[KLUG Members] Passphrase-Less SSH Keys

[Dirk H Bartley]

On Wed, 2006-02-08 at 12:47 -0500, bill wrote:
> I'm looking to create a cron job using ssh.  Being a scheduled job,
> running unattended, the job can't easily put in passwords.

Hey, I do that.
> 
> I see you can create an SSH key that doesn't have a password.

It would be referred to as having an empty passphrase.
> 
> The remote box already has a normal account with an SSH key that
> requires a password.

Generate the key pair on the box running the cron job.  Place the public
key on the (server) host the ssh command (client) will ssh to (the
server).

> 
> Should I create another account and put the passphrase-less key in
> there?

It should work as long as the above client server relationship is held.
> 
> Or can I create another key with the same account, and put it also in
> the normal account on the remote box?
That would work as well.  Here is my recommendation.

ssh-agent > ~/.ssh/agent-info
chmod 600 ~/.ssh/agent-info

source ~/.ssh/agent-info

ssh-add

now there is a persistent agent running.

In your script that is run in cron

source ~/.ssh/agent-info



It is probably better to use the full path and not the ~/

This is better then having a passphraseless key.

Dirk

> 
> kind regards,
> 
> bill
> _______________________________________________
> Members mailing list
> Members at kalamazoolinux.org
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.kalamazoolinux.org/pipermail/members/attachments/20060208/d9990ca1/attachment.bin