ssh agent

Mark Hymers markh at linuxfromscratch.org
Fri Oct 4 11:30:04 PDT 2002


On Fri, 04, Oct, 2002 at 01:58:57PM -0400, Tony Karakashian spoke thus..
> >> If the machine you are ssh'ing *from* is secure (physically as well as
> >> networkingly[!?]) couldn't you use keys and the .ssh/.authorizedkeys
> >> file without passphrases?
> 
> It's not secure, it's connected to the Internet. :)  Seriously, I 
> guess I could, I'll look into it.  I don't need to be logged in though,
> right?  That's the key component.  I looked at keychain, but I did at
> least need to log in for it to work.  I want this as the last part of
> the init script right after it brings up the ipsec interface.

Hmm.  In that case you'd have to be there to supply the passphrases if
you used them.  If you didn't use passphrases then you'd be fine but the
problem is that if someone nicks a copy of your private key, they can
authenticate to the server as you (although I suppose you could reduce
this risk by only allowing ssh in from a particular IP - still it's not
something I'd be happy with).

Mark

-- 
Mark Hymers <markh at linuxfromscratch dot org>

"We have three realistic alternatives: (1) Sit here and get blown up, (2)
 Stand here and get blown up, (3) Jump up and down, shout at me for not being
 able to think of anything, then get blown up."
     Holly, Red Dwarf Series III - Bodyswap
-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-chat' in the subject header of the message



More information about the lfs-chat mailing list