On 07/24/2014 09:33 AM, Axel Beckert wrote:
Kevin Locke wrote:
But I'm curious why it might be dangerous. Is it a security concern
or from a connection-stability perspective?
Security concern. Starting SSH sessions from init scripts will need
SSH keys without passphrase. IMHO this always needs much care so that
the private key can't do much harm if leaked.
Right. Good point.
Could be worth adding a comment to the docs to warn users against it
if there's a common issue that it introduces.
Yes, I'll likely add something like that.
One other note change that would probably be worth making would be
to run autossh as a user other than root. It's hard to make this
generic since the sysadmin will likely want to create an
unprivileged user and install SSH keys for it to use. Perhaps
another motivation for putting it in the examples with some usage
notes.
Hrm. Maybe in that case a user cron job with @reboot may be an easier
way?
Sure, that could work. It might be a little more difficult to manage
(for runlevels and starting/stopping it). Tradeoffs. I was thinking
about adding the --user option to start-stop-daemon with a $USER that
the sysadmin could set. But I didn't mean to keep adding to the amount
of work needed to get this into the package. I'm sure it would be a
useful reference even in the current state.
Thanks again for considering all of this,
Kevin
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
