1

I have a bash script, /home/localuser/backup-script.sh, with this snippet inside of it:

rsync -avzh \ -e "ssh -i /home/localuser/.ssh/id_ed25519" \ /home/localuser/backups/file-to-backup.gz \ [email protected]:/home/remoteuser/backups

If I run it directly from shell, everything works like a charm, while if I run it through a systemd service I configured, I get the error [email protected]: Permission denied (publickey,password).

This is the service (/etc/systemd/system/backup.service) I configured:

[Unit] Description=Trigger script to perform backup [Service] Type=oneshot User=localuser ExecStart=/bin/bash /home/localuser/backup-script.sh [Install] WantedBy=multi-user.target

And I usually run it via a timer, but I also get the same error if I start it directly via sudo systemctl start backup.service

The ssh service is correctly setup, as confirmed by the success I have running the script directly, or also by launching ssh [email protected].

I cannot figure out what is going on... any clue?

Additional info: I get same error replacing rsync with scp

Edit:

Following the Stewart's comment I tried to directly launch the script by running this command env -i /bin/bash --norc --noprofile backup-script.sh and in this case I'm prompted for the ssh key passphrase, so the problem is exactly what Stewart's comments are pointing to.

To work-around the problem with a simple solution (so avoiding to add ssh-agent as service, automatic keys loading, and automatic passphrase entering on boot), I changed the rsync command in my script, replacing the second line (-e ...) with this one: --rsh="/usr/bin/sshpass -p remoteuser_pwd ssh -o StrictHostKeyChecking=no -l remoteuser":

The result is similar: if I launch it directly, it works fine. If I launch it via the service it doesn't work: but this time with no errors, it simply hangs. And if I launch it by env -i /bin/bash --norc --noprofile backup-script.sh it hangs too, in the same way.

Changing the backup.service by adding --login in this way ExecStart=/bin/bash --login /home/localuser/backup-script.sh won't solve the issue.

Improve this question
8
  • Do you always use the username remoteuser and the private key ~/.ssh/id_ed25519 with that host? If so, you can simplify your rsync command by creating a ~/.ssh/config file with a clause associating the username and private key file with that host. Commented Jul 24, 2022 at 20:24
  • Have you verified that systemd is running your script as localuser and not as another user who can't read the private key file? Perhaps add a command to check, such as touch /tmp/backup.service.test.$$ in the script before the rsync command... Commented Jul 24, 2022 at 20:25
  • I would say it is verified, since in the localuser's home a file is created by the same script, and the owner is correctly set to localuser Commented Jul 24, 2022 at 20:44
  • 1
    Just a thought, could there be something ssh related in one of your bash configurations? To test that hypothesis, try running this from your shell /bin/bash --noprofile --norc /home/localuser/backup-script.sh. If you reproduce the problem from your interactive terminal, then we know where to start looking. Commented Jul 26, 2022 at 9:10
  • 1
    If you have something in /etc/profile, ~/.bash_profile, ~/.bash_login, or ~/.profile, then add /bin/bash --login ... to read those. If you have something in /etc/bash.bashrc or ~/.bashrc, then consider moving that to one of the previous files. Commented Jul 26, 2022 at 9:11

1 Answer 1

Reset to default
0

I don't have an answer to fix your specific problem, but you can add verbose output to the ssh command to debug more relating to its use of ssh keys:

rsync -avzh \ -e "ssh -vvv -i /home/localuser/.ssh/id_ed25519" \ /home/localuser/backups/file-to-backup.gz \ [email protected]:/home/remoteuser/backups

The -vvv wil make ssh spew a bunch of output to stdout related to the connection, ssh config and ssh keys. Pipe the output from an interactive run that works to a file and then pipe the output of the service (not working) to a file. Read both files using a difference utility. I recommend vimdiff if you are comfortable with vim. This should at least give you an indication of where something differs and is going wrong.

EDIT: I think rsync defaults to ssh now, and you could put an entry for the remote host in ~/.ssh/config. This should configure any ssh session (including rsync) to use the provided identity/key and other host specific options you'd like.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.