Richard Caley wrote: >In article <[EMAIL PROTECTED]>, Andre >Guimaraes (ag) writes: > >ag> I dont like RSA without passwords caus if your machine gets >ag> compromised, the attacker would have root access to another >ag> machines in your network. > >Wouldn't the `Right' solution be to put a passphrase on the private >key and use ssh-agent to hold the key. > >Then you can type the passphrase (which can be long) once and then >execte a whole batch of ssh commands without worrying about a >password. > >Of course, if your machine really is compromised you're dead anyway, >al you can do is delay them a little. > > > Here's one way to do it:
Store enviro variables to a file: $ ssh-agent | head -2 > ~/agent-info Add keys to the agent and enter passphrase when prompted: $ source ~/agent-info $ ssh-add In a script do: #!/bin/sh set agent =~/agent-info if (-r agent) then source $agent else echo "Can't find or read agent file" exit 1 #Now use SSH to do something... ssh -q -o 'BatchMode yes' user@remotehost your-command
