Re: Bug#112020: ITP: keychain -- An OpenSSH key manager
On 12-Sep-01, 19:08 (CDT), Cesar Mendoza <email@example.com> wrote:
> I find the package useful and I'm also aware of the shortcomings of
> ssh-agent, but was your solution to cron job's that do rsync over ssh?
> and I don't think that pass phrase less keys is an option.
Why not? Create a dedicated key for the job, and set the options on the
key to minimize its functionality to only that absolutely needed
for the job (from="myhost.whatever", etc.). That, to my taste, seems a
lot more secure than what keychain does. Admitted, that may be only my
perception, but I doubt that it is an *less* secure.
>What you are doing is building a case against ssh-agent, keychain is
>just a wrapper around it.
Ssh-agent can be used and abused. Keychain seems to encourage abuse. It
adds an extra layer of things to go wrong.