[EMAIL PROTECTED] wrote: > On Fri, May 30, 2008 at 02:02:33PM -0700, markw wrote: >> Don't do it. ssh-agent has nothing to do with cron jobs. If it's >> "passphraseless" then if the box with the private key is hacked, who >> ever gets the private key has full privileges where ever that key is. >> So, create a user for the job, if it has to be root, limit it via the >> authorized_keys file, you can limit the commands run, etc. I use >> passphraseless keys for rsnapshot. > > Yea I guess passphraseless RSA keys don't need ssh-agent. That's right. > Ooops. But passphraseless RSA keys are a nice way to have cron jobs > be able to move date to/from other machine. It would be a good idea to look > into locking down what is possible with these keys on remote machine. >
Nit-picking question. I guess people got used to describing public key operations in terms of RSA (keys and methods, I guess). But for reasons I can't remember, I specify -tdsa when I run ssh-keygen, so I get DSA keys not RSA keys. And the sshd_config term applicable to ssh2 seems to be PubKeyAuthentication, so it looks to me we might be speaking more generically if we said pubkey (publickey, or public key) instead of RSA (or DSA). What say, folks? Regards, ..jim -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
