On 2007-02-28 17:17:27 -0500, Roberto C. Sanchez wrote: > On Wed, Feb 28, 2007 at 05:29:11PM -0400, Guillermo Garron wrote: > > I use this method, (without passphrase) to be able to run script (with > > cronjob) from one machine into other, if I put a passphrase that is > > not going to work, am I right?
For specific scripts, it is probably better to use specific keys with some restrictions, e.g. by forcing the command name. > This is not correct. With keychain, you can set it up to hold the ssh > keys in memory after you log out until the next time you log in. The > idea is that if an attacker cracks your account and then logs in, the > keys will be cleared. Of course, this will also happen when you log in > again and so you will need to enter your passphrase each time you log > in. But this is the same situation as when you use plain ssh-agent. With ssh-agent, I can type my passphrase only once (when I use ssh for the first time after the first login), until I quit all my shell sessions. -- Vincent Lefèvre <[EMAIL PROTECTED]> - Web: <http://www.vinc17.org/> 100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/> Work: CR INRIA - computer arithmetic / Arenaire project (LIP, ENS-Lyon) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
