Provided by: ssh-cron_1.02.00-1build1_amd64 
NAME
ssh-cron - cron-like daemon able to use ssh-connections
SYNOPSIS
ssh-cron [OPTIONS] [crontab-file]
[OPTIONS] - cf. section OPTIONS
[crontab-file] - file containing jobs to run.
DESCRIPTION
Consider the situation where a computer every now and then must access a remote computer to do some
useful things at that remote computer (like running a stealth(1) file integrity scan). In order to do so
the computer must be allowed to make ssh(1) connections to the remote computer. But since the commands
are not executed by the user but by cron(1), the ssh-keys which are required to access the remote
computer cannot use passphrases.
This is an undesirable situation: if the computer running the ssh commands gets compromised, then the
remote computers are compromised as well, since the attacker may access these remote systems using ssh
keys not requiring pass phrases.
Ssh-Cron offers a way out of this undesirable situation, while still allowing commands to be executed on
remote computers. Here’s how this is realized:
o Normally, ssh-cron runs as a daemon program. When ssh-cron starts it first reads and parses a
crontab-like specification file. Following this, ssh-cron spawns a child process, and terminates.
o Ssh-Cron’s daemon process itself spawns an ssh-agent(1) child process, executing all scheduled
commands.
o In addition, ssh-cron’s daemon defines communication channels between itself and its ssh-agent(1)
child process;
o Ssh-Cron’s daemon sends the command ssh-add(1) to its child process as its first command to
execute, and using normal user-interaction means (e.g., using ssh-askpass(1)) ssh-agent is
provided with the required passphrase(s) for the ssh key(s).
o Ssh-Cron’s daemon now monitors the time, firing off scheduled commands at their required moments
in time. If these commands require access to remote computers, then this access is granted, as
ssh-agent is able to provide the passphrase(s).
o If an ssh-cron daemon process is already running, then the --reload option (see below), can be
used to load the ssh-cron daemon with the commands and environment variable settings from another
crontab-file, replacing the currently stored commands and environment settings by the ones
provided in the reloaded file.
When shell control characters (like redirection symbols) must be used in command specifications, they
should be escaped. E.g., as in echo hello world \> /dev/null.
Users sharing a computer each define their own ssh-cron specification file. When a user logs out and
leaves the system the daemon process continues to run, executing its scheduled commands at their
scheduled times, using ssh-keys whenever required.
If the accounts for which ssh-cron jobs are running are ever compromised, the remote computers remain
safe, as the passphrases of the available ssh-keys remain unavailable.
To prevent unauthorized modifications of the commands scheduled by the ssh-cron daemon themselves a
passphrase is required when starting ssh-cron’s daemon process. The passphrase itself is not stored by
the daemon (instead, it stores a sha256(1) hash value), which avoids access to the ssh-cron daemon’s
passphrase by browsing the computer’s memory. The passphrase may be empty, but even then that empty
passphrase must be provided when reloading ssh-cron daemon’s scheduled commands. The scheduled commands
may be listed, however. This is allowed without providing a passphrase since the file containing the
scheduled commands will usually also be available on the computer. Likewise, since a user may always
terminate his/her own programs an ssh-cron daemon process can be terminated from another ssh-cron program
using the --terminate command line option.
The above-mentioned facilities are not supported by crontab(1) itself. Cron(1), which is responsible for
executing scheduled crontab commands, has no access to the passphrases of ssh-keys (which are otherwise
provided ssh-agent).
RETURN VALUE
Ssh-Cron returns 0 if the daemon was successfully started. Otherwise 1 is returned.
OPTIONS
Where available, single letter options are listed between parentheses following their associated
long-option variants. Single letter options require arguments if their associated long options also
require arguments.
Several options have default values. Run ssh-cron --help for an overview of the implemented default
option values. Also, several options can be specified in a configuration file (where this doesn’t hold
true, it is explicitly mentioned at the relevant options).
The configuration file (not to be confused with the file containing the scheduled commands, which is
provided as ssh-cron command-line file argument) ignores empty lines and all information on lines
starting at a hash-mark (#, optionally preceded by blanks and/or tabs). The configuration file is used to
specify ssh-cron’s options using their long variants. However, in the configuration file the initial
hyphens of command-line options must be omitted, and optionally a colon may be appended to these long
options names. Note that multi-word option arguments should not be surrounded by quotes. Examples:
stdout
syslog-facility: LOCAL0
mailer: /usr/bin/mail -s "some subject" me@myhost.warpnet.nl
Command-line options always override configuration file options.
o --agent=agent
absolute path to the agent program (plus its argument(s)) providing the ssh-keys.
By default /usr/bin/ssh-agent /bin/bash is used.
o --config=path (-c)
config file containing long option specifications.
By default ~/.ssh-cron is used.
This option cannot be specified in the configuration file.
o --forced (-f)
When restarting ssh-cron and an existing (leftover) ipc-file file exists, then the user is
interactively given the opportunity to remove the existing ipc-file during daemon-startup.
o --help (-h)
basic usage information is written to the standard output stream (only interpreted in combination
with --no-daemon).
