can't figure out ssh, read lots of docs...
Lowell Gilbert
freebsd-questions-local at be-well.ilk.org
Thu Jun 2 16:45:59 GMT 2005
Giorgos Keramidas <keramida at ceid.upatras.gr> writes:
> On 2005-06-02 10:38, Lowell Gilbert <freebsd-questions-local at be-well.ilk.org> wrote:
> > The original poster wanted to do automated backups via scp. This kind
> > of application *requires* empty passphrases
>
> Nope. scp works fine with a pass-phrase too, if one uses ssh-agent
> properly, regardless of the remote user being root or not.
You're recommending leaving an ssh-agent instance running unattended
instead of having a passphrase-less key? That just means you have to
protect the agent's socket as carefully as you would have to protect
the unencrypted key file.
I guess what I should have said was that such an application requires
an unencrypted key sitting around. You are right: there *are* ways to
give access to the key other than empty passphrases. The only real
disadvantage of the agent approach is that the key becomes
inaccessible when the system reboots.
More information about the freebsd-questions
mailing list