Re: ssh
- To: debian-user@lists.debian.org
- Cc: "Roberto C. Sanchez" <roberto@connexer.com>
- Subject: Re: ssh
- From: Vincent Lefevre <vincent@vinc17.org>
- Date: Thu, 1 Mar 2007 14:18:40 +0100
- Message-id: <[🔎] 20070301131840.GE5012@prunille.vinc17.org>
- Mail-followup-to: debian-user@lists.debian.org, "Roberto C. Sanchez" <roberto@connexer.com>
- In-reply-to: <20070228221727.GA17218@santiago.connexer.com>
- References: <865773ce0702271704g5273bf33o87526ac7172e856f@mail.gmail.com> <607765.50007.qm@web58903.mail.re1.yahoo.com> <865773ce0702280358o10506079sa2a539a76b1c495f@mail.gmail.com> <20070228142056.GI8403@santiago.connexer.com> <82796a5e0702280642q67c34cf1i91e515f440277709@mail.gmail.com> <20070228145530.GA9422@santiago.connexer.com> <865773ce0702281329g7a5a632dv939c6e7c2027e097@mail.gmail.com> <20070228221727.GA17218@santiago.connexer.com>
On 2007-02-28 17:17:27 -0500, Roberto C. Sanchez wrote:
> On Wed, Feb 28, 2007 at 05:29:11PM -0400, Guillermo Garron wrote:
> > I use this method, (without passphrase) to be able to run script (with
> > cronjob) from one machine into other, if I put a passphrase that is
> > not going to work, am I right?
For specific scripts, it is probably better to use specific keys with
some restrictions, e.g. by forcing the command name.
> This is not correct. With keychain, you can set it up to hold the ssh
> keys in memory after you log out until the next time you log in. The
> idea is that if an attacker cracks your account and then logs in, the
> keys will be cleared. Of course, this will also happen when you log in
> again and so you will need to enter your passphrase each time you log
> in. But this is the same situation as when you use plain ssh-agent.
With ssh-agent, I can type my passphrase only once (when I use ssh
for the first time after the first login), until I quit all my shell
sessions.
--
Vincent Lefèvre <vincent@vinc17.org> - Web: <http://www.vinc17.org/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/>
Work: CR INRIA - computer arithmetic / Arenaire project (LIP, ENS-Lyon)
Reply to:
- Follow-Ups:
- Re: ssh
- From: "Roberto C. Sanchez" <roberto@connexer.com>