Re: ssh

[Vincent Lefevre <vincent@vinc17.org>]

On 2007-02-28 17:17:27 -0500, Roberto C. Sanchez wrote:
> On Wed, Feb 28, 2007 at 05:29:11PM -0400, Guillermo Garron wrote:
> > I use this method, (without passphrase) to be able to run script (with
> > cronjob) from one machine into other, if I put a passphrase that is
> > not going to work, am I right?

For specific scripts, it is probably better to use specific keys with
some restrictions, e.g. by forcing the command name.

> This is not correct.  With keychain, you can set it up to hold the ssh
> keys in memory after you log out until the next time you log in.  The
> idea is that if an attacker cracks your account and then logs in, the
> keys will be cleared.  Of course, this will also happen when you log in
> again and so you will need to enter your passphrase each time you log
> in.  But this is the same situation as when you use plain ssh-agent.

With ssh-agent, I can type my passphrase only once (when I use ssh
for the first time after the first login), until I quit all my shell
sessions.

-- 
Vincent Lefèvre <vincent@vinc17.org> - Web: <http://www.vinc17.org/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/>
Work: CR INRIA - computer arithmetic / Arenaire project (LIP, ENS-Lyon)