Gian G. Spicuzza wrote:
Dear Patrick,
Thank you for your response. The client must meet the following
conditions to successfully login:
1) Proper IP
2) Proper Private Key (null-passphrase so at night, when backups are
initiated, a user does not need to be at console)
3) Appropiate command (scp or rsync)
Is there any other way of setting up keys for passwordless logins that
are more secure than null-passphrases?
Thanks,
Gian
Patrick Morris wrote:
No, it's not. If someone has the private key file, they can log in
with it.
If it's got a passphrase, they need to know that, too.
Even with ssh-agent, someone has to enter the passphrase at some point.
That makes it infinetely more secure than passphraseless keys.
-----Original Message-----
From: Gian G. Spicuzza [mailto:[EMAIL PROTECTED] Sent: Friday, March
10, 2006 8:58 AM
To: [email protected]
Subject: Null-passphrase vs ssh-agent
Hello. I have implemented PKA with a null-passphrase instead of using
ssh-agent. Is this just as secure as using ssh-agent?
Thank you,
Gian G Spicuzza
Not really, not unless you want to have your password in a text file &
redirect form stdin, but that is less secure then passphrase-less keys.
Could automate with an expect script or a perl wrapper but you still
have the password in a text file.
Only other suggestions is to use a restricted shell for the account you
want to cron out & see if you can get by with a non-privileged account
depending on what you need it to do.
hth,
Jesse
