William Hooper wrote:
Les Mikesell wrote:
On Thu, 2006-03-30 at 07:58, Anne Wilson wrote:
If your ssh key has a passphrase, the only reason it works
manually is that you have entered that passphrase previously and
ssh-agent remembers it for you within that session. The cron job has
no connection to that session and the agent wouldn't provide the
passphrase even if it could. If you want it to run without entering
the passphrase, make keys with an empty passphrase.
I see. Questions, then -
As this LAN is behind a hardware firewall, it's probably reasonably
safe, but what risk is there?
The risk is that anyone who can copy your private key can
pretend to be you for any service that depends on the matching public key.
It is up to the filesystem permissions
to protect it.
You can also set up the authorized_keys file so that the key is only valid
from certain hosts. See man sshd for the format.
Didn't someone mention that keys can be made to only allow certain
accessibility to specific functions? Like only allow rsync but nothing
else over the connection? Then even without the passphrase implemented,
only the specific task can be performed, key or not.
Maybe I read it somewhere else or dreamed it.
Jim
--
21:31:44 up 2 days, 15:14, 5 users, load average: 0.85, 0.80, 0.68
