[NCLUG] Debian 3.1 and rsh/rlogin

Bob Proulx bob at proulx.com
Fri Mar 25 09:27:53 MST 2005


Brett Johnson wrote:
> Or better yet, use ssh keys with a passphrase, and load them into
> ssh-agent (i.e. ssh-add).  Then you'll only have to type the passphrase
> once, when your X session starts (or whenever you start ssh-agent, if
> your xsession doesn't start it for you).  And as a bonus, it's actually
> fairly secure.  And "ssh -AX" is just plain friggin' cool ;)

Of course I agree completely with your general statement.  I am also a
ssh-agent user and would not give it up.

However users do tend to do things that don't always match what we
want them to do.  One of them is jobs from cron.  Normally those jobs
will not be able to access your credentials from a personal ssh-agent.
(This is not a challenge to see who can tie those together so that you
can use ssh-agent from cron.  I have seen several.  Most are
complicated, fragile and the same or less secure than just doing the
normal thing.)

And jobs run by batch queue systems such as Sun's grid are similarly
unable to use an ssh-agent because there is no real connection between
a random job on a random machine and your own credentials.  This is
similar to trying to run an X application into a compute farm.  Other
than running a wide open X server with "xhost +" it is difficult to
provide the old rsh and set DISPLAY functionality.

Bob



More information about the NCLUG mailing list