ssh agent

Mark Hymers markh at linuxfromscratch.org
Fri Oct 4 10:50:05 PDT 2002


On Fri, 04, Oct, 2002 at 01:37:34PM -0400, Tony Karakashian spoke thus..
> While we're being civil :) I have a question.
> When my main VPN hub goes down here, for whatever
> reason, I have to manually go into each branch
> firewall, via ssh, and restart their VPN connection.
> What I'd like is to write a init script to do it
> for me, so I don't have to get up at 2AM when they
> restore power...It appears ssh-agent might do the
> trick, but it appears it's primary purpose is to
> "cache" my password so I don't have to re-enter it
> again during my session.  If I log out, I have to
> re-enter it.  Is this correct?  And, the fact that 
> each of the branch firewall has a different 
> password, that would affect it, too, right?  If 
> so, is it possible, without hard-coding the router 
> passwords in a script in plain text to have a 
> script ssh in and run some commands on a remote 
> machine without any human intervention?

If the machine you are ssh'ing *from* is secure (physically as well as
networkingly[!?]) couldn't you use keys and the .ssh/.authorizedkeys
file without passphrases?

More secure would be to continue to use passphrases but to use keychain
<http://www.gentoo.org/projects/keychain> which only requires you to
enter your keychain once when you login and as long as you have at least
one shell open, it'll cache your keyphrases.

HTH

Mark

-- 
Mark Hymers <markh at linuxfromscratch dot org>

"I'm so gorgeous, there's a six month waiting list for birds to suddenly
 appear, every time I am near!"
     Cat, Red Dwarf Series VIII - Back in the Red
-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-chat' in the subject header of the message



More information about the lfs-chat mailing list