SSH and unattended processes

I have an Ant build that will sometimes execute a 'git push' within a directory on my server. I can do this fine interactively because it asks for the passphrase for my key, but this becomes problematic if you set up a cron job to run the build unattended.

Are there options for me beyond not using a passphrase? I've heard of using ssh-agent, but I've also heard for unattended processes that route won't work. Does anyone have any recommendations for this, and perhaps an example开发者_Go百科 of how to implement it?

I saw that someone suggested to run the cron as a daemon here: Accessing SSH key from bash script running via a cron job -- but I'm not sure how I could do that or put in my passphrase without compromising it by putting it in plain text, etc.

Any help greatly appreciated.

First, set yourself up for password-less login.

Use ssh-keygen to generate a public/private key pair with no password. Append the public key to ~/.ssh/authorized_keys on the server.

Then run ssh -i /path/to/private_key server to confirm that the password-less login is working.

Finally, configure git to use that ssh -i ... command.

As @mah suggests, you might want to create a specific git account on the server. You add the public key to ~git/.ssh/authorized_keys to enable the password-less login.

authorized_keys also has options to restrict what commands the incoming connection can run. If you are interested in those features, read the SSH documentation.

And of course, you want to keep the private key file readable only by you.

I would solve this by creating a restricted account on the git server and have the ant client use a keyless cert to that restricted account.