Using key-pairs with cron

I'm looking for suggestion how to improve security of automatic
cvs checkouts.

I'm using a cron script to run a cvs checkout from SourceForge.
SourceForge has pserver access, but there's a long delay between
developer cvs checkins and pserver update, so for this application I
have to use my sf.net developer account to do the cvs checkouts to get
up-to-date files.

AFAIK, since I'm doing this checkout via cron I need to use a
password-less (no pass phrase) key pair.  But that means I've got a
private key on a server and that key could be used to gain access to
an account on sf.net.  (IIRC, hacked sf.net accounts have been used to
launch successful attacks on other machines.)

I'm not sure of the real security risk.  The server doing the
checkouts is not under my control.  Someone would have to hack the
account where the private key is stored.  My guess if someone could do
that they might also have root and then could just as easily capture a
pass-phrase.

Unfortunately, the public key at sf.net cannot be setup as single use.
And I cannot think of a way to use a password and use cron (I could
avoid using cron and have a long-running process that sleeps for hours
between checkouts, but that would need to be restarted manually).

I'm mostly concerned because my normal usage of keys is to always have a
good pass phrase.

Can anyone think of a better way to do the above? -- Keep in mind I cannot
do anything to change the way sf.net works.  How would you set
something like this up?


Thanks,

-- 
Bill Moseley
moseley@hank.org