Date: Sun, 23 Feb 2003 18:00:28 +0000 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: fbsd backup 2 remote Message-ID: <20030223180028.GA15348@happy-idiot-talk.infracaninophi> In-Reply-To: <20030223172755.GA25279@lothlorien.nagual.st> References: <20030222145404.GA251@pooh.nagual.st> <20030222160437.GA5430@happy-idiot-talk.infracaninophi> <20030222210343.GA18760@nagual.st> <20030222214628.GB7546@happy-idiot-talk.infracaninophi> <20030223172755.GA25279@lothlorien.nagual.st>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Feb 23, 2003 at 06:27:55PM +0100, dick hoogendijk wrote: > On 22 Feb Matthew Seaman wrote: > > Start up the ssh-agent and load the key into it: > > # eval `ssh-agent` > > # ssh-add /user/.ssh/id_rsa > > When you're done, remember to shut down the ssh-agent: > > # eval `ssh-agent -k` > > Is this kind of a safety measure? Isn't it simpler to activate ssh-agent > on login so I can auto use ssh connections. Why is it better to always > go through this ruleset? If not, where do I activate it on login? In my > (login) .profile or my (shell)rc i.e. .tcsh Just tidying up. ssh-agent tends not to get killed when you log out. Yes, it's typical to start up ssh-agent and ssh-add your key to it when you log in (and then close down ssh-agent on logout) so that it's always available while you're logged in. You can do that through your startup scripts (.login and .logout for tcsh, .bash_login and .bash_logout for bash etc.) Personally, I run it out of my .xsession like so: #!/bin/sh # PATH is set via login.conf ... ##PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin:${HOME}/bin" ; export PATH FTP_PASSIVE_MODE=YES ; export FTP_PASSIVE_MODE eval `ssh-agent -s` /usr/X11R6/bin/xconsole -daemon -notify -verbose -fn fixed \ -exitOnFail -geometry 480x130-0-0 -iconic & [ -f ${HOME}/.Xdefaults ] && /usr/X11R6/bin/xrdb -merge ${HOME}/.Xdefaults /usr/X11R6/bin/xscreensaver -no-splash & /usr/X11R6/bin/wmaker eval `ssh-agent -k` # # That's All Folks! # and then as part of the wmaker startup, I have this in GNUstep/Library/WindowMaker/autostart: xterm -geometry 80x24-91+0 -e ssh-add ${HOME}/.ssh/id_rsa & > Secondly: does a user really need a passphrase? Root? Sure! But a normal > user? I would strongly advise you to always use a passphrase with your ssh(1) keys. Otherwise, anyone that can steal your private key can use it exactly as if they were you. The ssh FAQ says it better than I can: http://www.snailbook.com/faq/no-passphrase.auto.html Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030223180028.GA15348>