[TriLUG] how-to: preshare ssh key

Matthew Pusateri mpusateri at wickedtrails.com
Tue Jun 3 23:04:46 EDT 2008


++ for keychain!  For those who don't know, it allows you to still  
have a passphrase on your private keys, but will cache the passphrase  
on logout, so that scripts that run over ssh via cron can still  
execute.  I set mine up to prompt for a key when I log in, and then  
kill the key on reboot.  So if your system is compromised they  
probably will get access to your keychain and thus be able to ssh as  
you without a passphrase b/c it's cached.  But this is still better  
than no passphrase at all, because if they install anything(trojan/ 
binaries, etc) and try to reboot the server to make them take affect,  
then they loose the cached passphrase.

Here's a better write up on it.

http://www.gentoo.org/proj/en/keychain/


Matt P.


On Jun 3, 2008, at 1:32 PM, Jim Tuttle wrote:

> This might help. http://braggtown.com/sshauth.html
>
> Jim
>
> Warren Myers wrote:
>> I need to set up rsync between a pair of servers and want to use  
>> ssh to
>> accomplish that.
>>
>> However, I don't want to be entering the passwords of those users
>> constantly.
>>
>> How do I go about pre-sharing the server keys between the target  
>> and source
>> machines?
>>
>> Or, is there a better way to do this than I have currently out-lined?
>>
>> WMM
>>
>
>
> -- 
> --
> ---Jim Tuttle
> ------------------------------------------------------
> http://www.braggtown.com
> PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x69B69B08
>
> -- 
> TriLUG mailing list        : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG FAQ  : http://www.trilug.org/wiki/Frequently_Asked_Questions




More information about the TriLUG mailing list