ssh-agent does help here. Have the cron job which is doing the backup look to see if there's an ssh agent running as its user (presumably 'backup', maybe root) and if not send mail to somebody's pager, complaining about the missing agent. If the agent is running, the cron job can reconnect to it and use it for authentication.
It's still possible for a cracker to get the passphrased key, and to plant a keystroke logger to get your passphrase. Getting a usable key out of the agent is *hard*. -Brian -- Brian Sniffen [EMAIL PROTECTED]
pgpsrBkku8pYc.pgp
Description: PGP signature
