Re: fbsd backup 2 remote

Sun, 23 Feb 2003 10:00:23 -0800 

On Sun, Feb 23, 2003 at 06:27:55PM +0100, dick hoogendijk wrote:
> On 22 Feb Matthew Seaman wrote:
> > Start up the ssh-agent and load the key into it:
> >     # eval `ssh-agent`
> >     # ssh-add /user/.ssh/id_rsa
> > When you're done, remember to shut down the ssh-agent:
> >     # eval `ssh-agent -k`
> 
> Is this kind of a safety measure? Isn't it simpler to activate ssh-agent
> on login so I can auto use ssh connections. Why is it better to always
> go through this ruleset? If not, where do I activate it on login? In my
> (login) .profile or my (shell)rc i.e. .tcsh

Just tidying up.  ssh-agent tends not to get killed when you log out.

Yes, it's typical to start up ssh-agent and ssh-add your key to it
when you log in (and then close down ssh-agent on logout) so that it's
always available while you're logged in.  You can do that through your
startup scripts (.login and .logout for tcsh, .bash_login and
.bash_logout for bash etc.)

Personally, I run it out of my .xsession like so:

    #!/bin/sh
    
    # PATH is set via login.conf ...
    
##PATH="/sbin:/bin:/usr/sbin:/usr/bin:/usr/games:/usr/local/sbin:/usr/local/bin:/usr/X11R6/bin:${HOME}/bin"
 ; export PATH
    FTP_PASSIVE_MODE=YES ; export FTP_PASSIVE_MODE
    
    eval `ssh-agent -s`
    
    /usr/X11R6/bin/xconsole -daemon -notify -verbose -fn fixed \
        -exitOnFail -geometry 480x130-0-0 -iconic &
    [ -f ${HOME}/.Xdefaults ] && /usr/X11R6/bin/xrdb -merge ${HOME}/.Xdefaults

    /usr/X11R6/bin/xscreensaver -no-splash &
    /usr/X11R6/bin/wmaker
    
    eval `ssh-agent -k`
    #
    # That's All Folks!
    #

and then as part of the wmaker startup, I have this in
GNUstep/Library/WindowMaker/autostart:

    xterm -geometry 80x24-91+0 -e ssh-add ${HOME}/.ssh/id_rsa &

 
> Secondly: does a user really need a passphrase? Root? Sure! But a normal
> user?

I would strongly advise you to always use a passphrase with your
ssh(1) keys.  Otherwise, anyone that can steal your private key can
use it exactly as if they were you. The ssh FAQ says it better than I
can:

    http://www.snailbook.com/faq/no-passphrase.auto.html

        Cheers,

        Matthew

-- 
Dr Matthew J Seaman MA, D.Phil.                       26 The Paddocks
                                                      Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey         Marlow
Tel: +44 1628 476614                                  Bucks., SL7 1TH UK

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message

Reply via email to