[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#756172: ITP: ssh-cron -- cron-like job scheduler that handles ssh key passphrases

On 07/31/2014 02:59 PM, Jeroen Dekkers wrote:
> At Wed, 30 Jul 2014 22:17:43 -0700,
> tony mancill wrote:
>> I contacted the upstream author (on the cc: - hi Frank), and his concern
>> with the passphraseless key trigger mechanism is precisely that you
>> don't have a passphrase.  The key is unprotected and subject to
>> theft/unauthorized use.  This could potentially occur on the system that
>> is (normally) the legitimate source of the trigger.
> But ssh-cron will need to have the passphrase to be able to use the
> key, so someone who can steal the key from ssh-cron can also steal the
> passphrase from ssh-cron. What is the added security benefit of
> storing a key and passphrase instead of a passphraseless key?

ssh-cron uses ssh-agent, as Clint Byrum suggested in his post.

If you're curious to learn more, please refer to the upstream page:

Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: