Re: Problems with scp and cron

From: Darren Dunham (ddunham_at_redwood.taos.com)
Date: 10/21/04 

Date: Thu, 21 Oct 2004 15:28:19 GMT

Nico Kadel-Garcia <nkadel@comcast.net> wrote:
>> yes, I had to do it without a passphrase to get an automated
>> every-neight backup of recent files.

> No, you don't. You can store the ssh-agent settings in a text file that gets
> sourced by your program, something like this.

> set | grep SSH > ssh-agentfile.txt
> source ssh-agentfile.txt

Surely that depends on having the settings actually there. I often use
passphraseless keys for automated jobs on machines. They must run even
if the machine has rebooted and I haven't logged into the box to type a
passphrase.

> I urge you to use ssh-agent instead. This approach isn't perfect, but at
> least you don't have to leave an unencrypted lying out there in plain text
> where it's even easier to be stolen. It's also a common way to do ssh-agent
> key management for servers where lots of people need access to core system
> key files: you log in as yourself to the server account, which is tracked in
> the logs, and automatically get the SSH keyfiles added at login-time this
> way without unencrypted key files being left on the server in
> question.

Interesting. I've never heard of that technique before. To accomplish
this, do you have to make changes to the agent socket so that others can
read it? 

-- 
Darren Dunham                                           ddunham@taos.com
Senior Technical Consultant         TAOS            http://www.taos.com/
Got some Dr Pepper?                           San Francisco, CA bay area
         < This line left intentionally blank to confuse you. >

Relevant Pages

  • Re: Problems with scp and cron
    ... I had to do it without a passphrase to get an automated ... I urge you to use ssh-agent instead. ... way without unencrypted key files being left on the server in question. ...
    (comp.security.ssh)
  • Re: getting rid of apache passphrase
    ... > just want to ask if getting rid of the apache passphrase poses a ... Depends on how good your control of access to the server is. ... went out, to get things back up, so I got rid of the passphrase. ... But, if you have a lot of people running around, even if ignorant, ...
    (freebsd-questions)
  • Re: apache
    ... > i have a webserver that needs to run apache with SSL (httpd -SSL, ... > somebody doesn't enter the passphrase by hand... ... > server every time by entering the passphrase by hand is not what i am ... The solution that i opted for was to create a server on a secure network ...
    (FreeBSD-Security)
  • Re: Public key auth problems
    ... > other server, I somewhat disregarded it. ... It first tries to read the key with no passphrase, ... > found that if I do public key and provide the correct passphrase, ... I'm not sure why you think it's weird -- the client needs your passphrase ...
    (comp.security.ssh)
  • Re: PubkeyAuthentication
    ... > I'd like to login from my client to a server without using a password. ... > when I use 'ssh server' it asks me for my passphrase; ... If you've used a passphrase on your key, ...
    (comp.security.ssh)