Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] cron job to connect to a remote host with ssh key and a passphrase ?



On 11/28/05, Sacha Chua <sacha@example.com> wrote:
> Evan Monroig <evan.monroig@example.com> writes:
> > So what I did was use the ssh agent when my gnome session starts:
> > ssh-add /path/to/the/ssh/key
> > But when it is the cron job, I get the following error message in my logs:
> > Permission denied (publickey,keyboard-interactive).
> > Is there any way so that the cron job has access to the ssh key ?
>
> I guess it's a little bit better than using a no-passphrase key, but
> not by much.
>
> - No-passphase key: If people can copy your private no-passphrase key
>   off the system (for example, by pretending to be you or stealing
>   your USB key with backups of private keys), you're screwed.
>
> - Passphrase+agent: If people can get to your environment and the agent
>   socket (for example, by pretending to be you), then they can ssh to
>   the server and add their key to the authorized_keys file.

Thanks for your answer !

So basically the security with or without passphrase key is the same
in my case, since I don't backup the key and the ssh-agent would be
running all the time.

> That's why you probably want to also use the command= field in the
> server's ~/.ssh/authorized_keys. =)

Yes, so I should look at this way instead (^_^). I will do some
experiments and post again the solution I used.

> Also, you'll need to remember to set it up manually every time your
> ssh-agent gets restarted, like when your server gets rebooted...

My idea was that I pull the file from a machine on which I work, so I
can have the ssh-agent ask me for the passphrase on login..

Evan


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links