Re: How to pass in a password to the ssh command line client?
On December 26, 2002 08:27 am, the fabulous hugh at atosc dot org wrote:
> Using a ssh key without a passphrase seems to be be a bad idea.
> You need to look on keychain.
Depends on what you are doing but keychain definitely looks interesting
(haven't given it a try yet).
Looking at the description of keychain I'd still go with a passphraseless key
though. I don't want automated scripts failing because a server has rebooted
and I forgot to run keychain.
The passphraseless key would be severely restricted:
- login only allowed from known host
- key only used in purpose specific case (not for general login)
- key restricted in port forwards allowed
- possibly forcibly running a command on login, allow nothing else
I'm not sure how keychain reduces the risks. A passphraseless key is mode
400, root or user-level compromise is required for it to be used in an
attack. The same level of compromise would make your keychain setup just as
vulnerable, right?
Fraser
Reply to: