.TH "ssh\-cron" "1" "2014\-2022" "ssh\-cron_1\&.04\&.01" "ssh\-cron \- ssh\-aware cron\-like daemon"

.PP 
.SH "NAME"
ssh\-cron \- cron\-like daemon able to use ssh\-connections
.PP 
.SH "SYNOPSIS"
\fBssh\-cron\fP [OPTIONS] \fI[crontab\-file]\fP 
.br 
[OPTIONS] \- cf\&. section \fBOPTIONS\fP
.br 
[crontab\-file] \- file containing jobs to run\&.
.br 

.PP 
.SH "DESCRIPTION"

.PP 
Consider the situation where a computer every now and then must access a
remote computer to do some useful things at that remote computer (like running
a \fBstealth\fP(1) file integrity scan)\&. In order to do so the computer must be
allowed to make \fBssh\fP(1) connections to the remote computer\&. But since the
commands are not executed by the user but by \fBcron\fP(1), the ssh\-keys which
are required to access the remote computer cannot use passphrases\&.
.PP 
This is an undesirable situation: if the computer running the \fIssh\fP commands
gets compromised, then the remote computers are compromised as well, since the
attacker may access these remote systems using ssh keys not requiring pass
phrases\&.
.PP 
\fBSsh\-Cron\fP offers a way out of this undesirable situation, while still allowing
commands to be executed on remote computers\&. Here\(cq\&s how this is realized:
.PP 
.IP o 
Normally, \fBssh\-cron\fP runs as a daemon program\&. When \fBssh\-cron\fP starts it first
reads and parses a crontab\-like specification file\&. Following this,
\fBssh\-cron\fP spawns a child process, and terminates\&.
.IP 
.IP o 
\fBSsh\-Cron\fP\(cq\&s daemon process itself spawns an \fBssh\-agent\fP(1) child
process, executing all scheduled commands\&.
.IP 
.IP o 
In addition, \fBssh\-cron\fP\(cq\&s daemon defines communication channels between
itself and its \fBssh\-agent\fP(1) child process;
.IP 
.IP o 
\fBSsh\-Cron\fP\(cq\&s daemon sends the command \fBssh\-add\fP(1) to its child process as
its first command to execute, and using normal user\-interaction means
(e\&.g\&., using \fBssh\-askpass\fP(1)) \fIssh\-agent\fP is provided with the
required passphrase(s) for the ssh key(s)\&.
.IP 
.IP o 
\fBSsh\-Cron\fP\(cq\&s daemon now monitors the time, firing off scheduled commands at
their required moments in time\&. If these commands require access to
remote computers, then this access is granted, as \fIssh\-agent\fP is able
to provide the passphrase(s)\&.
.IP 
.IP o 
If an \fBssh\-cron\fP daemon process is already running, then the \fI\-\-reload\fP
option (see below), can be used to load the \fBssh\-cron\fP daemon with the
commands and environment variable settings from another
\fIcrontab\-file\fP, replacing the currently stored commands and
environment settings by the ones provided in the reloaded file\&.

.PP 
When shell control characters (like redirection symbols) must be used in
command specifications, they should be escaped\&. E\&.g\&., as in \fIecho hello
world \e> /dev/null\fP\&.
.PP 
Users sharing a computer each define their own \fBssh\-cron\fP specification file\&. When a
user logs out and leaves the
system the daemon process continues to run, executing its scheduled commands
at their scheduled times, using ssh\-keys whenever required\&.
.PP 
If the accounts for which \fBssh\-cron\fP jobs are running are ever compromised,
the remote computers remain safe, as the passphrases of the available 
ssh\-keys remain unavailable\&.
.PP 
To prevent unauthorized modifications of the commands scheduled by the \fBssh\-cron\fP
daemon themselves a passphrase is required when starting \fBssh\-cron\fP\(cq\&s daemon
process\&. The passphrase itself is not stored by the daemon (instead, it
stores a \fBsha256\fP(1) hash value), which avoids access to the \fBssh\-cron\fP daemon\(cq\&s
passphrase by browsing the computer\(cq\&s memory\&. The passphrase must be at least
10 characters long and must be provided when reloading \fBssh\-cron\fP
daemon\(cq\&s scheduled commands\&. The scheduled commands may be listed,
however\&. This is allowed without providing a passphrase since the file
containing the scheduled commands will usually also be available on the
computer\&. Likewise, since a user may always terminate his/her own programs an
\fBssh\-cron\fP daemon process can be terminated from another \fBssh\-cron\fP program using the
\fI\-\-terminate\fP command line option\&.
.PP 
The above mentioned facilities are not supported by \fBcrontab\fP(1) itself\&.
\fBCron\fP(1), which is responsible for executing scheduled crontab commands,
has no access to the passphrases of ssh\-keys (which are otherwise provided
\fIssh\-agent\fP)\&.
.PP 
.SH "RETURN VALUE"

