On Mon, Mar 3, 2014 at 8:25 AM, Peter Eckel wrote:
> Hi Les,
>
>> Errr, 'unattended jobs' are the main reason for having computers.
>
> I differentiate here between desktop machines and servers ... regarding
> servers you're definitely right, but though I don't have reliable data I'd
> say from
Hi Les,
> Errr, 'unattended jobs' are the main reason for having computers.
I differentiate here between desktop machines and servers ... regarding servers
you're definitely right, but though I don't have reliable data I'd say from
experience that the vast majority of ssh keys are stored on de
On Mon, Mar 3, 2014 at 3:40 AM, Peter Eckel wrote:
>
>> Why not just use authorized_keys with an empty pass phrase?
>
> because every responsible system admin will immediately kill you when you do
> that? :-)
>
> Except in very specific situations, e.g. unattended jobs that copy data or
> execut
Hi Joseph,
> Why not just use authorized_keys with an empty pass phrase?
because every responsible system admin will immediately kill you when you do
that? :-)
Except in very specific situations, e.g. unattended jobs that copy data or
execute commands over ssh connections, it is very unwise t
On Sun, Mar 2, 2014 at 2:00 PM, Tim Dunphy wrote:
> >
> > By what you have said, it doesn't sound like you're caching things in the
> > keyring. For a day at work, I only ever have to enter my passphrase once
> > (unless I remotely connect to my desktop from another desktop to connect
> to
> > a
>
> But having a script which automatically connects without the 'big ugly
> password' isn't a security risk?
> I don't follow.
Well, ssh-askpass stores your password in a hash and has some security
features built into it. It's not really a simple script. It's job is to
enter your pass phrase for
On 3/2/2014 11:15 AM, Tim Dunphy wrote:
> But for backups I setup bacula to run over TLS.
and what does that use for credentials?
--
john r pierce 37N 122W
somewhere on the middle of the left coast
___
CentOS mail
On Mar 2, 2014, at 11:55 AM, Tim Dunphy wrote:
>
>> On Sun, Mar 2, 2014 at 1:26 PM, Alexander Dalloz wrote:
>>
>> Am 02.03.2014 19:16, schrieb Joseph Spenner:
>>
>>> Why not just use authorized_keys with an empty pass phrase?
>>
>> Because that is discouraged due to security.
>>
>> Alexa
>
> so how do you do things like cron automated rsync transfers? run
> nagios monitoring agent scripts? backup scripts? etc etc etc?
Ok. Now you're making fun. But to answer your questions, we don't rsync in
this environment, the way we should. The whole environment is entirely
under-scripted
On 3/2/2014 10:55 AM, Tim Dunphy wrote:
> Exactly right. I'm using authorized_keys on the remote host. But I have a
> long, complex passphrase on my private RSA key on my workstation. I think
> it's a little foolish to not do that, and in addition it's prohibited by
> company policy to use keypairs
>
> By what you have said, it doesn't sound like you're caching things in the
> keyring. For a day at work, I only ever have to enter my passphrase once
> (unless I remotely connect to my desktop from another desktop to connect to
> a server).
Bingo! That's what I'm after.
I too am using ssh-ag
>
> Why not just use authorized_keys with an empty pass phrase?
Because that is discouraged due to security.
Exactly right. I'm using authorized_keys on the remote host. But I have a
long, complex passphrase on my private RSA key on my workstation. I think
it's a little foolish to not do that,
On Sun, Mar 2, 2014 at 1:26 PM, Alexander Dalloz wrote:
> Am 02.03.2014 19:16, schrieb Joseph Spenner:
>
> > Why not just use authorized_keys with an empty pass phrase?
>
> Because that is discouraged due to security.
>
+1 security, security, security
-- password-less SSH keys aren't a great ide
Am 02.03.2014 19:16, schrieb Joseph Spenner:
> Why not just use authorized_keys with an empty pass phrase?
Because that is discouraged due to security.
Alexander
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
> On Mar 2, 2014, at 9:22 AM, Alexander Dalloz wrote:
>
> Am 02.03.2014 14:57, schrieb Tim Dunphy:
>> Hey all,
>>
>> I have ssh-askpass installed on Centos 5.7 and I'm trying to find a way to
>> log into the host and not have it ask me to enter in my long / complex
>> passphrase every time I s
Am 02.03.2014 14:57, schrieb Tim Dunphy:
> Hey all,
>
> I have ssh-askpass installed on Centos 5.7 and I'm trying to find a way to
> log into the host and not have it ask me to enter in my long / complex
> passphrase every time I ssh into another host.
>
> I've googled for some scripts that you
Hey all,
I have ssh-askpass installed on Centos 5.7 and I'm trying to find a way to
log into the host and not have it ask me to enter in my long / complex
passphrase every time I ssh into another host.
I've googled for some scripts that you can add to your bash configuration
so that you won't ha
17 matches
Mail list logo