Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

This is not how it is meant. When you use AutoSSH/SSH and need to enter a password for your key anytime you do a connection (which probably happens every 10min as a system engineer/admin/etc) it is probably useless.

I have many different SSH keys, each with different long passwords.

What u are looking for is `ssh-agent` which can take care of all the password handling.

Also unattended rsync (over ssh) backups rely on no user interaction at all.



On top of that, you can always use a separate user for the tunnel that doesn't have a login shell. Obviously still a problem if someone gets the private keys but not nearly as much so, as they'll basically be limited to tunneling/forwarding.


@Tiksi:

Couldn't reply to your thread directly, so here:

It shouldn't be a problem when someone steels your key. At least not when it is protected with a strong password.

As I said, you can and should always use `ssh-agent` and protect all of your keys with a password.

Now that it was mentioned, I am really not sure, if `ssh-agent` also works for processes started by `cron`.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: