Or you could just avoid passphraseless SSH keys entirely, and instead use passphrase-protected SSH keys and ssh-agent. libpam-ssh makes it trivial to use ssh-agent. -- [unknown]

I'm not sure what problem is being solved here. Why are we considering separate identities per program? Is the answer not to use one identity, and use 'ssh-agent' to store the key passphrase for any commands that need ssh in the entire session? —bignose

ssh-agent is not useful when things are being run from cron.

If this is for automated backup purposes (... or something similar), I just write a shell script for the particular task that needs to be done (no parameters accepted) and restrict the passwordless key to that. At least this way, I don't have to worry about input validation, at all. -- novakyu

Ah, okay. The list of things being done didn't look especially like scheduled tasks, hence my question of what problem was being solved. I agree that for unattended access, a passphraseless key with a 'command="do_one_thing",from="foo.example.org"' option set in the 'authorized_keys' file is probably best. —bignose