Zieg, Mark wrote:
There's a tool called keychain [1] that acts as a frontend to ssh-add and ssh-agent. It will allow one to use password encrypted keys in crons as you suggest, and eliminates the hassle of adding your keys to your agent every session. YMMV.My biggest problem with any of these approaches, besides the inconvenience, is they eliminate the opportunity for secure, automated batch processes. I have various cron jobs that fire off automatically, connect to different servers, do reports/extracts/whatever, and so on. For that, AFAIK, you need to store your keys in the filesystem.Correct me if I'm wrong, but as long as your private key is chmod 600, the only way it will be compromised is if your local workstation gets rooted. If that happens, ssh-agent itself can be quickly trojaned with a compromised copy that collects passwords. Likewise, if you're just using passphrase-encrypted keys, ssh and cvs themselves are both compromised on a rooted box...so what's the difference? Or am I missing something?
[1]: <http://www.gentoo.org/proj/en/keychain.xml> that
--
Scott Moynes
Canadian Bank Note Co. Ltd.
[EMAIL PROTECTED]
(613) 225-3018 x2272
_______________________________________________
Info-cvs mailing list
[EMAIL PROTECTED]
http://mail.gnu.org/mailman/listinfo/info-cvs