Subject: Re: Re: Re: ssh-add and crontab
To: Martin Husemann <>
From: Joel CARNAT <>
List: netbsd-users
Date: 03/17/2005 16:02:28
Dans l'épisode précédent (Thu, Mar 17 2005 - 15:36), Martin Husemann nous apprenait que :
> On Thu, Mar 17, 2005 at 03:32:15PM +0100, Joel CARNAT wrote:
> > your script looked a bit complex for me...
> > so I used the SSH_AUTH_SOCK/SSH_AGENT_PID way of doing it.
> I might be missing the whole point of this, but using an artificial
> connection to a differen ssh-agent sounds a bit strange to me.

 I don't get the "artificial" notion.
 I mean, I do use ssh-agent for other connections anyway.
 My question was (how) to have cron's job know about already running ssh-agents.

 Having my cron job getting its env variable (that I have in all my
 XTerm because they are set from .xsession) don't sound "artificial" to
 me :)

> Why don't you just create another key soley for this purpose, without
> a passphrase, and let the cron jobs use that?

 I used to use that - the SSH key I used to automatically upload/download things
 to my home used to have no passphrase. I just felt it was more secure to set a
 passphrase and use the ssh-agent feature.

 Of course, having a passphrase-free key and sudo configured to allow
 only a bunch of commands for the user connecting with this passphrase is
 my usual way of doing this. Furthemore, this way of connecting will
 still work when I'm not loggued on the workstation, whereas the
 'ssh-agent solution' probably won't when I logoff (because I guess
 ssh-agent will terminate).

 Maybe I'll discover this way of doing things really sux (for whatever
 reasons). My primary goal was : right, I have ssh-agent running that
 allows me to enter my passphrase only once ; what more can't I do with
 this tool ? :)

,-- This mail runs ---------.
`------------ NetBSD/i386 --'