Date: 02 Jun 2005 12:45:57 -0400 From: Lowell Gilbert <freebsd-questions-local@be-well.ilk.org> To: freebsd-questions@freebsd.org Cc: Giorgos Keramidas <keramida@ceid.upatras.gr>, "writes:"@be-well.ilk.org Subject: Re: can't figure out ssh, read lots of docs... Message-ID: <44mzq8lnay.fsf@be-well.ilk.org> In-Reply-To: <20050602161621.GB2778@orion.daedalusnetworks.priv> References: <200506011449.45455.FreeBSD@InsightBB.com> <429E0B57.2070701@scls.lib.wi.us> <20050601203839.GH21127@gentoo-npk.bmp.ub> <20050601235056.GA1597@gothmog.gr> <44u0kgesd4.fsf@be-well.ilk.org> <20050602161621.GB2778@orion.daedalusnetworks.priv>
next in thread | previous in thread | raw e-mail | index | archive | help
Giorgos Keramidas <keramida@ceid.upatras.gr> writes: > On 2005-06-02 10:38, Lowell Gilbert <freebsd-questions-local@be-well.ilk.org> wrote: > > The original poster wanted to do automated backups via scp. This kind > > of application *requires* empty passphrases > > Nope. scp works fine with a pass-phrase too, if one uses ssh-agent > properly, regardless of the remote user being root or not. You're recommending leaving an ssh-agent instance running unattended instead of having a passphrase-less key? That just means you have to protect the agent's socket as carefully as you would have to protect the unencrypted key file. I guess what I should have said was that such an application requires an unencrypted key sitting around. You are right: there *are* ways to give access to the key other than empty passphrases. The only real disadvantage of the agent approach is that the key becomes inaccessible when the system reboots.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44mzq8lnay.fsf>