Gabriel Sechan wrote:
From: "Lan Barnes" <[EMAIL PROTECTED]>
On Fri, December 1, 2006 1:32 pm, Gabriel Sechan wrote:
Not allowed by the security team, or I would.
This doesn't reflect well on the security team IMHO. I have seen
environments where ssh keys were not welcome also and it always came
from a lack of understanding how the keys work.
for just getting it done than to get reprimanded. Besides, I think the real
issue the security team had was that noone was typing passwords to do it.
We still use ssh daily, just not passwordless or key based ssh.
The right way to use ssh-keys is with ssh-agent. With ssh-agent you have
to enter the password once to decrypt you key which is held in memory
and only child processes of ssh-agent have access to it. More secure
than an potentially guessable normal passworded login. You can even set
up ssh-agent to which you have authenticated which can then use your
keys to copy the files around or take whatever actions you need using
your authority.
But I'm sure an expect script can do the job also. Just a shame not to
be able to use the best tool for the job due to politics. :)
--
Tracy R Reed http://ultraviolet.org
A: Because we read from top to bottom, left to right
Q: Why should I start my reply below the quoted text
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-lpsg
