From owner-freebsd-questions@FreeBSD.ORG Thu Jun 2 17:07:13 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 85E8316A41C for ; Thu, 2 Jun 2005 17:07:13 +0000 (GMT) (envelope-from keramida@ceid.upatras.gr) Received: from aiolos.otenet.gr (aiolos.otenet.gr [195.170.0.23]) by mx1.FreeBSD.org (Postfix) with ESMTP id D267F43D1F for ; Thu, 2 Jun 2005 17:07:12 +0000 (GMT) (envelope-from keramida@ceid.upatras.gr) Received: from kane.otenet.gr (kane.otenet.gr [195.170.0.27]) by aiolos.otenet.gr (8.13.4/8.13.4/Debian-1) with ESMTP id j52H7BHR008284 for ; Thu, 2 Jun 2005 20:07:11 +0300 Received: from orion.daedalusnetworks.priv (aris.bedc.ondsl.gr [62.103.39.226]) by kane.otenet.gr (8.13.4/8.13.4/Debian-1) with SMTP id j52H527R027425 for ; Thu, 2 Jun 2005 20:05:02 +0300 Received: from orion.daedalusnetworks.priv (orion [127.0.0.1]) by orion.daedalusnetworks.priv (8.13.3/8.13.3) with ESMTP id j52H7Amp003533 for ; Thu, 2 Jun 2005 20:07:10 +0300 (EEST) (envelope-from keramida@ceid.upatras.gr) Received: (from keramida@localhost) by orion.daedalusnetworks.priv (8.13.3/8.13.3/Submit) id j52H7AMo003532 for freebsd-questions@freebsd.org; Thu, 2 Jun 2005 20:07:10 +0300 (EEST) (envelope-from keramida@ceid.upatras.gr) Date: Thu, 2 Jun 2005 20:07:09 +0300 From: Giorgos Keramidas To: freebsd-questions@freebsd.org Message-ID: <20050602170709.GA3507@orion.daedalusnetworks.priv> References: <20050602161621.GB2778@orion.daedalusnetworks.priv> <000101c56794$ab00e330$144da8c0@rtxnetworks.local> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <000101c56794$ab00e330$144da8c0@rtxnetworks.local> Subject: Re: can't figure out ssh, read lots of docs... X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Jun 2005 17:07:13 -0000 On 2005-06-02 18:01, Lowell Gilbert wrote: >Giorgos Keramidas writes: >>On 2005-06-02 10:38, Lowell Gilbert wrote: >>> The original poster wanted to do automated backups via scp. This >>> kind of application *requires* empty passphrases >> >> Nope. scp works fine with a pass-phrase too, if one uses ssh-agent >> properly, regardless of the remote user being root or not. > > You're recommending leaving an ssh-agent instance running unattended > instead of having a passphrase-less key? Not really. In fact, this was exactly what I said is a "bad idea" in a previous post. > That just means you have to protect the agent's socket as carefully as > you would have to protect the unencrypted key file. For only as long as the agent process is alive. Which is usually a lot less than "forever" -- the time for which an unencrypted key which also exists in authorized_keys works. > You are right: there *are* ways to give access to the key other than > empty passphrases. The only real disadvantage of the agent approach > is that the key becomes inaccessible when the system reboots. Exactly (or when I issue `pkill ssh-agent').