I am researching ways of setting up an automatic backup of my several local hosts (read computers in ancient UNIX parlance).
My research has not been exhaustive, but it seems that the backup packages that offer backup of one host by another host all involve creating a special ssh password for the purpose that is not encripted and therefore does not need to be decripted for use. Advice varies as to how dangerous this is for security, but there is universal consensus that caution should be exercised. I have discovered an alternative to a passwordless private ssh key in the Debian package repository. (Not a great feat for a normal Debian user, but I am specially challenged.) The package in question is 'sshpass'. It allows one to write a script that feeds a password to the system that needs on. And, of course, the password is hidden somewhere on the using host in ways that can be questioned. I want to hear expressions of opinion as to the relative merits of having a password hidden somewhere vs. simply having no password on the private ssh key. I know there is risk in both and both ways have risks, but has anyone compared to two approaches and then decided to go one way or the other based on something more than a gut feeling? If so, what did you decide, and what were the risk factors that were important to you? If any of you feel that your position on this issue in not an opinion, but a fact that is beyond argument, your response is also welcome. TIA -- Paul E Condon pecon...@mesanetworks.net -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120213173652.ga26...@big.lan.gnu