Apple - ssh-under-cron stops working in OS X 10.7 Lion

For anyone who ends up on this page, I realized I should post the answer:

Using launchd instead of cron does indeed fix the authorization problem. Your user launchd jobs (which run only when you are logged in) correctly use the SSH agent information that was unlocked via your keychain as part of login (as part of standard OS X key management, no other software required).

To minimize my interactions with launchd, I created a single launchd job that calls a bash script. In this way I can simply edit the script without dealing with launchd.

Here's the launchd file:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  <key>Label</key>
  <string>com.mycron.hourly</string>

  <key>ProgramArguments</key>
  <array>
    <string>/Users/john/bin/cron.hourly</string>
  </array>

  <key>Nice</key>
  <integer>1</integer>

  <key>StartInterval</key>
  <integer>3600</integer> <!-- start every X seconds -->

  <key>RunAtLoad</key>
  <true/>
</dict>
</plist>

I saved the file to ~/Library/LaunchAgents/com.mycron.hourly.plist, and then loaded it with:

launchctl load ~/Library/LaunchAgents/com.mycron.hourly.plist

Once loaded, it will run right away and then again every 60 minutes.

If you follow the same procedure, you'll want to change the `ProgramArguments' string with the right path to your script.

Adding the following code to your bash shell script will fix the problem:

declare -x SSH_AUTH_SOCK=$( find /tmp/launch-*/Listeners -user your_user -type s | head -1 )

Replace your_user with your own user name.

This code sets the correct value for SSH_AUTH_SOCK that informs ssh or scp about how to communicate with ssh-agent when the shell script is started out of cron.