26 Jun 2009 hands   » (Master)

Securing passphrase-less ssh, using ssh-agent, command=, sudo and rrsync

I just came across yet another example of someone assuming that it's OK to create a passphrase-less ssh key and grant it root access on a remote machine.

Prompted by that, I've written how to do passphraseless-ssh properly.

One trick that I mention is having a script like this:

  #!/usr/bin/ssh-agent /bin/sh
ssh-add
ssh -A remote-server ~/bin/kick-off-job

allowing the remote machine to access us, but only when we're talking to them.

Syndicated 2009-06-26 09:13:44 from chezfil

Latest blog entries     Older blog entries

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!