Paul E Condon:
>
> I have discovered an alternative to a passwordless private ssh key in
> the Debian package repository. (Not a great feat for a normal Debian
> user, but I am specially challenged.) The package in question is
> 'sshpass'. It allows one to write a script that feeds a password to
> the system that needs on. And, of course, the password is hidden
> somewhere on the using host in ways that can be questioned.
I didn't look at sshpass, but it has to store the password somewhere.
In the end, you need to ensure that file system permissions don't
accidentally allow untrusted users to read that file, just like with
private key files. OpenSSH tries very hard to protect both passwords and
key files. Whatever sshpass exactly does, I doubt it is as good and
tested as thoroughly as OpenSSH is. Additionally, restricting a key to
call only a certain set of commands can only be done using key files.
J.
--
I use a Playstation to block out the existence of my partner.
[Agree] [Disagree]
<http://www.slowlydownward.com/NODATA/data_enter2.html>
Attachment:
signature.asc
Description: Digital signature