Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I found the following claim in the documentation for Net::OpenSSH:
Note that using password
authentication in automated scripts is
a very bad idea. When possible, you
should use public key authentication
instead.
What’s flawed in using password authentication in automated scripts?
Passwords are easier to guess/brute force than private keys (unless you are running Debian 😉
Imagine you have a user account which runs 120 different automated scripts. If you hardcode password into each of them you now have 120 places to change it.
If you place the password into a config file and have all 120 scripts read it from the file sooner or later somebody will accidentally make that file world readable. ssh won’t work when the private key is not 600.
Somebody can decide to change user’s password without thinking about the possibility of it being hardcoded in some script. You are more likely to stop and think before changing the private key.