On Wed, Feb 28, 2007 at 05:29:11PM -0400, Guillermo Garron wrote: > > I use this method, (without passphrase) to be able to run script (with > cronjob) from one machine into other, if I put a passphrase that is > not going to work, am I right? > This is not correct. With keychain, you can set it up to hold the ssh keys in memory after you log out until the next time you log in. The idea is that if an attacker cracks your account and then logs in, the keys will be cleared. Of course, this will also happen when you log in again and so you will need to enter your passphrase each time you log in. But this is the same situation as when you use plain ssh-agent. > Anyway to get my key, a "hacker" will need access to my PC right? if > both PCs are secured there should be no chance to get my keys stolen. I thikn that "no chance" is a bit strong. You never know what might happen. Besides, that's why you want defense in depth. Regards, -Roberto -- Roberto C. Sanchez http://people.connexer.com/~roberto http://www.connexer.com
Attachment:
signature.asc
Description: Digital signature