On Tue, Aug 30, 2005 at 05:55:50PM -0700, Brian Chrisman wrote: > Ben Johnson wrote: > > >Hey. > > > >I had a question during the ssh talk given a while ago. (2-3 months?) > >Something like... "what's the alternative to a password-less ssh key > >for automating multi-host maintenance?" It never quite got answered. > >The issue is coming up for me again today. :) What do I do? > > > > > > > Do you mean 'passphrase-less'? > You can use the ssh agent stuff to hold yer decrypted ssh keys in > memory, and provide them as necessary for authentication... that way you > only have to put in yer pass phrase once per session (which, I think, > can be defined multiple ways).
word... phrase... one has spaces in it... ;) I'm familiar with ssh-agent. somewhat anyway. I typically login at a virtual terminal, run 'exec ssh-agent bash' then 'exec startx'. this little bit of experience leads me to believe I have a couple problems: - using ssh-agent doesn't free me from having to enter a passphrase, which is problematic as I can't be sure that I'll available when the system reboots. - I'm wanting to run these scripts that do that connecting from cron jobs. I thought ssh-agent can only be used by children of ssh-agent. isn't that right? would I have to run crond as a child of ssh-agent? - is it possible to start an ssh-agent process on a server then let it run unattended and without leaving it attached to some tty? The only problem I have with a passphrase-less ssh key is the chance that someone will crack the machine, get a hold of the key and use it to crack into more machines. The security issue is why I only create them on well protected machines. I think I prefer this problem/risk to what I understand, so far, is the alternative. - Ben _______________________________________________ RLUG mailing list [email protected] http://lists.rlug.org/mailman/listinfo/rlug
