Re: SSH Passphrase

[Johan De Meersman <jdm () operamail com>]

An SSH-passphrase doesn't relate to the security of the connection, it 
only prohibits a stranger from accessing your key (and thus initiating a 
connection). The SSH connection security is based on your and the 
server's public and private keys, which are created using a (to me at 
least) pretty complex piece of mathematics involving huge prime numbers. 
Thus, with our without passphrase, the connection itself will always be 
secure.

The ssh-agent does indeed request the passphrase at the beginning of the 
session, but nothing prevents you from setting up a session at any given 
time, and a session can last from boot till shutdown without having to 
re-enter the passphrase. If you start ssh-agent without a command line 
you'll get a number of variables printed. If you set these in any script 
that requires ssh-authentication, it'll know to authenticate to that 
instance of the agent. See man ssh, man ssh-agent and man ssh-add for 
more details on this.

Stefan Lesicnik wrote:

> Hi, 
>
> Im fairly new to private and public key encryption, so dont quite
> understand all the concepts.
>
> I have the need to scp a file to a remote server without specifying the
> password as it is done from a non-interactive script.
>
> I have accomplished this by generating a dsa key without a passphrase.
> Although this works I am worried about the security concerns of doing
> this? (Without a passphrase, how does it authenticate? Based on the
> machines dsa key which was made from machine specific entropy?)
>
> I know of programs such as ssh-agent, but these require you to enter a
> passphrase at the beginning of the session which it then remembers, this
> isnt possible as it is non-interactive in my case. Does anyone have any
> ideas or comments?
>
> TIA
> Stefan Lesicnik
>
>  


--
Public GPG key at blackhole.pca.dfn.de .

Attachment: _bin
Description: