|
|
|
|
|
|
by cnvogel
4986 days ago
|
|
|
Besides the reference made by "wiredfool" about ssh-agent further down (which remembers the decrypted keys once you've entered the corresponding password so that other ssh sessions can use them without bothering you again, and: this connection can also be forwarded through consecutive ssh-sessions!)... - You can mitigate the danger arising from unencrypted ssh-keys laying around by either generating special-purpose users for a certain task, or... - you can set restrictions on what a certain ssh-key is allowed on the target host. This is described in the sshd(8) manual page, section "AUTHORIZED_KEYS FILE FORMAT". Of course the other remedy against having to type passwords repeatedly is to use the pretty "ControlMaster" feature: The 2nd and following ssh-session re-uses the already authenticated channel of the first ssh connection. (ssh_config(5) manual page, section on ControlMaster). |
|
|