I suspect the OP wasn't that interested in the philosophy of ssh, but
what the hell. It's a slow day.
On 22 Dec 2000 11:42:34 +1100, Crossfire wrote:
> Null passphrases are the answer. For automated connections, its pretty much
> the only answer.
That I will grant you. But I thought the original question was about a
script that was manually invoked, and just happened to perform a lot of
sshes? Very different security semantics, I would have thought. An
automated identity would have a variety of restrictions in the
authorized_keys file. In the given example, you'd have an identity that
could only run 'df', as unprivileged user, from a specific machine.
That's great for some situations, and totally useless for reducing the
number of times you type in your passphrase in the course of a normal
day.
> ... You're one of David's friends, aren't you?
You know... that's really depressing.
> The concept is evil and distincitvely scary. Theres been lots of noise
> about agent - I don't use it on the principle that enough [knowledgable]
> people have made LOTS of noise about it.
I'm normally one of them, believe me :) ssh-agent, much like every other
network access tool, is a compromise between security and convenience.
Sometimes it's worth it, sometimes it isn't.
m.
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
