The ssh-agent does indeed request the passphrase at the beginning of the session, but nothing prevents you from setting up a session at any given time, and a session can last from boot till shutdown without having to re-enter the passphrase. If you start ssh-agent without a command line you'll get a number of variables printed. If you set these in any script that requires ssh-authentication, it'll know to authenticate to that instance of the agent. See man ssh, man ssh-agent and man ssh-add for more details on this.
Stefan Lesicnik wrote:
Hi,
Im fairly new to private and public key encryption, so dont quite understand all the concepts.
I have the need to scp a file to a remote server without specifying the password as it is done from a non-interactive script.
I have accomplished this by generating a dsa key without a passphrase. Although this works I am worried about the security concerns of doing this? (Without a passphrase, how does it authenticate? Based on the machines dsa key which was made from machine specific entropy?)
I know of programs such as ssh-agent, but these require you to enter a passphrase at the beginning of the session which it then remembers, this isnt possible as it is non-interactive in my case. Does anyone have any ideas or comments?
TIA Stefan Lesicnik
-- Public GPG key at blackhole.pca.dfn.de .
pgp00000.pgp
Description: PGP signature