Problems with rsync over ssh
Jim Cornette
fc-cornette at insight.rr.com
Fri Mar 31 02:37:09 UTC 2006
William Hooper wrote:
> Les Mikesell wrote:
>> On Thu, 2006-03-30 at 07:58, Anne Wilson wrote:
>>
>>>> If your ssh key has a passphrase, the only reason it works
>>>> manually is that you have entered that passphrase previously and
>>>> ssh-agent remembers it for you within that session. The cron job has
>>>> no connection to that session and the agent wouldn't provide the
>>>> passphrase even if it could. If you want it to run without entering
>>>> the passphrase, make keys with an empty passphrase.
>>>>
>>> I see. Questions, then -
>>>
>>>
>>> As this LAN is behind a hardware firewall, it's probably reasonably
>>> safe, but what risk is there?
>> The risk is that anyone who can copy your private key can
>> pretend to be you for any service that depends on the matching public key.
>> It is up to the filesystem permissions
>> to protect it.
>
> You can also set up the authorized_keys file so that the key is only valid
> from certain hosts. See man sshd for the format.
>
>
Didn't someone mention that keys can be made to only allow certain
accessibility to specific functions? Like only allow rsync but nothing
else over the connection? Then even without the passphrase implemented,
only the specific task can be performed, key or not.
Maybe I read it somewhere else or dreamed it.
Jim
--
21:31:44 up 2 days, 15:14, 5 users, load average: 0.85, 0.80, 0.68
More information about the fedora-list
mailing list