1 |
I use net-misc/keychain to manage my ssh keys. My backup machine root account has this sequence in the .bash_profile file: |
2 |
|
3 |
keychain ~/.ssh/id_dsa |
4 |
. ~/.keychain/$HOSTNAME-sh |
5 |
|
6 |
If I reboot the backup machine I need to remember to login as root. |
7 |
The keychain program checks to see if it has the key in memory and only |
8 |
asks for the password the first time. |
9 |
|
10 |
I use this as part of my rsnapshot backup system. |
11 |
|
12 |
|
13 |
Steve Herber herber@×××××.com work: 206-221-7262 |
14 |
Security Engineer, UW Medicine, IT Services home: 425-454-2399 |
15 |
|
16 |
On Fri, 14 Sep 2007, Jordi Molina wrote: |
17 |
|
18 |
> On 9/14/07, Peter Humphrey <prh@××××××××××.uk> wrote: |
19 |
>> |
20 |
>> Except that now, instead of being asked for a password, I'm asked for the |
21 |
>> pass-phrase that belongs to the ssh key. |
22 |
>> |
23 |
> |
24 |
> Create it w/o passphrase. |
25 |
> |
26 |
> It's not a big security risk, just ensure that the access of the user |
27 |
> in the fw machine has restrictive access over its home and that it |
28 |
> can't su/sudo to root. |
29 |
> |
30 |
> Any backup application that sends data unattendedly will have the same |
31 |
> security concerns, from my point of view it'ld be senseless to start |
32 |
> now a discussion about this, again. |
33 |
> |
34 |
> -- |
35 |
> Jordi Molina Casas (warp3r) |
36 |
> mail: warp3r@×××××.com 4BC8 8150 7B1A FC24 FBAD 7B07 FE90 F300 4F36 3BF7 |
37 |
> mail: warp3r@××××××××.com 2F91 EF95 229E FC31 18C0 05C3 B320 22DA 8C03 F33E |
38 |
> www: www.warp3r.com |
39 |
> -- |
40 |
> gentoo-amd64@g.o mailing list |
41 |
> |
42 |
-- |
43 |
gentoo-amd64@g.o mailing list |