Apparently, on Tue, Aug 30, 2005 at 11:32:28PM -0700, Ben Johnson wrote: > > yes, that is what I intend to do and what I have done often in the past. > During the discussion someone said that one should *never* make an ssh > key pair without a passphrase. I asked the question, how do you deal > with running scripts that involve more than one host? we all forgot > about it, so it wasn't answered. Sounds like "never" is too strong. > it's more like "don't do it if you can help it, and if you must then > make sure you're very careful about protecting your private key." or > something like that. :) > If you have to have a password-less private key, another thing you can do add a little bit of protection to the remote machines the key can connect to is to limit the commands that can be run by connections using the key. See the AUTHORIZED_KEYS FILE FORMAT section of 'man sshd' for info and some examples.
_______________________________________________ RLUG mailing list [email protected] http://lists.rlug.org/mailman/listinfo/rlug
