Question about ssh passwords and backup software
I am researching ways of setting up an automatic backup of
my several local hosts (read computers in ancient UNIX parlance).
My research has not been exhaustive, but it seems that the backup
packages that offer backup of one host by another host all involve
creating a special ssh password for the purpose that is not encripted
and therefore does not need to be decripted for use. Advice varies as
to how dangerous this is for security, but there is universal
consensus that caution should be exercised.
I have discovered an alternative to a passwordless private ssh key in
the Debian package repository. (Not a great feat for a normal Debian
user, but I am specially challenged.) The package in question is
'sshpass'. It allows one to write a script that feeds a password to
the system that needs on. And, of course, the password is hidden
somewhere on the using host in ways that can be questioned.
I want to hear expressions of opinion as to the relative merits of
having a password hidden somewhere vs. simply having no password on
the private ssh key. I know there is risk in both and both ways have
risks, but has anyone compared to two approaches and then decided to
go one way or the other based on something more than a gut feeling? If
so, what did you decide, and what were the risk factors that were
important to you?
If any of you feel that your position on this issue in not an opinion,
but a fact that is beyond argument, your response is also welcome.
Paul E Condon