[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: cryptic netcat
- To: misc_(_at_)_openbsd_(_dot_)_org
- Subject: Re: cryptic netcat
- From: Alexander Bochmann <bochmann_(_at_)_FreiNet_(_dot_)_de>
- Date: Wed, 4 Oct 2000 17:11:14 +0200
...on Tue, Sep 26, 2000 at 11:46:40AM +0100, John Wright wrote:
> On Tue, Sep 26, 2000 at 11:44:06AM +0200, Alexandre Dulaunoy wrote:
> > On Tue, 26 Sep 2000, John Wright wrote:
> > > On Mon, Sep 25, 2000 at 03:25:05PM -0300, Rafael Coninck Teigao wrote:
> > > > You could make an encrypted tunnel with ssh.
> > > The difference being that you need a login on the destination box.
> > That's not true, you can keep key with ssh-agent and using standard script
> > with scp & so on without typing any password. (i use it everyday).
> No. It is true. You *have* to login to another box. ssh-agent just means
> you don't have to enter a password or passphrase. I use ssh-agent too.
Create a new ssh identity with an empty passphrase and put the
public key in the authorized_keys on the destination machine.
use ssh -i ~/.ssh/key -o BatchMode=yes remotehost
You will not be asked for a passphrase and you don't need ssh-agent
(if you can live with unprotected keys).
I think the risk is acceptable with restricted-use logins that
for example just run a specific program (man sshd and look for
the options in authorized_keys).