Re: SSH Passphrase

From: Devdas Bhagat (dvb@users.sourceforge.net)
Date: 03/05/03

  • Next message: David M. Fetter: "Re: SSH Passphrase"
    Date: Thu, 6 Mar 2003 03:58:13 +0530
    From: Devdas Bhagat <dvb@users.sourceforge.net>
    To: Stefan Lesicnik <lists@lsd.za.com>
    
    

    On 05/03/03 23:06 +0200, Stefan Lesicnik wrote:
    > I have accomplished this by generating a dsa key without a passphrase.
    > Although this works I am worried about the security concerns of doing
    > this? (Without a passphrase, how does it authenticate? Based on the
    > machines dsa key which was made from machine specific entropy?)
    The machine keys authenticate hosts. The user keys you generated
    authenticate users (in this case, the user your script runs as).

    > I know of programs such as ssh-agent, but these require you to enter a
    > passphrase at the beginning of the session which it then remembers, this
    > isnt possible as it is non-interactive in my case. Does anyone have any
    > ideas or comments?
    You need to give the passphrase once at boot.

    Devdas Bhagat


  • Next message: David M. Fetter: "Re: SSH Passphrase"

    Relevant Pages

    • RE: SSH Passphrase
      ... > I have accomplished this by generating a dsa key without a passphrase. ... login, then you are going to have to make some security concessions. ...
      (Security-Basics)
    • SSH Passphrase
      ... password as it is done from a non-interactive script. ... I have accomplished this by generating a dsa key without a passphrase. ... machines dsa key which was made from machine specific entropy?) ...
      (Security-Basics)
    • FW: Connecting to host
      ... Subject: Connecting to host ... passwords exchanged -- we were just using the keys to authenticate. ... If you put a passphrase on it, you'll need to enter that passphrase to ...
      (SSH)
    • RE: Connecting to host
      ... passphrase the first time to authenticate it but I've not gotten past ... passwords exchanged -- we were just using the keys to authenticate. ... If you put a passphrase on it, you'll need to enter that passphrase to ...
      (SSH)