[KLUG Members] Passphrase-Less SSH Keys

bill bill at billtron.com
Wed Feb 8 13:40:26 EST 2006

Previous message: [KLUG Members] Passphrase-Less SSH Keys
Next message: [KLUG Members] Passphrase-Less SSH Keys
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 2006-02-08 at 13:12, Dirk H Bartley wrote:
> On Wed, 2006-02-08 at 12:47 -0500, bill wrote:
> > I'm looking to create a cron job using ssh.  Being a scheduled job,
> > running unattended, the job can't easily put in passwords.
> 
> Hey, I do that.
> > 
> > I see you can create an SSH key that doesn't have a password.
> 
> It would be referred to as having an empty passphrase.
> > 
> > The remote box already has a normal account with an SSH key that
> > requires a password.
> 
> Generate the key pair on the box running the cron job.  Place the public
> key on the (server) host the ssh command (client) will ssh to (the
> server).

Already doing that.  Have a key w/passphrase.  Client can log in to
server using key and get prompted for passphrase.  That's all fine.

> > Should I create another account and put the passphrase-less key in
> > there?
> 
> It should work as long as the above client server relationship is held.
> > 
> > Or can I create another key with the same account, and put it also in
> > the normal account on the remote box?
> That would work as well.  Here is my recommendation.
> 
> ssh-agent > ~/.ssh/agent-info
> chmod 600 ~/.ssh/agent-info

Which account is doing this?  

> source ~/.ssh/agent-info
> 
> ssh-add
> 
> now there is a persistent agent running.

Will the agent always be running, if, for example, the box is restarted?

If not, must it be restarted by hand?

If so, what command(s) above must be re-run to get the agent running
again?

Is there an automated way to have this agent always restart?  Is that a
wise thing to attempt?

> In your script that is run in cron
> 
> source ~/.ssh/agent-info

Where is this line placed in relation to the ssh command?

> It is probably better to use the full path and not the ~/
> 
> This is better then having a passphraseless key.

You mean this is for keys with a password?

I guess I'm not clearly understanding keys and accounts.  If I have
account "Alice" on the client, and account "Bob" on the server, can I
put Alice's public key in Bob's .ssh directory and have Alice log in as
Bob?

kind regards,

bill
-- 
PGP/GPG Public Key: https://billtronservices.com/key
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.kalamazoolinux.org/pipermail/members/attachments/20060208/c61fc63c/attachment.bin

Previous message: [KLUG Members] Passphrase-Less SSH Keys
Next message: [KLUG Members] Passphrase-Less SSH Keys
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Members mailing list