On Fri, May 30, 2008 at 02:02:33PM -0700, markw wrote: > Don't do it. ssh-agent has nothing to do with cron jobs. If it's > "passphraseless" then if the box with the private key is hacked, who > ever gets the private key has full privileges where ever that key is. > So, create a user for the job, if it has to be root, limit it via the > authorized_keys file, you can limit the commands run, etc. I use > passphraseless keys for rsnapshot.
Yea I guess passphraseless RSA keys don't need ssh-agent. That's right. Ooops. But passphraseless RSA keys are a nice way to have cron jobs be able to move date to/from other machine. It would be a good idea to look into locking down what is possible with these keys on remote machine. Chris -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
