2

I am running a Debian 7 Wheezy server and are having problems with connecting to other servers over SSH. This problem only occurs while running SSH through crontab, and not otherwise (logged in as the same user of course).

While running a ssh command as this user through crontab, I get the following problem:

Host key verification failed.

I have removed the ~/.ssh/known_hosts file and manually connected to the server in order for the host key to be correct.

When running SSH with the -v flag, I get the following:

debug1: read_passphrase: can't open /dev/tty: No such device or address
Host key verification failed.

If I list /dev/tty it has 666 permissions:

crw-rw-rw- 1 root root 5, 0 Jun 21 15:49 /dev/tty

I have also manually set the permissions to 666 after I listed /dev/tty in order to be entirely sure.

Why does SSH say it can't read /dev/tty? I've been exploring this for weeks and havn't found an answer. Does anyone have a clue?

Oskar S.
  • 3
  • 2
Hans-Filip Elo
  • 21
  • 1
  • 3
  • 1
    Do you have a password-protected SSH keypair? – Federico Sierra Jun 22 '15 at 18:48
  • 2
    "Can't read /dev/tty" is probably because there isn't an attached terminal when running in a cron job. See http://unix.stackexchange.com/questions/60641/linux-difference-between-dev-console-dev-tty-and-dev-tty0. It may be helpful if you can post your full crontab line (appropriately redacted.) – jtniehof Jun 22 '15 at 18:49
  • 1
    How does the `ssh` command look? Have you tried with the `-T` switch? http://www.openbsd.org/cgi-bin/man.cgi/OpenBSD-current/man1/slogin.1?query=ssh&sec=1 – dentarg Jun 22 '15 at 19:25
  • @dentarg I'll try with the -T switch. Nice one! Next run is on sunday - we'll see by then. – Hans-Filip Elo Jun 22 '15 at 19:39
  • The -T switch did not work actually. I''m still seeing the same error. – Hans-Filip Elo Aug 09 '15 at 12:26

2 Answers2

2

You cannot connect with passphrase protected key from script without an agent (or at least a way to provide passphrase), ssh daemon is waiting for an input that you cannot provide without tty.

see: https://unix.stackexchange.com/questions/90853/how-can-i-run-ssh-add-automatically-without-password-prompt

Community
  • 1
maxxvw
  • 321
  • 1
  • 7
  • it seems at least partially wrong. you can add the ssh-passphrase key to a ssh-agent, so the result is a passphrase protected ssh-key which automatically works once you added the ssh-key to the ssh-agent. – Dennis Nolte Jun 23 '15 at 07:41
  • That's true, edited answer. But question is `Why does SSH say it can't read /dev/tty` – maxxvw Jun 23 '15 at 07:55
1

SSH says it can't read /dev/tty because you didn't call it from a console, but from crontab. The /dev/tty device is the controller terminal for the current process and when you launch a process from crontab it has no associated terminal, so it cannot access that device.

There is a better explanation here: https://stackoverflow.com/questions/8514735/what-is-special-about-dev-tty

Community
  • 1
Mauricio López
  • 974
  • 4
  • 9
  • This script has worked before. We've been using them in two different machines who both showed the same type of errors at the same time. We are running Debian 7 Wheezy and unattended upgrades. – Hans-Filip Elo Aug 09 '15 at 12:36