[Q] SCP/SFTP batch file password problem?

Chris St. Pierre stpierre at NebrWesleyan.edu
Wed Aug 17 13:52:10 UTC 2005


Basically, what Ed said.  If you're using it for scripts that are
cronned to go off late at night when no one is arount to type a
password, it's not very useful.

However, if you're not scripting, it can be very useful.  If you are
administering a number of systems with disparate password databases,
you might not want to have to remember which passwords go with which
systems.  Rather than set all of your passwords to be the same -- bad
security practice -- you could do key exchange with all of the servers
and then just use the same key passphrase to login to each of them.
You get the benefit of only having one password, the security of
having multiple passwords from any machine but your desktop, and don't
have to worry too much if someone gets your private key.

Chris St. Pierre
Unix Systems Administrator
Nebraska Wesleyan University

On Tue, 16 Aug 2005, Ed Wilts wrote:

>On Tue, Aug 16, 2005 at 03:21:17PM -0500, Kelley.Coleman at med.va.gov wrote:
>> Chris - What, if anything, would be the benefit of using a passphrase with
>> ssh, if you were using it mainly for shell scripts?  Does it affect the
>> functionality of the script?  I've set all my ssh connections up without a
>> passphrase, but I was curious about it.
>
>I've set mine up without a passphrase too but I'll take a shot at
>answering your question.  Basically, if somebody has access to your
>private key, every system that you have access to is now theirs.  This
>could be your backup admin or anybody that gets a hold of your backup
>tapes.
>
>With a passphrase, the key by itself doesn't get them anything.  They
>need both pieces of information to get anything useful.
>
>The rest that most people set up keys without passphrases is that
>they're much easier to work with.  The way I read the keychain
>information, you get the security of a passphrase without the pain.  You
>only enter your passphrase once and the server hangs on to an open
>session that you connect to.
>
>        .../Ed
>
>-- 
>Ed Wilts, RHCE
>Mounds View, MN, USA
>mailto:ewilts at ewilts.org
>Member #1, Red Hat Community Ambassador Program
>
>-- 
>redhat-list mailing list
>unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>https://www.redhat.com/mailman/listinfo/redhat-list
>




More information about the redhat-list mailing list