automated ssh with provision for passphrase


 
Thread Tools Search this Thread
Top Forums Shell Programming and Scripting automated ssh with provision for passphrase
# 1  
Old 01-27-2009
automated ssh with provision for passphrase

Below is a part of my shell script. Currently I have shared the public key of the client with the host, therefore I will not be prompted for the password.

The key that has been created on the client is also without a passphrase. If it is created with a passphrase, the code I have will not suffice as the script waits for the passphrase to be entered.


Code:
ssh -l "$remoteuser" "$remotecomputer" "cd ${sourceDir} && cp -rf ${filename} ${destDir} && cd ${destDir} && /opt/oracle/ormerck/product/10.2.0.4/bin/unzip -o ${filename}"

Is there a mechanism where I still create the key with a passphrase and be able to even send the passphrase in my script (or not be prompted for the passphrase)?

Also, what are the risks associated with having a key created without the passphrase?

Any help would be appreciated!
# 2  
Old 01-27-2009
ssh-keygen asks if you want to use a password - you have to leave the answer blank and hit return. You will have to create new keys if you want passwordless.
This explains it:
ssh-keygen: password-less SSH login

ssh is a reasonably secure protocol. There is no good way to get ssh to accept a password in a script. That defeats security. That is the reason for keys.

I have not tried it, but apparently you can make an expect script to give a password to ssh or sftp or whatever.
# 3  
Old 01-27-2009
Quote:
Originally Posted by jim mcnamara
ssh-keygen asks if you want to use a password - you have to leave the answer blank and hit return. You will have to create new keys if you want passwordless.
This explains it:
ssh-keygen: password-less SSH login

ssh is a reasonably secure protocol. There is no good way to get ssh to accept a password in a script. That defeats security. That is the reason for keys.

I have not tried it, but apparently you can make an expect script to give a password to ssh or sftp or whatever.
I'm using a sh script - #!/bin/sh

I don't think I can use expect with this. I believe expect requires tcl to be installed. That takes it back to my initial question "Is there any way of sending the passphrase in the script?"
# 4  
Old 01-27-2009
Short answer: no. ssh/scp/sftp/su/sudo do check where input is coming from and, if needed, override that by opening the terminal as stdin.
expect works around that by not changing stdin but instead attaching to it.
Login or Register to Ask a Question

Previous Thread | Next Thread

9 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Supply passphrase for ssh in script

I would like to write a bash shell script which will connect to remote server using passphrase. (I have public-private infrastructure created, and as per instruction, I must not use password less ssh). This particular script will be fired from cron. Can you please advice how I can supply the... (2 Replies)
Discussion started by: atanubanerji
2 Replies

2. Solaris

How to disable/bypass passphrase prompt in ssh?

Hi Folks, I have setup a passwordless connection from my Linux ( source) machine toSolaris ( destination ) machine. I have added passphrase while creating the rsa key. Now problem is each time when i make a connection i have to give the passphrase to make connection. How to override this ? I... (4 Replies)
Discussion started by: chidori
4 Replies

3. OS X (Apple)

ssh passphrase issues - Mac OS X

ssh passphrase permissions issues I will try to be as thorough as possible, but keep in mind I am a designer, not a programmer... I do have linux mdadm experience and am reasonably comfortable behind the terminal, but I may need things to be spelled out for me. I am using 2 new-ish Macs with... (1 Reply)
Discussion started by: Ahab the Eskimo
1 Replies

4. UNIX for Advanced & Expert Users

ssh: require passphrase from some servers but not others

We have a number of linux clusters running Oracle. The clusters require that all member nodes have promptless/passwordless login through ssh (ie. the keys were created with null passphrases). We also have a management server that is not a member of any cluster but routinely connects to nodes of all... (3 Replies)
Discussion started by: Squeakygoose
3 Replies

5. Shell Programming and Scripting

Automated script to SSH to another server

Hi guys, I have a script which looks a little like this; grep $id /usr/local/production/service/distributor/clients/*/out/events.xml | awk -F/ '{print $8}' I want to be able to run this on my dev box, so need to add something into the script which will SSH onto the live server, collect the... (2 Replies)
Discussion started by: JayC89
2 Replies

6. Shell Programming and Scripting

Automated ssh to multiple boxes

I have a script that will ssh to several different servers, perform a command, display the output, and exit. It works well, but I have to enter my password for each server. That gets a little cumbersome when you have a couple dozen servers. Anyone out there know how to automate this so that I only... (2 Replies)
Discussion started by: fedexer
2 Replies

7. Solaris

SSH passphrase and Password

Hello all, Today we run ssh with keys on all our Solaris systems. But I wounder: Is it possible to add another authentication too. Like the os/system regular password so the users first need to enter the ssh phasssphrase and after that they need to enter the os/system password. I need like... (3 Replies)
Discussion started by: jOOc
3 Replies

8. UNIX for Advanced & Expert Users

passphrase and ssh authentication

In which case could be better don't use a passphrase creating an authentication key for ssh comunications? Thanks in advance. (1 Reply)
Discussion started by: Minguccio75
1 Replies

9. UNIX for Advanced & Expert Users

ssh - at login Passphrase for key required

Hello, I want to use a shell-script to transfer data over sftp. I donīt find a way to login in automatically. I tried to send the password in a script like possible with ftp sftp user@server << cmd password cd /distant/directory lcd /local/directoryget ssh_install get ( or put) your... (2 Replies)
Discussion started by: olso
2 Replies
Login or Register to Ask a Question