[clug] ssh 'controlpath' - anyone used it?

Sam Couter sam at couter.id.au
Wed Sep 10 08:32:25 GMT 2008

steve jenkin <sjenkin at canb.auug.org.au> wrote:
> I don't use pass-phrases on SSH keys because they won't "Just Work" from
> scripts, especially from CRON.

You can use ssh-agent to overcome this in a much more secure way than
passphrase-less keys.

> I know of 'ssh-agent', but it's an X-11 thing and I'm not trusting of
> something that caches cleartext passwords (if it kept tickets/keys/...
> that timed out, I'd be happier).

ssh-agent does not require X11.

ssh-agent holds decrypted keys, not passphrases.

ssh-agent has a '-t' option listed in the man page to specify maximum
lifetime for added identities. You can use 'ssh-add -d' to delete a
specific identity or 'ssh-add -D' to delete them all.

Seriously, it sounds like you want ssh-agent.
Sam Couter         |  mailto:sam at couter.id.au
OpenPGP fingerprint:  A46B 9BB5 3148 7BEA 1F05  5BD5 8530 03AE DE89 C75C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Digital signature
Url : http://lists.samba.org/archive/linux/attachments/20080910/43c3ace3/attachment.bin

More information about the linux mailing list