Provided by: ssh-cron_2.00.00-1_amd64 
NAME
ssh-cron - cron-like daemon able to use ssh-connections
SYNOPSIS
ssh-cron [OPTIONS] [crontab-file]
[OPTIONS] - cf. section OPTIONS
[crontab-file] - file containing jobs to run.
DESCRIPTION
Consider the situation where a computer every now and then must access a remote computer to do some
useful things at that remote computer (like running a stealth(1) file integrity scan). In order to do so
the computer must be allowed to make ssh(1) connections to the remote computer. But since the commands
are not executed by the user but by cron(1), the ssh-keys which are required to access the remote
computer cannot use passphrases.
This is an undesirable situation: if the computer running the ssh commands gets compromised, then the
remote computers are compromised as well, since the attacker may access these remote systems using ssh
keys not requiring passphrases.
Ssh-Cron offers a way out of this undesirable situation, while still allowing commands to be executed on
remote computers. Here’s how this is realized:
o Normally, ssh-cron runs as a daemon program. When ssh-cron starts it first reads and parses a
crontab-like specification file. Following this, ssh-cron spawns a child process, and terminates.
o Ssh-Cron’s daemon process itself spawns an ssh-agent(1) child process, executing all scheduled
commands.
o In addition, ssh-cron’s daemon defines communication channels between itself and its ssh-agent(1)
child process;
o Ssh-Cron’s daemon sends the command ssh-add(1) to its child process as its first command to
execute, and using normal user-interaction means (e.g., using ssh-askpass(1)) ssh-agent is
provided with the required passphrase for the ssh key(s).
o Ssh-Cron’s daemon now monitors the time, firing off scheduled commands at their required moments
in time. If these commands require access to remote computers, then this access is granted, as
ssh-agent is able to provide the passphrase.
o If an ssh-cron daemon process is already running, then the --reload option (see below), can be
used to load the ssh-cron daemon with the commands and environment variable settings from a
specified crontab-file, replacing the currently stored commands and environment settings by the
ones provided in the reloaded file.
When shell control characters (like redirection symbols) must be used in command specifications, they
should be escaped. E.g., as in echo hello world \> /dev/null.
Users sharing a computer each define their own ssh-cron specification file. When a user logs out and
leaves the system the daemon process continues to run, executing its scheduled commands at their
scheduled times, using ssh-keys whenever required.
If the accounts for which ssh-cron jobs are running are ever compromised, the remote computers remain
safe, as the passphrases of the available ssh-keys remain unavailable.
To prevent unauthorized modifications of the commands scheduled by the ssh-cron daemon themselves a
passphrase is required when starting ssh-cron’s daemon process. The passphrase itself is not stored in
the daemon (instead, it stores a sha256(1) hash value), which avoids access to the ssh-cron daemon’s
passphrase by browsing the computer’s memory. The passphrase must be at least 10 characters long and must
be provided when reloading or listing a running ssh-cron program’s crontab file.
The above mentioned facilities are not supported by crontab(1) itself. Cron(1), which is responsible for
executing scheduled crontab commands, has no access to the passphrases of ssh-keys (which are otherwise
provided ssh-agent).
RETURN VALUE
Ssh-Cron returns 0 if the daemon was successfully started. Otherwise 1 is returned.
OPTIONS
Where available, single letter options are listed between parentheses following their associated
long-option variants. Single letter options require arguments if their associated long options also
require arguments.
Several options have default values. Run ssh-cron --help for an overview of the implemented default
option values. Also, several options can be specified in a configuration file (where this doesn’t hold
true, it is explicitly mentioned at the relevant options).
The configuration file (not to be confused with the file containing the scheduled commands, which is
provided as ssh-cron command-line file argument) ignores empty lines and all information on lines
starting at a hash-mark (#, optionally preceded by blanks and/or tabs). The configuration file is used to
specify ssh-cron’s options using their long variants. However, in the configuration file the initial
hyphens of command-line options must be omitted, and optionally a colon may be appended to these long
options names. Note that multi-word option arguments should not be surrounded by quotes. Examples:
stdout
syslog-facility: LOCAL0
mailer: /usr/bin/mail -s "some subject" me@c-plusplus.nl
Command-line options always override configuration file options.
o --agent=agent
absolute path to the agent program (plus its argument(s)) providing the ssh-keys.
By default /usr/bin/ssh-agent /bin/bash is used.
o --config=path (-c)
config file containing long option specifications.
By default ~/.ssh-cron is used.
This option cannot be specified in the configuration file.
o --forground
ssh-cron is not run as a daemon. To properly end ssh-cron when it’s not running as a daemon,
execute ssh-cron --terminate in a separate process or end it using ctrl-C or by sending the
process a SIGTERM signal.
