On Tue, Aug 30, 2005 at 10:30:43PM -0700, Erich Hohman wrote: > > Hey. > > > > I had a question during the ssh talk given a while ago. (2-3 months?) > Something like... "what's the alternative to a password-less ssh key > for automating multi-host maintenance?" It never quite got answered. > The issue is coming up for me again today. :) What do I do? > > > > - Ben > > I missed the ssh talk, so maybe I'm not understanding exactly what you're > trying to do. > That said, what I tend to do for running scrips from one host on other > hosts (via cron or whatever) is create a separate non-root user that only > has privileges to run the nessessary maintenance tasks on the machines > that need to be maintained (sudo is great for this). Then use a > passphrase-less ssh key for that user.
yes, that is what I intend to do and what I have done often in the past. During the discussion someone said that one should *never* make an ssh key pair without a passphrase. I asked the question, how do you deal with running scripts that involve more than one host? we all forgot about it, so it wasn't answered. Sounds like "never" is too strong. it's more like "don't do it if you can help it, and if you must then make sure you're very careful about protecting your private key." or something like that. :) - Ben _______________________________________________ RLUG mailing list [email protected] http://lists.rlug.org/mailman/listinfo/rlug
