Date: 02 Jun 2005 10:38:31 -0400 From: Lowell Gilbert <freebsd-questions-local@be-well.ilk.org> To: freebsd-questions@freebsd.org Subject: Re: can't figure out ssh, read lots of docs... Message-ID: <44u0kgesd4.fsf@be-well.ilk.org> In-Reply-To: <20050601235056.GA1597@gothmog.gr> References: <200506011449.45455.FreeBSD@InsightBB.com> <429E0B57.2070701@scls.lib.wi.us> <20050601203839.GH21127@gentoo-npk.bmp.ub> <20050601235056.GA1597@gothmog.gr>
next in thread | previous in thread | raw e-mail | index | archive | help
Giorgos Keramidas <keramida@ceid.upatras.gr> writes: > On 2005-06-01 14:38, Nathan Kinkade <nkinkade@ub.edu.bz> wrote: > > The poster is correct in that what you probably what to do is setup > > public-key authentication using ssh, however, I would highly recommend > > that you NOT use a blank passphrase for your private key. ssh-agent, > > a utility that I think comes standard with the openssh package [...] > > My strong agreement about *NOT* using empty passphrases. Indeed, > ssh-agent comes with OpenSSH and it is a _MUCH_ better way of using > SSH keys with non-empty passphrases. The original poster wanted to do automated backups via scp. This kind of application *requires* empty passphrases (and is discussed as such in the manual for sshd's configuration). However, it doesn't necessarily require remote root access. I do something kind of similar, but I have the privileged operations conducted from a local cron job, when then pushes the results out to an unprivileged, tightly constrained account on the other machine. So the actual remote access is not to root, but to an account that is not capable of doing much.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44u0kgesd4.fsf>