[CentOS] ssh-askpass in bash script

Tim Dunphy bluethundr at gmail.com
Sun Mar 2 19:28:28 UTC 2014


>
> But having a script which automatically connects without the 'big ugly
> password' isn't a security risk?
> I don't follow.


Well, ssh-askpass stores your password in a hash and has some security
features built into it. It's not really a simple script. It's job is to
enter your pass phrase for you so do you don't have to type it in every
time.



> Also, you could further secure the authorized_keys file by only permitting
> the key to be used from a certain location, if you don't trust the security
> of your own private key.


It's not that I don't trust my own private key. It's that NO private key is
really very secure if it isn't password protected.


On Sun, Mar 2, 2014 at 2:19 PM, Joseph Spenner <joseph85750 at yahoo.com>wrote:

>
>
>
> On Mar 2, 2014, at 11:55 AM, Tim Dunphy <bluethundr at gmail.com> wrote:
>
> >
> >> On Sun, Mar 2, 2014 at 1:26 PM, Alexander Dalloz <ad+lists at uni-x.org>
> wrote:
> >>
> >> Am 02.03.2014 19:16, schrieb Joseph Spenner:
> >>
> >>> Why not just use authorized_keys with an empty pass phrase?
> >>
> >> Because that is discouraged due to security.
> >>
> >> Alexander
> >>
> >> _______________________________________________
> >>
>
> But having a script which automatically connects without the 'big ugly
> password' isn't a security risk?
> I don't follow.
> Also, you could further secure the authorized_keys file by only permitting
> the key to be used from a certain location, if you don't trust the security
> of your own private key.
>
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



-- 
GPG me!!

gpg --keyserver pool.sks-keyservers.net --recv-keys F186197B



More information about the CentOS mailing list