markh at linuxfromscratch.org
Fri Oct 4 10:50:05 PDT 2002
On Fri, 04, Oct, 2002 at 01:37:34PM -0400, Tony Karakashian spoke thus..
> While we're being civil :) I have a question.
> When my main VPN hub goes down here, for whatever
> reason, I have to manually go into each branch
> firewall, via ssh, and restart their VPN connection.
> What I'd like is to write a init script to do it
> for me, so I don't have to get up at 2AM when they
> restore power...It appears ssh-agent might do the
> trick, but it appears it's primary purpose is to
> "cache" my password so I don't have to re-enter it
> again during my session. If I log out, I have to
> re-enter it. Is this correct? And, the fact that
> each of the branch firewall has a different
> password, that would affect it, too, right? If
> so, is it possible, without hard-coding the router
> passwords in a script in plain text to have a
> script ssh in and run some commands on a remote
> machine without any human intervention?
If the machine you are ssh'ing *from* is secure (physically as well as
networkingly[!?]) couldn't you use keys and the .ssh/.authorizedkeys
file without passphrases?
More secure would be to continue to use passphrases but to use keychain
<http://www.gentoo.org/projects/keychain> which only requires you to
enter your keychain once when you login and as long as you have at least
one shell open, it'll cache your keyphrases.
Mark Hymers <markh at linuxfromscratch dot org>
"I'm so gorgeous, there's a six month waiting list for birds to suddenly
appear, every time I am near!"
Cat, Red Dwarf Series VIII - Back in the Red
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-chat' in the subject header of the message
More information about the lfs-chat