[CentOS] ssh-askpass in bash script

Mon Mar 3 09:40:15 UTC 2014
Peter Eckel <lists at eckel-edv.de>

Hi Joseph, 

> Why not just use authorized_keys with an empty pass phrase?

because every responsible system admin will immediately kill you when you do that? :-)

Except in very specific situations, e.g. unattended jobs that copy data or execute commands over ssh connections, it is very unwise to *ever* create an ssh key without a passphrase, as the only thing between that key and access to the systems it 'protects' is then file permissions on the server it is located on. 

Even in the few situations where it is unavoidable (in most cases it just seems so) to use an unprotected key, actions should be taken to limit its usability as much as possible (no-pty, forced commands etc.). 

The sensible way to achieve what the OP wants is to use an SSH agent.

Cheers, 

  Peter.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 203 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.centos.org/pipermail/centos/attachments/20140303/9fc6cb3c/attachment-0005.sig>