[Borgbackup] Crontab

Tom Rushworth tbr at mannynkapy.net
Thu Jun 1 17:16:13 EDT 2023 

Hi,

On Thu, Jun 01, 2023 at 03:32:26PM +0200, Alberto Luaces wrote:
> Ralf Fechner via Borgbackup <borgbackup at python.org> writes:
> 
> >> Am 01.06.2023 um 13:53 schrieb Alberto Luaces <borgbackup at aluaces.fastmail.com>:
> >> 
> >> Ralf Fechner via Borgbackup <borgbackup at python.org> writes:
> >> 
> >>> Now I have created a new SSH key to access the server. I no longer have this Key in the .ssh directory, but I load this key into the ssh agend using KeepassXC.
> >> 
> >> You can run «ssh-add -L» from your cron script and inspect the logs.
> >> 
> >> My bet is that the environment variables the ssh agent exports are not
> >> available when running the script through cron, thus ssh cannot reach
> >> the key.
> >
> > Ok, I have done that. Then comes the message:
> >
> > Could not open a connection to your authentication agent.
> >
> > This means that Crontab can not access the agent. Is it possible to change this? If yes how?
> >
> 
> You can copy the content of your $SSH_AUTH_SOCK environment variable in
> the cron job, but that is likely to change from time to time, so it is
> not a long-term solution.

You are better off starting an ssh-agent in your crontab script.  Here
is what I use at the start of a script for an unattended backup by user
root on a FreeBSD machine:

   eval `/usr/bin/ssh-agent -s`
   /usr/bin/ssh-add /root/.ssh/private_key_for_backup

> 
> The usual procedure is to use a passwordless key, but restricting it to
> just running borg on the remote side, as shown in
> https://borgbackup.readthedocs.io/en/stable/deployment/pull-backup.html#ssh-agent

Right.  The "private_key_for_backup" is just such a key.  I use the ssh
"user at host" notation so that there is no need to run as root on the
remote host (backup server).  The username I have on the remote host is
"backup", so the borg command in the crontab script looks like:

   borg create backup at remote_host:remote_repo_name::archive_name dirs...

The sshd config entry for the user "backup" on the remote host has been
set up to restrict to just running borg (as mentioned above).

I will probably have to change the '::' with the latest borg, but the
stuff above works for now.
> _______________________________________________
> Borgbackup mailing list
> Borgbackup at python.org
> https://mail.python.org/mailman/listinfo/borgbackup

Cheers,
--
Tom Rushworth

More information about the Borgbackup mailing list