Osamu Aoki said: > man ssh > man ssh-agent > > I never used but debian web server mirrorsuses this to push content.
this is a good method, another is to create passphrase-less RSA(ssh1) or DSA(ssh2) keys. that way SSH (either native or using rsync with ssh) does not prompt for a password. ssh-agent still requires you to input the password once, I haven't looked into it much yet but from what I've heard the password is only stored for that one session, if you logout, the passphrase is erased which makes it difficult for automated tasks(especially accross reboots and such). I have used SSH w/RSA passphrase-less authentication extensively both with ssh, with scp, and with rsync-over-ssh and it works wonderfully. I would only do this on trusted systems however. One slipup can reveal your key to an intruder then they have easy access to all the other servers. One thing I usually do on systems like this is restrict logins to RSA(or DSA) only, so that it is very difficult(if not impossible) to login to the system if you don't have a key(even if you have the passwords it won't help). Protecting the key is very important though. I use SSH RSA authentication for things like propogating antivirus updates, doing backups(using rsync), distributing updates to big brother clients, automated copying of files around for other reasons. Its great. only thing I wish SSH could do(but I've never gotten to work) is to copy a file between hosts like scp host:/path/to/file host2:/path/to/newfile I usually make my ~/.ssh directorys chmod 500, and my ~/.ssh/authorized_keys files chmod 400. ssh always errors out though for me :( nate -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
