On Thu, Sep 13, 2001 at 06:46:57AM -0500, Steve Greenland wrote: > On 12-Sep-01, 19:08 (CDT), Cesar Mendoza <[EMAIL PROTECTED]> wrote: > > > > I find the package useful and I'm also aware of the shortcomings of > > ssh-agent, but was your solution to cron job's that do rsync over ssh? > > and I don't think that pass phrase less keys is an option. > > Why not? Create a dedicated key for the job, and set the options on the > key to minimize its functionality[1] to only that absolutely needed > for the job (from="myhost.whatever", etc.).
That is the setup I have (a especial key just for the cronjob, but since it is runing under my user name, I like to use ssh-agent to add my other keys, then delete them when the session is over), but I want the key to have passphrase, because the moment I shutdown ssh-agent everything is secure again, with the passphrase-less key you are insecure all the time no matter what until you add a passphrase again. For example if I reboot my machine I know that I'm secure until I start ssh-agent, with the other option you don't. >That, to my taste, seems a > lot more secure than what keychain does. Admitted, that may be only my > perception, but I doubt that it is an *less* secure. > > >What you are doing is building a case against ssh-agent, keychain is > >just a wrapper around it. > > Ssh-agent can be used and abused. Keychain seems to encourage abuse. It > adds an extra layer of things to go wrong. > > Steve Yeah, but those that means that we are going to censor the package just because it can be abused. I just wanted to include it on the distribution because I had an script that did something similar and I though that other people may be looking for something like that. Am I wrong? and we are going to censor packages just because you can shoot yourself on the foot. Do I have to add a disclaimer to the package? I expect that people that don't like it just don't use it. Bye Cesar Mendoza http://WWW.kitiara.org -- "Thank you for the latest release of gradewrecker. My GPA just went in the corner and shot itself." -- USENET posting refering to the latest release of NetHack, author unknown