Re: rsync won't stop password prompt
From: Bob Proulx (bob_at_proulx.com)
Date: 08/31/05
- Previous message: Cedric BRINER: "Re: mptscsih"
- In reply to: Ken Irving: "Re: rsync won't stop password prompt"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 31 Aug 2005 10:12:53 -0600 To: debian-user@lists.debian.org
Ken Irving wrote:
> Bob Proulx wrote:
> > If you want automated batch mode use of ssh you will need to use ssh
> > keys without a passphrase. Because the files are not encrypted and do
> > not have a passprase they must be protected with filesystem level
> > protection. Any user that can read those files can use it to access
> > the remote system.
>
> There is a safer way to accomplish this sort of thing, using ssh-agent.
While ssh-agent is a wonderful way to manage user keys it does not
work for automated processes such as tasks spawned by cron or such as
boot time processes or other fully automated processes.
The problem is that an ssh-agent needs a human to type on the keyboard
to authenticate. But a fully automated process does not have this
capability. By my definition if a human is in the process loop then
it is not fully automated.
> You set up ssh with a passphrase, then arrange ssh-agent to run on the
> backup machine. You'll need to logon *once* to that host and run ssh-add to
> provide ssh-agent the means to know the key values, which are stored in
> memory (in a named pipe) rather than on disk.
And then reboot the machine and things will no longer work. You will
find that your ssh-agent is no longer authorized.
Bob
-- To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
- application/pgp-signature attachment: Digital signature
- Previous message: Cedric BRINER: "Re: mptscsih"
- In reply to: Ken Irving: "Re: rsync won't stop password prompt"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
