From owner-freebsd-questions Sun Feb 23 10: 0:38 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0C58E37B401 for ; Sun, 23 Feb 2003 10:00:36 -0800 (PST) Received: from smtp.infracaninophile.co.uk (smtp.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5E7CB43FA3 for ; Sun, 23 Feb 2003 10:00:34 -0800 (PST) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost [127.0.0.1]) by smtp.infracaninophile.co.uk (8.12.7/8.12.7) with ESMTP id h1NI0S5U015588 for ; Sun, 23 Feb 2003 18:00:28 GMT (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost) by happy-idiot-talk.infracaninophile.co.uk (8.12.7/8.12.7/Submit) id h1NI0S65015587 for freebsd-questions@freebsd.org; Sun, 23 Feb 2003 18:00:28 GMT Date: Sun, 23 Feb 2003 18:00:28 +0000 From: Matthew Seaman To: freebsd-questions Subject: Re: fbsd backup 2 remote Message-ID: <20030223180028.GA15348@happy-idiot-talk.infracaninophi> Mail-Followup-To: Matthew Seaman , freebsd-questions References: <20030222145404.GA251@pooh.nagual.st> <20030222160437.GA5430@happy-idiot-talk.infracaninophi> <20030222210343.GA18760@nagual.st> <20030222214628.GB7546@happy-idiot-talk.infracaninophi> <20030223172755.GA25279@lothlorien.nagual.st> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030223172755.GA25279@lothlorien.nagual.st> User-Agent: Mutt/1.5.3i X-Spam-Status: No, hits=-3.6 required=5.0 tests=IN_REP_TO,QUOTED_EMAIL_TEXT,REFERENCES,SPAM_PHRASE_01_02, TO_LOCALPART_EQ_REAL,USER_AGENT,USER_AGENT_MUTT version=2.44 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sun, Feb 23, 2003 at 06:27:55PM +0100, dick hoogendijk wrote: > On 22 Feb Matthew Seaman wrote: > > Start up the ssh-agent and load the key into it: > > # eval `ssh-agent` > > # ssh-add /user/.ssh/id_rsa > > When you're done, remember to shut down the ssh-agent: > > # eval `ssh-agent -k` > > Is this kind of a safety measure? Isn't it simpler to activate ssh-agent > on login so I can auto use ssh connections. Why is it better to always > go through this ruleset? If not, where do I activate it on login? In my > (login) .profile or my (shell)rc i.e. .tcsh Just tidying up. ssh-agent tends not to get killed when you log out. Yes, it's typical to start up ssh-agent and ssh-add your key to it when you log in (and then close down ssh-agent on logout) so that it's always available while you're logged in. You can do that through your startup scripts (.login and .logout for tcsh, .bash_login and .bash_logout for bash etc.) Personally, I run it out of my .xsession like so: #!/bin/sh # PATH is set via login.conf ... ##PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin:${HOME}/bin" ; export PATH FTP_PASSIVE_MODE=YES ; export FTP_PASSIVE_MODE eval `ssh-agent -s` /usr/X11R6/bin/xconsole -daemon -notify -verbose -fn fixed \ -exitOnFail -geometry 480x130-0-0 -iconic & [ -f ${HOME}/.Xdefaults ] && /usr/X11R6/bin/xrdb -merge ${HOME}/.Xdefaults /usr/X11R6/bin/xscreensaver -no-splash & /usr/X11R6/bin/wmaker eval `ssh-agent -k` # # That's All Folks! # and then as part of the wmaker startup, I have this in GNUstep/Library/WindowMaker/autostart: xterm -geometry 80x24-91+0 -e ssh-add ${HOME}/.ssh/id_rsa & > Secondly: does a user really need a passphrase? Root? Sure! But a normal > user? I would strongly advise you to always use a passphrase with your ssh(1) keys. Otherwise, anyone that can steal your private key can use it exactly as if they were you. The ssh FAQ says it better than I can: http://www.snailbook.com/faq/no-passphrase.auto.html Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message