This option cannot be specified in the configuration file.
o --help (-h)
ssh-cron ends after writing basic usage information to the standard output stream.
This option cannot be specified in the configuration file.
o --list (-l)
list the currently defined environment settings and cron-commands (the crontab-file argument must
be omitted). This option is incompatible with --reload and --terminate.
This option cannot be specified in the configuration file.
o --log=path (-L)
log messages are appended to path. If path does not exist, it is first created.
o --mailer=command (-m)
information written to the standard output or standard error streams of the commands executed by
ssh-cron is sent by e-mail to the current user. Use --mailer to redefine (or to suppress sending
e-mail by specifying an empty mailer command (i.e., --mailer "")).
By default /usr/bin/mail -s \"Ssh-cron $*\" $USER@localhost is used, with $* replaced by the
exected command as specified in the crontab file argument.
o --reload (-r)
reload the running ssh-cron program with de cron-commands defined in the crontab-file argument
(which must be provided). This option is incompatible with --list and --terminate.
This option cannot be specified in the configuration file.
o --stdout (-s)
in addition to using a log file and/or writing syslog messages send all messages to the standard
output. This option is not available if ssh-cron runs as a daemon process.
This option cannot be specified in the configuration file.
o --syslog
use this option to send messages to the syslog daemon. By default syslog messages are written to
the syslog’s DAEMON facility with priority NOTICE.
o --syslog-facility=facility
the syslog facility used when writing messages to the syslog daemon. By default this is DAEMON.
For an overview of facilities and their meanings, see, e.g., syslog(3). With ssh-cron the
facilities DAEMON, LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7, and USER can be
used.
By default facility DAEMON is used.
o --syslog-priority=priority
the syslog priority used when writing messages to the syslog daemon. By default this is NOTICE.
For an overview of priorities and their meanings, see, e.g., syslog(3). With ssh-cron all defined
priorities can be used. E.g., EMERG, ALERT, CRIT, ERR, WARNING, NOTICE, INFO and DEBUG.
By default priority NOTICE is used.
o --syslog-tag=tag
syslog messages can be provided with a tag, which simplifies locating them in the syslog
log-files. See also section RSYSLOG FILTERING below.
By default the tag SSH-CRON is used.
o --terminate (-t)
terminate a running ssh-cron daemon. The crontab-file argument must be omitted. This option is
incompatible tt with the (--list) and --reload options.
This option cannot be specified in the configuration file.
o --uds=path (-u)
when ssh-cron runs as a daemon or in the foreground, then path specifies the location of its Unix
domain socket. When ssh-cron is called with the options --list, --reload, or --terminate then it
uses the uds file to communicate with the running ssh-cron proram. When the running ssh-cron
program ends it removes the uds file. If the uds file couldn’t be removed (e.g., ssh-cron received
a SIGKILL signal) then the uds file must be removed `by hand’ before ssh-cron can start again.
By default ~/.ssh-cron.uds is used.
o --verbose
additional messages about ssh-cron’s mode of operation are sent to ssh-cron’s log facilities
(specified by --log, --syslog, and/or --stdout).
o --version (-v)
ssh-cron’s version number is written to the standard output stream.
This option cannot be specified in the configuration file.
RSYSLOG FILTERING
When using rsyslogd(1) property based filters may be used to filter syslog messages and write them to a
file of your choice. E.g., to filter messages starting with the syslog message tag (e.g., SSH-CRON) use
:syslogtag, isequal, "SSH-CRON:" /var/log/ssh-cron.log
:syslogtag, isequal, "SSH-CRON:" stop
Note that the colon is part of the tag, but is not specified with the syslog-tag option.
This results in writing all messages having the SSH-CRON: tag to be written on /var/log/ssh-cron.log.
More extensive filtering is also supported, see, e.g.,
http://www.rsyslog.com/doc/rsyslog_conf_filter.html and http://www.rsyslog.com/doc/property_replacer.html
SEE ALSO
cron(1), crontab(1), crontab(5), , rsyslogd(1), ssh(1), ssh-add(1), ssh-agent(1), ssh-askpass(1),
stealth(1), syslog(3)
BUGS
None reported.
COPYRIGHT
This is free software, distributed under the terms of the `GNU General Public License’. Copyright remains
with the author. ssh-cron is available at https://fbb-git.gitlab.io/ssh-cron/.
ORGANIZATION
University of Groningen.
AUTHOR
Frank B. Brokken (f.b.brokken@rug.nl).
ssh-cron_2.00.00 2014-2025 ssh-cron(1)