Ken Irving wrote: > Bob Proulx wrote: > > If you want automated batch mode use of ssh you will need to use ssh > > keys without a passphrase. Because the files are not encrypted and do > > not have a passprase they must be protected with filesystem level > > protection. Any user that can read those files can use it to access > > the remote system. > > There is a safer way to accomplish this sort of thing, using ssh-agent.
While ssh-agent is a wonderful way to manage user keys it does not work for automated processes such as tasks spawned by cron or such as boot time processes or other fully automated processes. The problem is that an ssh-agent needs a human to type on the keyboard to authenticate. But a fully automated process does not have this capability. By my definition if a human is in the process loop then it is not fully automated. > You set up ssh with a passphrase, then arrange ssh-agent to run on the > backup machine. You'll need to logon *once* to that host and run ssh-add to > provide ssh-agent the means to know the key values, which are stored in > memory (in a named pipe) rather than on disk. And then reboot the machine and things will no longer work. You will find that your ssh-agent is no longer authorized. Bob
signature.asc
Description: Digital signature