.PP 
\fBSsh\-Cron\fP returns 0 if the daemon was successfully started\&. Otherwise 1 is
returned\&. 
.PP 
.SH "OPTIONS"

.PP 
Where available, single letter options are listed between parentheses
following their associated long\-option variants\&. Single letter options require
arguments if their associated long options also require arguments\&.
.PP 
Several options have default values\&. Run \fIssh\-cron \-\-help\fP for an overview
of the implemented default option values\&. Also, several options can be
specified in a configuration file (where this doesn\(cq\&t hold true, it is
explicitly mentioned at the relevant options)\&.
.PP 
The configuration file (not to be confused with the file containing the
scheduled commands, which is provided as \fBssh\-cron\fP command\-line file argument)
ignores empty lines and all information on lines starting at a hash\-mark
(\fI#\fP, optionally preceded by blanks and/or tabs)\&. The configuration file is
used to specify \fBssh\-cron\fP\(cq\&s options using their long variants\&. However, in the
configuration file the initial hyphens of command\-line options must be
omitted, and optionally a colon may be appended to these long options
names\&. Note that multi\-word option arguments should not be surrounded by
quotes\&. Examples:
.nf 

    stdout
    syslog\-facility: LOCAL0
    mailer: /usr/bin/mail \-s \(dq\&some subject\(dq\& me@myhost\&.warpnet\&.nl
            
.fi 
Command\-line options always override configuration file options\&.
.PP 
.IP o 
\fB\-\-agent\fP=\fIagent\fP
.br 
absolute path to the agent program (plus its argument(s)) providing the
ssh\-keys\&. 
.IP 
By default \fI/usr/bin/ssh\-agent /bin/bash\fP is used\&.
.IP 
.IP o 
\fB\-\-config\fP=\fIpath\fP (\fB\-c\fP)
.br 
config file containing long option specifications\&.
.IP 
By default \fI~/\&.ssh\-cron\fP is used\&.
.IP 
This option cannot be specified in the configuration file\&.
.IP 
.IP o 
\fB\-\-forced\fP (\fB\-f\fP)
.br 
When restarting \fBssh\-cron\fP and an existing (leftover) ipc\-file file
exists, then the user is interactively given the opportunity to remove
the existing ipc\-file during daemon\-startup\&.
.IP 
.IP o 
\fB\-\-help\fP (\fB\-h\fP)
.br 
basic usage information is written to the standard output
stream (only interpreted in combination with \fI\-\-no\-daemon\fP)\&.
.IP 
This option cannot be specified in the configuration file\&.
.IP 
.IP o 
\fB\-\-ipc\-file\fP=\fIpath\fP (\fB\-p\fP)
.br 
when \fBssh\-cron\fP runs as a daemon, then \fIpath\fP specifies the path of the file
holding the daemon\(cq\&s shared memory ID and process ID\&. The ipc file
must be available if \fBssh\-cron\fP is connecting to or starting a daemon process
(the former situation occurs with the options \fI\-\-list, \-\-reload\fP,
and \fI\-\-terminate\fP)\&. If \fBssh\-cron\fP detects an existing \fIipc\-file\fP at
daemon startup and the option \fI\-\-forced\fP was not specified, then the
user is interactively given the opportunity to remove the existing
file\&. If the existing ipc\-file can or should not be removed, then the
daemon is not started\&. To end a daemon process use \fIssh\-cron
\-\-terminate\fP, or send a SIGINT (\fIctrl\-C\fP) or SIGTERM signal to the
process\-id found as the second value in the \fIipc\-file\fP\&.
.IP 
By default \fI~/\&.ssh\-cron\&.ipc\fP is used\&.
.IP 
.IP o 
\fB\-\-list\fP (\fB\-l\fP)
.br 
list the currently defined environment settings and cron\-commands (the
\fIcrontab\-file\fP argument must be omitted)\&. This option is
incompatible with (\-\-no\-daemon, \-\-reload,) and \fI\-\-terminate\fP\&.
.IP 
This option cannot be specified in the configuration file\&.
.IP 
.IP o 
\fB\-\-log\fP=\fIpath\fP (\fB\-L\fP)
.br 
log messages are appended to \fIpath\fP\&. If \fIpath\fP does not exist, it
is created first\&.
.IP 
.IP o 
\fB\-\-mailer\fP=\fIcommand\fP (\fB\-m\fP)
.br 
information written to the standard output or standard error streams of
the commands executed by \fBssh\-cron\fP is sent by e\-mail to the current
user\&. Use \fI\-\-mailer\fP to redefine (or to suppress sending e\-mail by
specifying an empty mailer command (i\&.e\&., \fI\-\-mailer \(dq\&\(dq\&\fP))\&.
.IP 
By default \fI/usr/bin/mail \-s \e\(dq\&Ssh\-cron $*\e\(dq\& $USER@localhost\fP is
used, with \fI$*\fP replaced by the exected command as specified in the
\fIcrontab\fP file argument\&.
.IP 
.IP o 
\fB\-\-no\-daemon\fP 
.br 
\fBssh\-cron\fP is not run as a daemon\&. To properly end \fBssh\-cron\fP if not running as a
daemon, press the `Enter\(cq\& key, enter \fIctrl\-C\fP or send \fBssh\-cron\fP a
\fISIGTERM\fP signal\&. This option is incompatible with ( \-\-list,
\-\-reload,) and \fI\-\-terminate\fP\&.
.IP 
This option cannot be specified in the configuration file\&.
.IP 
.IP o 
\fB\-\-reload\fP (\fB\-r\fP)
.br 
reload the \fBssh\-cron\fP daemon with de cron\-commands defined in the
\fIcrontab\-file\fP argument (which must be provided)\&. This option is
incompatible with (\-\-list, \-\-no\-daemon,) and \fI\-\-terminate\fP\&.
.IP 
This option cannot be specified in the configuration file\&.
.IP 
.IP o 
\fB\-\-stdout\fP (\fB\-s\fP)
.br 
in addition to using a log file and syslog messages send all messages
to the standard output\&. This option is not available if \fBssh\-cron\fP runs as a
daemon process\&.
.IP 
This option cannot be specified in the configuration file\&.
.IP 
.IP o 
\fB\-\-syslog\fP
.br 
messages are sent to the syslog daemon when this option is specified\&.
By default syslog messages are written to the \fIDAEMON\fP facility with
priority \fINOTICE\fP\&.
.IP 
.IP o 
\fB\-\-syslog\-facility\fP=\fIfacility\fP
.br 
the facility that is used to write the syslog messages to\&. By default
this is \fIDAEMON\fP\&. For an overview of facilities and their meanings,
see, e\&.g\&., \fBsyslog\fP(3)\&. With \fBssh\-cron\fP the facilities \fIDAEMON,
LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7\fP, and
\fIUSER\fP can be used\&.
.IP 
By default facility \fIDAEMON\fP is used\&.
.IP 
.IP o 
\fB\-\-syslog\-priority\fP=\fIpriority\fP
.br 
the priority that is used to write the syslog messages to\&. By default
this is \fINOTICE\fP\&. For an overview of priorities and their meanings,
see, e\&.g\&., \fBsyslog\fP(3)\&. With \fBssh\-cron\fP all defined priorities can
be used\&. E\&.g\&., \fI EMERG, ALERT, CRIT, ERR, WARNING, NOTICE, INFO\fP and
\fIDEBUG\fP\&.
.IP 
By default priority \fINOTICE\fP is used\&.
.IP 
.IP o 
\fB\-\-syslog\-tag\fP=\fItag\fP
.br 
syslog messages can be provided with a \fItag\fP, which can be used to
filter them from the log\-files\&. See also section \fIRSYSLOG
FILTERING\fP below\&.
.IP 
By default the tag \fISSH\-CRON\fP is used\&.  
.IP 
.IP o 
\fB\-\-terminate\fP (\fB\-t\fP)
.br 
terminate a running \fBssh\-cron\fP daemon program, using the daemon\(cq\&s process ID
found in the ipc\-file\(cq\&s second value\&. The \fIcrontab\-file\fP argument
must be omitted\&. This option is incompatible tt with (\-\-list,
\-\-nodaemon,) and \fI\-\-reload\fP
\&.
This option cannot be specified in the configuration file\&.
.IP 
.IP o 
\fB\-\-verbose\fP
.br 
additional messages about \fBssh\-cron\fP\(cq\&s mode of operation are sent to
\fBssh\-cron\fP\(cq\&s log facilities (specified by \fI\-\-log, \-\-syslog,\fP and/or
\fI\-\-stdout\fP)\&. 
.IP 
.IP o 
\fB\-\-version\fP (\fB\-v\fP)
.br 
\fBssh\-cron\fP\(cq\&s version number is written to the standard output stream\&.
.IP 
This option cannot be specified in the configuration file\&.
.IP 
.SH "RSYSLOG FILTERING"

