Re: Bug#112020: ITP: keychain -- An OpenSSH key manager

[Steve Greenland <stevegr@debian.org>]

On 12-Sep-01, 19:08 (CDT), Cesar Mendoza <mendoza@kitiara.org> wrote: 
> 
> I find the package useful and I'm also aware of the shortcomings of
> ssh-agent, but was your solution to cron job's that do rsync over ssh?
> and I don't think that pass phrase less keys is an option. 

Why not? Create a dedicated key for the job, and set the options on the
key to minimize its functionality[1] to only that absolutely needed
for the job (from="myhost.whatever", etc.). That, to my taste, seems a
lot more secure than what keychain does. Admitted, that may be only my
perception, but I doubt that it is an *less* secure.

>What you are doing is building a case against ssh-agent, keychain is
>just a wrapper around it.

Ssh-agent can be used and abused. Keychain seems to encourage abuse. It
adds an extra layer of things to go wrong.

Steve