I've been using ssh with a cron job to do backups for quite a while now.
But I'm realizing that the way I've been doing it (i.e., having the
cron job ssh in using a key without a passphrase) is rather insecure.
So I've been looking into ways to make the setup more secure by
integrating a passphrase into the mix.
This obviously has led me to the keychain utility, which appears to be
the generally recommended way to let cron jobs do unattended ssh. The
documentation generally recommendeds to start keychain when you log in,
which then lets all subsequent processes on the box access the ssh keys.
My problem is, though, I'm trying to enable this on a file server, which
I very rarely interactively log into. So consequently, starting
keychain on login won't solve the problem here.
I imagine that it could be possible to start keychain on system boot,
but I'm not thrilled with that idea either, as it would interrupt the
boot sequence with a password prompt and thus prevent completely
unattended booting of the file server.
Anyone have a good solution to this dilemma?
TIA,
DR
