Date: Thu, 2 Jun 2005 20:07:09 +0300 From: Giorgos Keramidas <keramida@ceid.upatras.gr> To: freebsd-questions@freebsd.org Subject: Re: can't figure out ssh, read lots of docs... Message-ID: <20050602170709.GA3507@orion.daedalusnetworks.priv> In-Reply-To: <000101c56794$ab00e330$144da8c0@rtxnetworks.local> References: <20050602161621.GB2778@orion.daedalusnetworks.priv> <000101c56794$ab00e330$144da8c0@rtxnetworks.local>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2005-06-02 18:01, Lowell Gilbert <freebsd-questions-local@be-well.ilk.org> wrote: >Giorgos Keramidas <keramida@ceid.upatras.gr> writes: >>On 2005-06-02 10:38, Lowell Gilbert <freebsd-questions-local@be-well.ilk.org> wrote: >>> The original poster wanted to do automated backups via scp. This >>> kind of application *requires* empty passphrases >> >> Nope. scp works fine with a pass-phrase too, if one uses ssh-agent >> properly, regardless of the remote user being root or not. > > You're recommending leaving an ssh-agent instance running unattended > instead of having a passphrase-less key? Not really. In fact, this was exactly what I said is a "bad idea" in a previous post. > That just means you have to protect the agent's socket as carefully as > you would have to protect the unencrypted key file. For only as long as the agent process is alive. Which is usually a lot less than "forever" -- the time for which an unencrypted key which also exists in authorized_keys works. > You are right: there *are* ways to give access to the key other than > empty passphrases. The only real disadvantage of the agent approach > is that the key becomes inaccessible when the system reboots. Exactly (or when I issue `pkill ssh-agent').
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050602170709.GA3507>