[kde-linux] Starting ssh at log-in

Anne Wilson cannewilson at tiscali.co.uk
Wed Nov 22 19:48:05 UTC 2006

On Wednesday 22 November 2006 13:21, Boyan Tabakov wrote:
> I tried this here, and it worked just fine. However what troubles me is
> that you are not prompted for the password the second time you invoked
> konsole. This could only mean that an authentication method other than
> password authentication was used. 
> Maybe you have copied the public ssh 
> client key in your remote authorized_hosts file and forgot to remove it? Or
> you have your password stored elsewhere?
> What exactly is the backup procedure? Do you open an ssh session and then
> execute a command on the remote host, or something else?

My concern is not severe, since this is a family lan and I have no reason to 
mistrust any family member.  However, on principle, I like to have a number 
of layers of security.  Of course my user password is the first obstacle.  
After that, there is the matter of running shell scripts that copy data 
across to the server.  For this my ssh passphrase is required.  I may be 
working actually away from the computer at the time that cron requires the 
passphrase, so I use keychain to cache it.

The script cannot copy the data across to the server without ssh.  Three times 
a day it runs to copy across any changed data files, to minimise the 
possibility of lost data.

> If what you really need is confirmation before you do the backup, you can
> do this in shell script and leave the authentication automated as I
> described, using the public key authentication method. For example:
> #!/bin/bash
> echo "Are you sure? (y/n)"
> read answer
> case $answer in
>         y|Y)
>         # your backup command goes here
>         ;;
>         *)
>         # do nothing
>         ;;
> esac

I don't think that's exactly what I need.  All I am concerned with is

a) I must be asked for the passphrase to enable the scripts to work
b) it should happen early enough to avoid the situation where I get busy in 
the next room and forget to do it in time for the first call.

I suppose I'm close to being paranoid on this - if I'm not working at the box 
there probably isn't much to transfer anyway.  All the same, there's not much 
point in using ssh unless I make it as secure as possible and convenient as 
possible without losing that security.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://mail.kde.org/pipermail/kde-linux/attachments/20061122/19ee1669/attachment.sig>

More information about the kde-linux mailing list