Chris Green wrote:
On Thu, May 19, 2005 at 06:13:45PM +0100, Wayne Stallwood wrote:
That said, I am guilty of doing the same thing so that an automated script can rsync important docs on my laptop to the home machine. But I am very conscious of the fact that should I ever lose my laptop I'd better be getting my backside home to change the Private Key ASAP.
Yes, that's one of my reasons for doing it as well.
I use keychain for this (http://www.gentoo.org/proj/en/keychain/index.xml). It allows you to login and specify the passphrase for the keys you want and it sticks around after you've logged out and keeps ssh-agent running for you. Your rsync job can then use the ssh-agent to allow it to login without a password and if someone manages to steal your key they still don't know the passphrase. Of course, if anyone gains access to the account on the client machine while keychain is running they can still log into your server.
JD