Hi Rich, Have you considered ssh key authentication? Either with an unencrypted private key (not so secure) or with an ssh-agent holding the unencrypted key (more secure but the agent has to be restarted on server boot)?
Cheers, Geoff On Thu, Jun 17, 2010 at 7:06 AM, Steele, Richard <r...@steelezone.net>wrote: > I'm trying to figure out the best way to handle publishing artifacts to our > Ivy repository using ssh. We can't prompt the user for the username and > password since the publication is usually done by Hudson. We can't embed > the username or password as a job configuration property because we can't > have those in cleartext; similarly, we can't use a standard user with a > well-known password in cleartext because of security concerns. > > I'm leaning towards using a keystore, but we'd need to use one without a > password for the same reasons above (can't prompt, don't want to embed), > but > a keystore without a password makes the security group twitchy. > > I'm looking for any ideas or suggestions that might help; practical > experience with real examples would be best, but I'll consider anything. > > Thanks, > Rich >