This option cannot be specified in the configuration file.
o --ipc-file=path (-p)
when ssh-cron runs as a daemon, then path specifies the path of the file holding the daemon’s
shared memory ID and process ID. The ipc file must be available if ssh-cron is connecting to or
starting a daemon process (the former situation occurs with the options --list, --reload, and
--terminate). If ssh-cron detects an existing ipc-file at daemon startup and the option --forced
was not specified, then the user is interactively given the opportunity to remove the existing
file. If the existing ipc-file can or should not be removed, then the daemon is not started. To
end a daemon process use ssh-cron --terminate, or send a SIGINT (ctrl-C) or SIGTERM signal to the
process-id found as the second value in the ipc-file.
By default ~/.ssh-cron.ipc is used.
o --list (-l)
list the currently defined environment settings and cron-commands (the crontab-file argument must
be omitted). This option is incompatible with (--no-daemon, --reload,) and --terminate.
This option cannot be specified in the configuration file.
o --log=path (-L)
log messages are appended to path. If path does not exist, it is created first.
o --mailer=command (-m)
information written to the standard output or standard error streams of the commands executed by
ssh-cron is sent by e-mail to the current user. Use --mailer to redefine (or to suppress sending
e-mail by specifying an empty mailer command (i.e., --mailer "")).
By default /usr/bin/mail -s \"Ssh-cron $*\" $USER@localhost is used, with $* replaced by the
exected command as specified in the crontab file argument.
o --no-daemon
ssh-cron is not run as a daemon. To properly end ssh-cron if not running as a daemon, press the
`Enter’ key, enter ctrl-C or send ssh-cron a SIGTERM signal. This option is incompatible with (
--list, --reload,) and --terminate.
This option cannot be specified in the configuration file.
o --reload (-r)
reload the ssh-cron daemon with de cron-commands defined in the crontab-file argument (which must
be provided). This option is incompatible with (--list, --no-daemon,) and --terminate.
This option cannot be specified in the configuration file.
o --stdout (-s)
in addition to using a log file and syslog messages send all messages to the standard output. This
option is not available if ssh-cron runs as a daemon process.
This option cannot be specified in the configuration file.
o --syslog
messages are sent to the syslog daemon when this option is specified. By default syslog messages
are written to the DAEMON facility with priority NOTICE.
o --syslog-facility=facility
the facility that is used to write the syslog messages to. By default this is DAEMON. For an
overview of facilities and their meanings, see, e.g., syslog(3). With ssh-cron the facilities
DAEMON, LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7, and USER can be used.
By default facility DAEMON is used.
o --syslog-priority=priority
the priority that is used to write the syslog messages to. By default this is NOTICE. For an
overview of priorities and their meanings, see, e.g., syslog(3). With ssh-cron all defined
priorities can be used. E.g., EMERG, ALERT, CRIT, ERR, WARNING, NOTICE, INFO and DEBUG.
By default priority NOTICE is used.
o --syslog-tag=tag
syslog messages can be provided with a tag, which can be used to filter them from the log-files.
See also section RSYSLOG FILTERING below.
By default the tag SSH-CRON is used.
o --terminate (-t)
terminate a running ssh-cron daemon program, using the daemon’s process ID found in the ipc-file’s
second value. The crontab-file argument must be omitted. This option is incompatible tt with
(--list, --nodaemon,) and --reload . This option cannot be specified in the configuration file.
o --verbose
additional messages about ssh-cron’s mode of operation are sent to ssh-cron’s log facilities
(specified by --log, --syslog, and/or --stdout).
o --version (-v)
ssh-cron’s version number is written to the standard output stream.
This option cannot be specified in the configuration file.
RSYSLOG FILTERING
When using rsyslogd(1) property based filters may be used to filter syslog messages and write them to a
file of your choice. E.g., to filter messages starting with the syslog message tag (e.g., SSH-CRON) use
:syslogtag, isequal, "SSH-CRON:" /var/log/ssh-cron.log
:syslogtag, isequal, "SSH-CRON:" stop
Note that the colon is part of the tag, but is not specified with the syslog-tag option.
This causes all messages having the SSH-CRON: tag to be written on /var/log/ssh-cron.log after which they
are discarded. More extensive filtering is also supported, see, e.g.,
http://www.rsyslog.com/doc/rsyslog_conf_filter.html and http://www.rsyslog.com/doc/property_replacer.html
SEE ALSO
cron(1), crontab(1), crontab(5), , rsyslogd(1), ssh(1), ssh-add(1), ssh-agent(1), ssh-askpass(1),
stealth(1), syslog(3)
BUGS
None reported.
COPYRIGHT
This is free software, distributed under the terms of the `GNU General Public License’. Copyright remains
with the author. ssh-cron is available at https://fbb-git.gitlab.io/ssh-cron/.
ORGANIZATION
Center for Information Technology, University of Groningen.
AUTHOR
Frank B. Brokken (f.b.brokken@rug.nl).