Re: Bug#756172: ITP: ssh-cron -- cron-like job scheduler that handles ssh key passphrases

[Jeroen Dekkers <jeroen@dekkers.ch>]

At Wed, 30 Jul 2014 22:17:43 -0700,
tony mancill wrote:
> I contacted the upstream author (on the cc: - hi Frank), and his concern
> with the passphraseless key trigger mechanism is precisely that you
> don't have a passphrase.  The key is unprotected and subject to
> theft/unauthorized use.  This could potentially occur on the system that
> is (normally) the legitimate source of the trigger.

But ssh-cron will need to have the passphrase to be able to use the
key, so someone who can steal the key from ssh-cron can also steal the
passphrase from ssh-cron. What is the added security benefit of
storing a key and passphrase instead of a passphraseless key?