Gian G. Spicuzza wrote:
> Dear Patrick,
>
> Thank you for your response. The client must meet the following
> conditions to successfully login:
>
> 1) Proper IP
> 2) Proper Private Key (null-passphrase so at night, when backups are
> initiated, a user does not need to be at console)
> 3) Appropiate command (scp or rsync)
>
> Is there any other way of setting up keys for passwordless logins that
> are more secure than null-passphrases?
>
> Thanks,
>
> Gian
>
> Patrick Morris wrote:
>
>> No, it's not. If someone has the private key file, they can log in
>> with it.
>> If it's got a passphrase, they need to know that, too.
>>
>> Even with ssh-agent, someone has to enter the passphrase at some point.
>> That makes it infinetely more secure than passphraseless keys.
>> -----Original Message-----
>> From: Gian G. Spicuzza [mailto:gianspi@gsent.org] Sent: Friday, March
>> 10, 2006 8:58 AM
>> To: secureshell@securityfocus.com
>> Subject: Null-passphrase vs ssh-agent
>>
>> Hello. I have implemented PKA with a null-passphrase instead of using
>> ssh-agent. Is this just as secure as using ssh-agent?
>>
>> Thank you,
>>
>> Gian G Spicuzza
>>
>>
>>
>>
>>
>>
>>
>>

>



Not really, not unless you want to have your password in a text file &
redirect form stdin, but that is less secure then passphrase-less keys.
Could automate with an expect script or a perl wrapper but you still
have the password in a text file.

Only other suggestions is to use a restricted shell for the account you
want to cron out & see if you can get by with a non-privileged account
depending on what you need it to do.

hth,
Jesse