[tclug-list] Giving SSH a password without typing

[Troy.A Johnson]

>>> Jima <jima at beer.tclug.org> 05/24/05 10:20 AM >>>
On Tue, 24 May 2005, Brock Noland wrote:
> I work for a large corporation and there is about 2200 boxes in my...
>... keys for authentication. The password will NOT be stored in the
> script.
Okay, that's somewhat better.  I have some reservations about how long 
the password is held in memory plaintext by the script (I can't imagine 
ssh holds it as such for any longer than it must), but I suppose that's a

fairly minimal risk.
> I am writing some scripts for my own personal use that I want to be
> able to go out to say 400 boxes and then run some command. Since I
> have the same username and password, I plan on writing a script which
> asks for them once and then stores them, in a variable - only
> temporarily, for all of the boxes.
Wait.  The wording of that suggests the password is the same on 400 
machines.  THAT I consider a huge security risk.  I have a hard time 
believing I'm the only one.

I agree that the risk is greater, but it may be necessitated by a 
single authentication source, or human memory (I cannot remember
400 different passwords).

It seems Brocks solution must be acceptable to The Inane Powers 
That Be. I deal with them too sometimes. They are a PITA. :-)

Have a good one, and good luck!

Troy