can't figure out ssh, read lots of docs...
Giorgos Keramidas
keramida at ceid.upatras.gr
Thu Jun 2 17:07:13 GMT 2005
On 2005-06-02 18:01, Lowell Gilbert <freebsd-questions-local at be-well.ilk.org> wrote:
>Giorgos Keramidas <keramida at ceid.upatras.gr> writes:
>>On 2005-06-02 10:38, Lowell Gilbert <freebsd-questions-local at be-well.ilk.org> wrote:
>>> The original poster wanted to do automated backups via scp. This
>>> kind of application *requires* empty passphrases
>>
>> Nope. scp works fine with a pass-phrase too, if one uses ssh-agent
>> properly, regardless of the remote user being root or not.
>
> You're recommending leaving an ssh-agent instance running unattended
> instead of having a passphrase-less key?
Not really. In fact, this was exactly what I said is a "bad idea" in a
previous post.
> That just means you have to protect the agent's socket as carefully as
> you would have to protect the unencrypted key file.
For only as long as the agent process is alive. Which is usually a lot
less than "forever" -- the time for which an unencrypted key which also
exists in authorized_keys works.
> You are right: there *are* ways to give access to the key other than
> empty passphrases. The only real disadvantage of the agent approach
> is that the key becomes inaccessible when the system reboots.
Exactly (or when I issue `pkill ssh-agent').
More information about the freebsd-questions
mailing list