I use net-misc/keychain to manage my ssh keys. My backup machine root account
has this sequence in the .bash_profile file:
keychain ~/.ssh/id_dsa
. ~/.keychain/$HOSTNAME-sh
If I reboot the backup machine I need to remember to login as root.
The keychain program checks to see if it has the key in memory and only
asks for the password the first time.
I use this as part of my rsnapshot backup system.
Steve Herber [EMAIL PROTECTED] work: 206-221-7262
Security Engineer, UW Medicine, IT Services home: 425-454-2399
On Fri, 14 Sep 2007, Jordi Molina wrote:
On 9/14/07, Peter Humphrey <[EMAIL PROTECTED]> wrote:
Except that now, instead of being asked for a password, I'm asked for the
pass-phrase that belongs to the ssh key.
Create it w/o passphrase.
It's not a big security risk, just ensure that the access of the user
in the fw machine has restrictive access over its home and that it
can't su/sudo to root.
Any backup application that sends data unattendedly will have the same
security concerns, from my point of view it'ld be senseless to start
now a discussion about this, again.
--
Jordi Molina Casas (warp3r)
mail: [EMAIL PROTECTED] 4BC8 8150 7B1A FC24 FBAD 7B07 FE90 F300 4F36 3BF7
mail: [EMAIL PROTECTED] 2F91 EF95 229E FC31 18C0 05C3 B320 22DA 8C03 F33E
www: www.warp3r.com
--
[EMAIL PROTECTED] mailing list
--
[EMAIL PROTECTED] mailing list
