[clug] ssh 'controlpath' - anyone used it?
Sam Couter
sam at couter.id.au
Wed Sep 10 08:32:25 GMT 2008
steve jenkin <sjenkin at canb.auug.org.au> wrote:
> I don't use pass-phrases on SSH keys because they won't "Just Work" from
> scripts, especially from CRON.
You can use ssh-agent to overcome this in a much more secure way than
passphrase-less keys.
> I know of 'ssh-agent', but it's an X-11 thing and I'm not trusting of
> something that caches cleartext passwords (if it kept tickets/keys/...
> that timed out, I'd be happier).
ssh-agent does not require X11.
ssh-agent holds decrypted keys, not passphrases.
ssh-agent has a '-t' option listed in the man page to specify maximum
lifetime for added identities. You can use 'ssh-add -d' to delete a
specific identity or 'ssh-add -D' to delete them all.
Seriously, it sounds like you want ssh-agent.
--
Sam Couter | mailto:sam at couter.id.au
OpenPGP fingerprint: A46B 9BB5 3148 7BEA 1F05 5BD5 8530 03AE DE89 C75C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
Url : http://lists.samba.org/archive/linux/attachments/20080910/43c3ace3/attachment.bin
More information about the linux
mailing list