On Thu, Mar 01, 2007 at 02:18:40PM +0100, Vincent Lefevre wrote: > On 2007-02-28 17:17:27 -0500, Roberto C. Sanchez wrote: > > > This is not correct. With keychain, you can set it up to hold the ssh > > keys in memory after you log out until the next time you log in. The > > idea is that if an attacker cracks your account and then logs in, the > > keys will be cleared. Of course, this will also happen when you log in > > again and so you will need to enter your passphrase each time you log > > in. But this is the same situation as when you use plain ssh-agent. > > With ssh-agent, I can type my passphrase only once (when I use ssh > for the first time after the first login), until I quit all my shell > sessions. > Right, but with keychain they persist even after you log out. This is nice because then your keys *can* have a passphrase and you can still use them for unattended things like cron jobs. Of course, if the machine suts down, you need to log back in and enter the passphrase again.
Regards, -Roberto -- Roberto C. Sanchez http://people.connexer.com/~roberto http://www.connexer.com
signature.asc
Description: Digital signature
