Security Basics mailing list archives
Re: RES: Is SSH worth it??
From: "datadisk.security" <datadisk.security () ntlworld com>
Date: Mon, 14 Oct 2002 11:10:04 +0100
Richard Caley wrote:
In article <9074FBA54BDBE344B56C31F1F4AC863792CE9F () pegasus ibest int br>, Andre Guimaraes (ag) writes: ag> I dont like RSA without passwords caus if your machine gets ag> compromised, the attacker would have root access to another ag> machines in your network. Wouldn't the `Right' solution be to put a passphrase on the private key and use ssh-agent to hold the key. Then you can type the passphrase (which can be long) once and then execte a whole batch of ssh commands without worrying about a password. Of course, if your machine really is compromised you're dead anyway, al you can do is delay them a little.
Here's one way to do it: Store enviro variables to a file: $ ssh-agent | head -2 > ~/agent-info Add keys to the agent and enter passphrase when prompted: $ source ~/agent-info $ ssh-add In a script do: #!/bin/sh set agent =~/agent-info if (-r agent) then source $agent else echo "Can't find or read agent file" exit 1 #Now use SSH to do something... ssh -q -o 'BatchMode yes' user@remotehost your-command
Current thread:
- Re: RES: Is SSH worth it?? datadisk.security (Oct 15)
- Re: RES: Is SSH worth it?? Richard Caley (Oct 15)