[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Send a remote command?

Osamu Aoki said:

> man ssh
> man ssh-agent
> I never used but debian web server mirrorsuses this to push content.

this is a good method, another is to create passphrase-less RSA(ssh1)
or DSA(ssh2) keys. that way SSH (either native or using rsync with
ssh) does not prompt for a password. ssh-agent still requires  you
to input the password once, I haven't looked into it much yet but
from what I've heard the password is only stored for that one session,
if you logout, the passphrase is erased which makes it difficult for
automated tasks(especially accross reboots and such).

I have used SSH w/RSA passphrase-less authentication extensively both
with ssh, with scp, and with rsync-over-ssh and it works wonderfully.

I would only do this on trusted systems however. One slipup can reveal
your key to an intruder then they have easy access to all the other
servers. One thing I usually do on systems like this is restrict logins
to RSA(or DSA) only, so that it is very difficult(if not impossible) to
login to the system if you don't have a key(even if you have the
passwords it won't help).

Protecting the key is very important though. I use SSH RSA authentication
for things like propogating antivirus updates, doing backups(using
rsync), distributing updates to big brother clients, automated copying
of files around for other reasons. Its great.

only thing I wish SSH could do(but I've never gotten to work) is to
copy a file between hosts like

scp host:/path/to/file  host2:/path/to/newfile

I usually make my ~/.ssh directorys chmod 500, and my
~/.ssh/authorized_keys files chmod 400.

ssh always errors out though for me :(


Reply to: