Re: Problems with rsync over ssh

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Friday 31 March 2006 03:37, Jim Cornette wrote:
> William Hooper wrote:
> > Les Mikesell wrote:
> >> On Thu, 2006-03-30 at 07:58, Anne Wilson wrote:
> >>>> If your ssh key has a passphrase, the only reason it works
> >>>> manually is that you have entered that passphrase previously and
> >>>> ssh-agent remembers it for you within that session.  The cron job has
> >>>> no connection to that session and the agent wouldn't provide the
> >>>> passphrase even if it could.   If you want it to run without entering
> >>>> the passphrase, make keys with an empty passphrase.
> >>>
> >>> I see.  Questions, then -
> >>>
> >>>
> >>> As this LAN is behind a hardware firewall, it's probably reasonably
> >>> safe, but what risk is there?
> >>
> >> The risk is that anyone who can copy your private key can
> >> pretend to be you for any service that depends on the matching public
> >> key. It is up to the filesystem permissions
> >> to protect it.
> >
> > You can also set up the authorized_keys file so that the key is only
> > valid from certain hosts.  See man sshd for the format.
>
> Didn't someone mention that keys can be made to only allow certain
> accessibility to specific functions? Like only allow rsync but nothing
> else over the connection? Then even without the passphrase implemented,
> only the specific task can be performed, key or not.
>
> Maybe I read it somewhere else or dreamed it.
>
After lots of reading I came to the conclusion that the sensible solution is 
to use keychain with the --clear option, which ensures that the passphrase 
has to be given on login, rather than the previous session staying live.  It 
appears to be working now, except for the problem of automatically loading 
it.  I'll start a new thread detailing that problem.

Thanks to all who tried to help.

Anne

Attachment: pgpusqtBnCUcp.pgp
Description: PGP signature


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux