|Keep It Simple, Stupid|
Re: plaintext password in scripts run through cronby ptkdb (Monk)
|on Oct 17, 2003 at 12:12 UTC||Need Help??|
It is possible to configure ssh for 'auto-login' through public keys. However, the configuration can be a headache the first time through. Especially since the standard can vary widely between various vendor ssh's and openssh and ssh and ssh2. Also, older versions of SSH were VULNERABLE to certain worm attacks.
SSH has a variety of configuration options that let you login through the use of generated keys. Consult the man pages on ssh and ssh-keygen. What you do is generate an RSA or DSA key for your system and put the identity.pub(public version of the key) into the .ssh/authorized_keys file on the systems that you want to login to remotely without a password and set your .ssh/config file to accept a key instead of a password.
Good book on the subject: SSH, the Secure Shell
Web Reference for SourceForge's SSH system: Guide To Generating and Posting SSH Keys
Do this with CAUTION. It leaves cleartext off of your system of course, but if someone were to appropriate the identity files it could leave your target systems vulnerable.
One thing you could do is to replace the private identity key in your home system with a symlink to /mnt/floppy or /mnt/cdrom and keep the files there and only insert them when you get to work. I'm not sure that will work though, I've never done it myself, having just thought of it now, but I'm dying to try it. :)
My own .ssh/config files at home are setup in this way for a couple of sytems, and I'll see if I can't put a more detailed write up here later.
This is a very handy technique for CVS systems that are accessed through ssh, spares you alot of entering/re-entering passwords. Setting this up and using PCL-CVS under emacs actually makes CVS almost fun to use.
I tried to put the <blink> tag around 'vulnerable'.