On 07/31/2014 02:59 PM, Jeroen Dekkers wrote: > At Wed, 30 Jul 2014 22:17:43 -0700, > tony mancill wrote: >> I contacted the upstream author (on the cc: - hi Frank), and his concern >> with the passphraseless key trigger mechanism is precisely that you >> don't have a passphrase. The key is unprotected and subject to >> theft/unauthorized use. This could potentially occur on the system that >> is (normally) the legitimate source of the trigger. > > But ssh-cron will need to have the passphrase to be able to use the > key, so someone who can steal the key from ssh-cron can also steal the > passphrase from ssh-cron. What is the added security benefit of > storing a key and passphrase instead of a passphraseless key? ssh-cron uses ssh-agent, as Clint Byrum suggested in his post. If you're curious to learn more, please refer to the upstream page: http://sshcron.sourceforge.net/
Attachment:
signature.asc
Description: OpenPGP digital signature