Re: RES: Is SSH worth it??

["datadisk.security" <datadisk.security () ntlworld com>]

Richard Caley wrote:

> In article <9074FBA54BDBE344B56C31F1F4AC863792CE9F () pegasus ibest int br>, Andre Guimaraes (ag) writes:
>
> ag> I dont like RSA without passwords caus if your machine gets
> ag> compromised, the attacker would have root access to another
> ag> machines in your network.
>
> Wouldn't the `Right' solution be to put a passphrase on the private
> key and use ssh-agent to hold the key.
>
> Then you can type the passphrase (which can be long) once and then
> execte a whole batch of ssh commands without worrying about a
> password.
>
> Of course, if your machine really is compromised you're dead anyway,
> al you can do is delay them a little.
>
>  
Here's one way to do it:

Store enviro variables to a file:

$ ssh-agent | head -2 > ~/agent-info

Add keys to the agent and enter passphrase when prompted:

$ source ~/agent-info
$ ssh-add

In a script do:

#!/bin/sh
set agent =~/agent-info
if (-r agent) then
 source $agent
else
 echo "Can't find or read agent file"
 exit 1

#Now use SSH to do something...
ssh -q -o 'BatchMode yes' user@remotehost your-command