[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ssh

On Wed, Feb 28, 2007 at 05:29:11PM -0400, Guillermo Garron wrote:
> I use this method, (without passphrase) to be able to run script (with
> cronjob) from one machine into other, if I put a passphrase that is
> not going to work, am I right?
This is not correct.  With keychain, you can set it up to hold the ssh
keys in memory after you log out until the next time you log in.  The
idea is that if an attacker cracks your account and then logs in, the
keys will be cleared.  Of course, this will also happen when you log in
again and so you will need to enter your passphrase each time you log
in.  But this is the same situation as when you use plain ssh-agent.

> Anyway to get my key, a "hacker" will need access to my PC right? if
> both PCs are secured there should be no chance to get my keys stolen.

I thikn that "no chance" is a bit strong.  You never know what might
happen.  Besides, that's why you want defense in depth.



Roberto C. Sanchez

Attachment: signature.asc
Description: Digital signature

Reply to: