FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 09-17-2010, 04:22 PM
T o n g
 
Default Cron and ssh keys

Hi,

How do you handle situations that you need to do rsync etc ssh related
tasks in cron?

I know it need my passphrase before hand, but what if (somehow) the
machine is rebooted and I haven't get around keying the passphrase yet?

Is there any test mechanism before I let the ssh related tasks kick in?

I tried the following,

$ date; keychain --timeout 1 --nogui id_rsa; echo $?; date

but it never timeout as advertised:

--timeout minutes
Set a timeout in minutes on your keys. This is conveyed to
ssh-
agent which does the actual timing out of keys since keychain
doesn't run continuously.

Debian Squeeze.

Thanks

--
Tong (remove underscore(s) to reply)
http://xpt.sourceforge.net/techdocs/
http://xpt.sourceforge.net/tools/


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: i704k6$go8$3@dough.gmane.org">http://lists.debian.org/i704k6$go8$3@dough.gmane.org
 
Old 09-20-2010, 10:15 PM
Bob Proulx
 
Default Cron and ssh keys

T o n g wrote:
> How do you handle situations that you need to do rsync etc ssh related
> tasks in cron?

When running under cron you cannot use a passphrase on your ssh
private key. Since no passphrase can be used you have to ask if you
are working in an NFS environment or not. If under NFS then the only
safe user is the root user since root is converted to nobody due to
root_squash behavior. In which case all cron activity would need to
be under root's account. If not in an NFS environment then you can
safely use filesystem permissions to protect your key. Create a key
without a passphrase and use it for use in cron.

> I know it need my passphrase before hand, but what if (somehow) the
> machine is rebooted and I haven't get around keying the passphrase yet?

That is exactly why going that path can't work.

Bob
 
Old 09-21-2010, 04:32 AM
T o n g
 
Default Cron and ssh keys

On Mon, 20 Sep 2010 16:15:32 -0600, Bob Proulx wrote:

> If not in an NFS environment then you can safely use filesystem
> permissions to protect your key. Create a key without a passphrase and
> use it for use in cron.

Oh, that's how you handle it.

Thanks for sharing.

--
Tong (remove underscore(s) to reply)
http://xpt.sourceforge.net/techdocs/
http://xpt.sourceforge.net/tools/


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: i79cgq$tkt$2@dough.gmane.org">http://lists.debian.org/i79cgq$tkt$2@dough.gmane.org
 

Thread Tools




All times are GMT. The time now is 10:32 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org