ssh/keychain dilemma



I've been using ssh with a cron job to do backups for quite a while now. But I'm realizing that the way I've been doing it (i.e., having the cron job ssh in using a key without a passphrase) is rather insecure. So I've been looking into ways to make the setup more secure by integrating a passphrase into the mix.

This obviously has led me to the keychain utility, which appears to be the generally recommended way to let cron jobs do unattended ssh. The documentation generally recommendeds to start keychain when you log in, which then lets all subsequent processes on the box access the ssh keys.

My problem is, though, I'm trying to enable this on a file server, which I very rarely interactively log into. So consequently, starting keychain on login won't solve the problem here.

I imagine that it could be possible to start keychain on system boot, but I'm not thrilled with that idea either, as it would interrupt the boot sequence with a password prompt and thus prevent completely unattended booting of the file server.

Anyone have a good solution to this dilemma?

TIA,

DR