Beefy Boxes and Bandwidth Generously Provided by pair Networks
P is for Practical
 
PerlMonks  

Re: plaintext password in scripts run through cron

by ptkdb (Monk)
on Oct 17, 2003 at 12:12 UTC ( #299986=note: print w/ replies, xml ) Need Help??


in reply to plaintext password in scripts run through cron

It is possible to configure ssh for 'auto-login' through public keys. However, the configuration can be a headache the first time through. Especially since the standard can vary widely between various vendor ssh's and openssh and ssh and ssh2. Also, older versions of SSH were VULNERABLE to certain worm attacks.

SSH has a variety of configuration options that let you login through the use of generated keys. Consult the man pages on ssh and ssh-keygen. What you do is generate an RSA or DSA key for your system and put the identity.pub(public version of the key) into the .ssh/authorized_keys file on the systems that you want to login to remotely without a password and set your .ssh/config file to accept a key instead of a password.

Good book on the subject: SSH, the Secure Shell

Web Reference for SourceForge's SSH system: Guide To Generating and Posting SSH Keys

Do this with CAUTION. It leaves cleartext off of your system of course, but if someone were to appropriate the identity files it could leave your target systems vulnerable.

One thing you could do is to replace the private identity key in your home system with a symlink to /mnt/floppy or /mnt/cdrom and keep the files there and only insert them when you get to work. I'm not sure that will work though, I've never done it myself, having just thought of it now, but I'm dying to try it. :)

My own .ssh/config files at home are setup in this way for a couple of sytems, and I'll see if I can't put a more detailed write up here later.

update:

This is a very handy technique for CVS systems that are accessed through ssh, spares you alot of entering/re-entering passwords. Setting this up and using PCL-CVS under emacs actually makes CVS almost fun to use.

Confession:

I tried to put the <blink> tag around 'vulnerable'.


Comment on Re: plaintext password in scripts run through cron

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://299986]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others meditating upon the Monastery: (8)
As of 2014-07-12 15:38 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    When choosing user names for websites, I prefer to use:








    Results (240 votes), past polls