ssh-agent or Empty Password Keys

You can configure SSH to use the ssh-agent or to use empty password keys . If you use empty password keys, the generated SSH private key is stored with an empty password. As a result, you do not need a password to access the key. When you use SSH to communicate with another machine that trusts its public key, you are not prompted for a password. When using the ssh-agent, the generated private key is stored with a secure password and saved on secure media. You communicate with another machine by starting the ssh-agent, uploading the private key from the secure media, and supplying the password. The private key is not stored on the file system, but is stored in the memory of the ssh-agent process.

When using the ssh-agent, the private key is stored with the ssh-agent that is running only on the Master Server. The public key is distributed to other machines on the network. When an SSH application requires authentication, it communicates with the ssh-agent to authenticate. You must turn on ssh-agent forwarding when making intermediate SSH connections to enable Local Distributors to proxy to the ssh-agent that is running on the Master Server for authentication. ssh-agent forwarding allows Local Distributors to authenticate to Local Distributors and Remote Agents that are downstream. This approach provides more security. Also, configuring the ssh-agent for use with the N1 Grid Service Provisioning System 5.0 is less complicated than configuring empty passwords.

When using empty passwords, the private key is stored on the file system of the machine without a password. Also, the private key must be present on all machines that initiate SSH communications. In the case of the N1 Grid Service Provisioning System 5.0, all Master Servers and Local Distributors that are connecting to applications downstream using SSH are required to have a private key. This approach provides less security.