..."

Again, please remember that passwordless login via public key must be possible.

wmp


0
 
parparovCommented:
Did you alter the root .ssh/config file as proposed?
0
 
TaniapAuthor Commented:
hi parparov

yes

my root/.ssh/ssh_config has the following
Host xxx.xxx.akamai.com
   ProxyCommand connect -S socks.xxx.xxx.xx.xx:1080 %h %p

and has been from the start - hence why it's working from the command line OK

Just having trouble getting it to work when using root's cron
0
 
parparovCommented:
whoops, the file should be ~root/.ssh/config and not ~root/.ssh/ssh_config
0
 
TaniapAuthor Commented:
Hi parparov

I created a root/.ssh/config and it now looks like it's working sort of ... (I'm getting authentication errors - OK if run manually but failing via cron - but that is another investigation - at least it's getting through the proxy now).

Many thanks for your help
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 6
  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now