| 1 |
I use net-misc/keychain to manage my ssh keys. My backup machine root account has this sequence in the .bash_profile file: |
| 2 |
|
| 3 |
keychain ~/.ssh/id_dsa |
| 4 |
. ~/.keychain/$HOSTNAME-sh |
| 5 |
|
| 6 |
If I reboot the backup machine I need to remember to login as root. |
| 7 |
The keychain program checks to see if it has the key in memory and only |
| 8 |
asks for the password the first time. |
| 9 |
|
| 10 |
I use this as part of my rsnapshot backup system. |
| 11 |
|
| 12 |
|
| 13 |
Steve Herber herber@×××××.com work: 206-221-7262 |
| 14 |
Security Engineer, UW Medicine, IT Services home: 425-454-2399 |
| 15 |
|
| 16 |
On Fri, 14 Sep 2007, Jordi Molina wrote: |
| 17 |
|
| 18 |
> On 9/14/07, Peter Humphrey <prh@××××××××××.uk> wrote: |
| 19 |
>> |
| 20 |
>> Except that now, instead of being asked for a password, I'm asked for the |
| 21 |
>> pass-phrase that belongs to the ssh key. |
| 22 |
>> |
| 23 |
> |
| 24 |
> Create it w/o passphrase. |
| 25 |
> |
| 26 |
> It's not a big security risk, just ensure that the access of the user |
| 27 |
> in the fw machine has restrictive access over its home and that it |
| 28 |
> can't su/sudo to root. |
| 29 |
> |
| 30 |
> Any backup application that sends data unattendedly will have the same |
| 31 |
> security concerns, from my point of view it'ld be senseless to start |
| 32 |
> now a discussion about this, again. |
| 33 |
> |
| 34 |
> -- |
| 35 |
> Jordi Molina Casas (warp3r) |
| 36 |
> mail: warp3r@×××××.com 4BC8 8150 7B1A FC24 FBAD 7B07 FE90 F300 4F36 3BF7 |
| 37 |
> mail: warp3r@××××××××.com 2F91 EF95 229E FC31 18C0 05C3 B320 22DA 8C03 F33E |
| 38 |
> www: www.warp3r.com |
| 39 |
> -- |
| 40 |
> gentoo-amd64@g.o mailing list |
| 41 |
> |
| 42 |
-- |
| 43 |
gentoo-amd64@g.o mailing list |
Archives