> I'm wondering if anyone would know a technique setting up an > ssh-agent via cron or at bootup to allow passphrases to be used. > > We are looking for an automatic process for setting up an > ssh-agent on a non-login account that would securely seed the agent with > a non-null passphrase.
Can I ask why you're using ssh-agent? And what you mean by "securely" in the above sentence? If the key's unencrypted passphrase is on the machine (to hand to ssh-agent), then it seems exactly as secure as having a key with an empty passphrase. So why not use an empty passphrase key in the first place? If the reason for using ssh-agent isn't related to the security of the key, then you should be able to use 'expect' or something similar to launch and load ssh-agent. You want the machine to have some information. That information has to be on the machine (in hardware or data), directly requestable by the machine (network), or given to the machine (keyboard, sent automatically). All of those methods seem to allow someone that has access to the machine to access the information. So unless you have specific threats or threat avenues that you're worried about, none is necessarily more secure than another. -- Darren Dunham [EMAIL PROTECTED] Senior Technical Consultant TAOS http://www.taos.com/ Got some Dr Pepper? San Francisco, CA bay area < This line left intentionally blank to confuse you. > _______________________________________________ Solaris-Users mailing list [email protected] http://www.filibeto.org/mailman/listinfo/solaris-users