.PP 
When using \fBrsyslogd\fP(1) property based filters may be used to filter
syslog messages and write them to a file of your choice\&. E\&.g\&., to filter
messages starting with the syslog message tag (e\&.g\&., \fISSH\-CRON\fP) use
.nf 

:syslogtag, isequal, \(dq\&SSH\-CRON:\(dq\&   /var/log/ssh\-cron\&.log
:syslogtag, isequal, \(dq\&SSH\-CRON:\(dq\&   stop
        
.fi 
Note that the colon is part of the tag, but is not specified with the 
\fIsyslog\-tag\fP option\&.
.PP 
This causes all messages having the \fISSH\-CRON:\fP tag to be written on
\fI/var/log/ssh\-cron\&.log\fP after which they are discarded\&. More extensive
filtering is also supported, see, e\&.g\&.,
\fIhttp://www\&.rsyslog\&.com/doc/rsyslog_conf_filter\&.html\fP and
\fIhttp://www\&.rsyslog\&.com/doc/property_replacer\&.html\fP
.PP 
.SH "SEE ALSO"

.PP 
\fBcron\fP(1), \fBcrontab\fP(1), \fBcrontab\fP(5), , \fBrsyslogd\fP(1), \fBssh\fP(1), 
\fBssh\-add\fP(1), \fBssh\-agent\fP(1), \fBssh\-askpass\fP(1), \fBstealth\fP(1), 
\fBsyslog\fP(3)
.PP 
.SH "BUGS"
None reported\&.
.PP 
.SH "COPYRIGHT"
This is free software, distributed under the terms of the `GNU General
Public License\(cq\&\&. Copyright remains with the author\&. \fBssh\-cron\fP is available at
\fIhttps://fbb\-git\&.gitlab\&.io/ssh\-cron/\fP\&.
.PP 
.SH "ORGANIZATION"
Center for Information Technology, University of Groningen\&.
.PP 
.SH "AUTHOR"
Frank B\&. Brokken (\fBf\&.b\&.brokken@rug\&.nl\fP)\&.
.PP