Date: Sun, 23 Feb 2003 18:00:28 +0000 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: fbsd backup 2 remote Message-ID: <20030223180028.GA15348@happy-idiot-talk.infracaninophi> In-Reply-To: <20030223172755.GA25279@lothlorien.nagual.st> References: <20030222145404.GA251@pooh.nagual.st> <20030222160437.GA5430@happy-idiot-talk.infracaninophi> <20030222210343.GA18760@nagual.st> <20030222214628.GB7546@happy-idiot-talk.infracaninophi> <20030223172755.GA25279@lothlorien.nagual.st>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Feb 23, 2003 at 06:27:55PM +0100, dick hoogendijk wrote:
> On 22 Feb Matthew Seaman wrote:
> > Start up the ssh-agent and load the key into it:
> > # eval `ssh-agent`
> > # ssh-add /user/.ssh/id_rsa
> > When you're done, remember to shut down the ssh-agent:
> > # eval `ssh-agent -k`
>
> Is this kind of a safety measure? Isn't it simpler to activate ssh-agent
> on login so I can auto use ssh connections. Why is it better to always
> go through this ruleset? If not, where do I activate it on login? In my
> (login) .profile or my (shell)rc i.e. .tcsh
Just tidying up. ssh-agent tends not to get killed when you log out.
Yes, it's typical to start up ssh-agent and ssh-add your key to it
when you log in (and then close down ssh-agent on logout) so that it's
always available while you're logged in. You can do that through your
startup scripts (.login and .logout for tcsh, .bash_login and
.bash_logout for bash etc.)
Personally, I run it out of my .xsession like so:
#!/bin/sh
# PATH is set via login.conf ...
##PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin:${HOME}/bin" ; export PATH
FTP_PASSIVE_MODE=YES ; export FTP_PASSIVE_MODE
eval `ssh-agent -s`
/usr/X11R6/bin/xconsole -daemon -notify -verbose -fn fixed \
-exitOnFail -geometry 480x130-0-0 -iconic &
[ -f ${HOME}/.Xdefaults ] && /usr/X11R6/bin/xrdb -merge ${HOME}/.Xdefaults
/usr/X11R6/bin/xscreensaver -no-splash &
/usr/X11R6/bin/wmaker
eval `ssh-agent -k`
#
# That's All Folks!
#
and then as part of the wmaker startup, I have this in
GNUstep/Library/WindowMaker/autostart:
xterm -geometry 80x24-91+0 -e ssh-add ${HOME}/.ssh/id_rsa &
> Secondly: does a user really need a passphrase? Root? Sure! But a normal
> user?
I would strongly advise you to always use a passphrase with your
ssh(1) keys. Otherwise, anyone that can steal your private key can
use it exactly as if they were you. The ssh FAQ says it better than I
can:
http://www.snailbook.com/faq/no-passphrase.auto.html
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030223180028.GA15348>