From owner-freebsd-questions@FreeBSD.ORG Thu Jun 2 14:38:33 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3A59A16A41C for ; Thu, 2 Jun 2005 14:38:33 +0000 (GMT) (envelope-from freebsd-questions-local@be-well.ilk.org) Received: from mail21.sea5.speakeasy.net (mail21.sea5.speakeasy.net [69.17.117.23]) by mx1.FreeBSD.org (Postfix) with ESMTP id F12E443D49 for ; Thu, 2 Jun 2005 14:38:32 +0000 (GMT) (envelope-from freebsd-questions-local@be-well.ilk.org) Received: (qmail 10906 invoked from network); 2 Jun 2005 14:38:32 -0000 Received: from dsl092-078-145.bos1.dsl.speakeasy.net (HELO be-well.ilk.org) ([66.92.78.145]) (envelope-sender ) by mail21.sea5.speakeasy.net (qmail-ldap-1.03) with SMTP for ; 2 Jun 2005 14:38:32 -0000 Received: by be-well.ilk.org (Postfix, from userid 1147) id 52BF930; Thu, 2 Jun 2005 10:38:31 -0400 (EDT) Sender: lowell@be-well.ilk.org To: freebsd-questions@freebsd.org References: <200506011449.45455.FreeBSD@InsightBB.com> <429E0B57.2070701@scls.lib.wi.us> <20050601203839.GH21127@gentoo-npk.bmp.ub> <20050601235056.GA1597@gothmog.gr> From: Lowell Gilbert Date: 02 Jun 2005 10:38:31 -0400 In-Reply-To: <20050601235056.GA1597@gothmog.gr> Message-ID: <44u0kgesd4.fsf@be-well.ilk.org> Lines: 20 User-Agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.3 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Subject: Re: can't figure out ssh, read lots of docs... X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Jun 2005 14:38:33 -0000 Giorgos Keramidas writes: > On 2005-06-01 14:38, Nathan Kinkade wrote: > > The poster is correct in that what you probably what to do is setup > > public-key authentication using ssh, however, I would highly recommend > > that you NOT use a blank passphrase for your private key. ssh-agent, > > a utility that I think comes standard with the openssh package [...] > > My strong agreement about *NOT* using empty passphrases. Indeed, > ssh-agent comes with OpenSSH and it is a _MUCH_ better way of using > SSH keys with non-empty passphrases. The original poster wanted to do automated backups via scp. This kind of application *requires* empty passphrases (and is discussed as such in the manual for sshd's configuration). However, it doesn't necessarily require remote root access. I do something kind of similar, but I have the privileged operations conducted from a local cron job, when then pushes the results out to an unprivileged, tightly constrained account on the other machine. So the actual remote access is not to root, but to an account that is not capable of doing much.