Re: [Q] SCP/SFTP batch file password problem?

From: Chris St. Pierre (
Date: 08/17/05

  • Next message: Ed Wilts: "Re: RHEL3 & RHEL4 and SAN - EVA5000"
    Date: Wed, 17 Aug 2005 08:52:10 -0500 (CDT)
    To: General Red Hat Linux discussion list <>

    Basically, what Ed said. If you're using it for scripts that are
    cronned to go off late at night when no one is arount to type a
    password, it's not very useful.

    However, if you're not scripting, it can be very useful. If you are
    administering a number of systems with disparate password databases,
    you might not want to have to remember which passwords go with which
    systems. Rather than set all of your passwords to be the same -- bad
    security practice -- you could do key exchange with all of the servers
    and then just use the same key passphrase to login to each of them.
    You get the benefit of only having one password, the security of
    having multiple passwords from any machine but your desktop, and don't
    have to worry too much if someone gets your private key.

    Chris St. Pierre
    Unix Systems Administrator
    Nebraska Wesleyan University

    On Tue, 16 Aug 2005, Ed Wilts wrote:

    >On Tue, Aug 16, 2005 at 03:21:17PM -0500, wrote:
    >> Chris - What, if anything, would be the benefit of using a passphrase with
    >> ssh, if you were using it mainly for shell scripts? Does it affect the
    >> functionality of the script? I've set all my ssh connections up without a
    >> passphrase, but I was curious about it.
    >I've set mine up without a passphrase too but I'll take a shot at
    >answering your question. Basically, if somebody has access to your
    >private key, every system that you have access to is now theirs. This
    >could be your backup admin or anybody that gets a hold of your backup
    >With a passphrase, the key by itself doesn't get them anything. They
    >need both pieces of information to get anything useful.
    >The rest that most people set up keys without passphrases is that
    >they're much easier to work with. The way I read the keychain
    >information, you get the security of a passphrase without the pain. You
    >only enter your passphrase once and the server hangs on to an open
    >session that you connect to.
    > .../Ed
    >Ed Wilts, RHCE
    >Mounds View, MN, USA
    >Member #1, Red Hat Community Ambassador Program
    >redhat-list mailing list

    redhat-list mailing list

  • Next message: Ed Wilts: "Re: RHEL3 & RHEL4 and SAN - EVA5000"

    Relevant Pages

    • Re: Bind ubuntu to hard drive.
      ... If the encryption /isn't secure/ whatever startup scripts you use can ... thats why I was asking how the passphrase is being entered. ...
    • Re: newbie: Problem stopping passphrase prompt in automated script?
      ... > I want to automate my scripts so that they run unattended, ... > hence I'm trying to get it NOT to prompt me for passphrase. ...
    • [NT] Console Java Applications can Leak Passphrases on Windows
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: ... or by further smart cards known as Operator Card ... Each card can be further protected by a passphrase, ... brand names include Java support. ...
    • Re: Secure shared web hosting using MAC Framework
      ... run the web server and web users shell in a jail, ... Those rights should have priority on any traditional unix file ... This directive allows you to disable certain functions for security reasons. ... Web users and executed web scripts shouldn't be able to read ...
    • RE: Techniques for Vulneability discovery
      ... "Art & Science of Computer Security" to be published ... to run scripts and nmap (swell..$2-4k to learn this ... hint hint, E&Y, hint hint.. ... How do experts discover vulnerabilities in a ...