Re: Question about ssh passwords and backup software
On 02/13/2012 06:36 PM, Paul E Condon wrote:
> I am researching ways of setting up an automatic backup of
> my several local hosts (read computers in ancient UNIX parlance).
> My research has not been exhaustive, but it seems that the backup
> packages that offer backup of one host by another host all involve
> creating a special ssh password for the purpose that is not encripted
> and therefore does not need to be decripted for use. Advice varies as
> to how dangerous this is for security, but there is universal
> consensus that caution should be exercised.
> I have discovered an alternative to a passwordless private ssh key in
> the Debian package repository. (Not a great feat for a normal Debian
> user, but I am specially challenged.) The package in question is
> 'sshpass'. It allows one to write a script that feeds a password to
> the system that needs on. And, of course, the password is hidden
> somewhere on the using host in ways that can be questioned.
> I want to hear expressions of opinion as to the relative merits of
> having a password hidden somewhere vs. simply having no password on
> the private ssh key. I know there is risk in both and both ways have
> risks, but has anyone compared to two approaches and then decided to
> go one way or the other based on something more than a gut feeling? If
> so, what did you decide, and what were the risk factors that were
> important to you?
> If any of you feel that your position on this issue in not an opinion,
> but a fact that is beyond argument, your response is also welcome.
I would simply use a passwordless ssh-key with a wrapper on the remote
side which allows to run only the backup command .
something like that :
Best regards ,