[KLUG Members] ssh-keygen

bill bill at billtron.com
Tue Mar 13 08:48:26 EST 2007

Previous message: [KLUG Members] ssh-keygen
Next message: [KLUG Members] ssh-keygen
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 2007-03-13 at 06:16, bert wrote:
> Thanks guys for all the explanations.
> 
> I want to use the ssh-keys to scp some files to an other server. Because 
> process runs via the crontab, I can't provide a passfrase.
> I use scp with the -i option to provide the key and -l to provide a non-root 
> username.
> The keys go into an root only accessable directory. (The cron runs as root.)
> If there are better, more secure, ways to do this I would like to know about 
> them.

Running unattended is always a little more insecure, for if the program
can run without you there, what's to keep someone using that process to
do something else?

The method you're using is often recommended for CRON scripts that
require a secure login.  

You can also require the server to respect rhosts.  If I understand that
correctly, this means that not only does the login require a key (albeit
without a password) it only accepts logins from your particular
computer.

> My misunderstanding was that I thought that the passfrase could be used to 
> bypass the ssh-key in some way, a sort of bypassfrase so to speak.

Yes, that was a misunderstanding.  The passphrase makes it more secure
because a person can't use the key without the passphrase.

> ps, Bill, you wrote your gpg key at the end of your message. I once created 
> a gpg key (without a passfrase) and loaded that up to a keyserver. I guess 
> it's better to use a passfrase on this too.

That is not my GPG key at the end of the message, it's a signature file
for that message.  I signed the message with my key.  If you have my
public key you can confirm that the message was sent by me. 

I try and have all my messages signed that way.  It's good form (we all
sign our messages one way or another) and the more people who use GPG
the better. 

If you don't have my public key to validate the signatures you can get
it at GPG key servers or at the link I provided in the URL. 

-- 
PGP/GPG Public Key: https://billtronservices.com/key
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://www.kalamazoolinux.org/pipermail/members/attachments/20070313/88db7d9e/attachment.bin

Previous message: [KLUG Members] ssh-keygen
Next message: [KLUG Members] ssh-keygen
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Members mailing list