从bash脚本ssh-add并自动输入密码短语 [英] ssh-add from bash script and automate passphrase entry
问题描述
我正在尝试从脚本中添加ssh(目前不在乎安全性).
现在ssh会提示您输入密码,该密码需要自动执行,因此我阅读了期望.
现在我要执行以下操作:
eval`ssh-agent -s` 脚本tmp.sh定义为:
#!/usr/bin/expect生成ssh-add/root/.ssh/id_rsa期望输入/root/.ssh/id_rsa的密码:"发送"my_pass"相互作用 ./tmp.sh
ssh-add -l </code>
如果ssh-add可以正常工作,则显示类似
4096 SHA256:wlfP/nhVSWXLcljBOen5GSYZXJGgfi/XJWfZeBwqRsM id_rsa(RSA)
但是相反,我得到了该代理没有身份.似乎ssh-agent失去了它的上下文.
愿意接受其他解决方案来做到这一点.
我个人认为使用Expect有点麻烦.以下方法找到了如何使ssh-add读取密码的方法来自文件,内容丰富.
因此,如果您的 ssh-add 版本允许使用 -p 参数,并且您不担心安全性,那么此应该可以起作用:
#!/bin/bash#使用密码将文件存储在某个地方.举个例子#我只用$ HOME/.myscrt< $ HOME/.myscrt ssh-add -p〜/.ssh/id_rsa 现在,如果不是 -p 的选择,我发现第二种方法比较巧妙:
#!/bin/bash#相同的密码文件和链接OP的一些小改进# 解决方案PASS ="$(< $ HOME/.myscrt)"#以下只是制作可执行文件的一种方法#单行脚本将密码回显到STDOUT安装-vm700<(echo"echo $ PASS")"$ PWD/ps.sh"#然后魔术发生了.注意:应该设置您的DISPLAY变量#使此方法起作用(请参阅ssh-add(1))[[-z"$ DISPLAY"]]&&出口DISPLAY =:0<id_rsa SSH_ASKPASS ="$ PWD/ps.sh" ssh-add-&&切碎-n3 -uz $ PWD/ps.sh 当我测试脚本时,我称为"j",请参见下文:
$ cd/tmp$ ssh-keygen生成公共/私有rsa密钥对.输入要在其中保存密钥的文件(/home/me/.ssh/id_rsa):/tmp/id_rsa输入密码(无密码时为空):asdfasdf再次输入相同的密码:asdfasdf您的标识已保存在/tmp/id_rsa中.您的公钥已保存在/tmp/id_rsa.pub中.关键指纹是:ed:1a:ae:c7:ac:47:5e:31:98:8e:18:8f:1c:67:94:6d jimconn @ redapt-240密钥的randomart图像为:+-[RSA 2048] ---- +|o ||o E ||..o ||o o o.o ||.O oS .o ||+ o o .. ||= ... ||.* o ||o = o |+ ----------------- +$ echo'asdfasdf'>〜/.myscrt$ chmod 0600〜/.myscrt$ ls -altr〜/.myscrt-rw ------- 1 me me 16年2月9日19:00/home/me/.myscrt$猫〜/.myscrtasdfasdf$ ls -ltr总共12-rw-r--r-- 1 me me 400 2月16日18:59 id_rsa.pub-rw ------- 1 me me 1766年2月16日18:59 id_rsa-rwx ------ 1 me me 151 2月16日19:04 j$猫j#!/bin/bashPASS ="$(< $ HOME/.myscrt)"安装-vm700<(echo"echo $ PASS")"$ PWD/ps.sh"猫id_rsa |SSH_ASKPASS ="$ PWD/ps.sh" ssh-add-&&切碎-n3 -uz $ PWD/ps.sh$ ./j‘/dev/fd/63’->‘/tmp/so/ps.sh’添加的身份:(stdin)((stdin))$ lsid_rsa id_rsa.pub j 因此,对此方法要快速注意的一件事是,列出加载到 ssh-agent 中的身份只会显示 stdin 已加载:
$ ssh-add -D所有身份已删除.$ ssh-add -l2048年ed:1a:ae:c7:ac:47:5e:31:98:8e:18:8f:1c:67:94:6d(stdin)(RSA)$ ./j‘/dev/fd/63’->‘/tmp/so/ps.sh’添加的身份:(stdin)((stdin))$ ssh-add -l2048年ed:1a:ae:c7:ac:47:5e:31:98:8e:18:8f:1c:67:94:6d(stdin)(RSA) I am trying to do ssh-add from script (don't care about about security at the moment).
Now ssh prompts for passphrase, which needs to be automated, so i read couple of things like this and found expect.
And now i do following:
eval `ssh-agent -s`
script tmp.sh defined as :
#!/usr/bin/expect
spawn ssh-add /root/.ssh/id_rsa
expect "Enter passphrase for /root/.ssh/id_rsa:"
send "my_pass"
interact
./tmp.sh
ssh-add -l
If ssh-add would have worked it shows something like
4096 SHA256:wlfP/nhVSWXLcljBOen5GSYZXJGgfi/XJWfZeBwqRsM id_rsa (RSA)
But instead i get The agent has no identities. Seems like ssh-agent looses it's context.
Am open to other solutions to do this.
Personally, I find the use of expect a bit cumbersome. The following approach found how to make ssh-add read passphrase from a file rather informative.
So if your version of ssh-add allows the -p argument and you are not worried about security then this should work:
#!/bin/bash
# store a file somewheres with your passphrase. For example's sake
# I'll just use $HOME/.myscrt
<$HOME/.myscrt ssh-add -p ~/.ssh/id_rsa
Now if -p is not an option for you, I found the second method mildly ingenious:
#!/bin/bash
# Same passfile and some minor enhancements from the OP of the linked
# solution
PASS="$(<$HOME/.myscrt)"
# the following is just a one-liner method of making an executable
# one-line script echoing the password to STDOUT
install -vm700 <(echo "echo $PASS") "$PWD/ps.sh"
# then the magic happens. NOTE: your DISPLAY variable should be set
# for this method to work (see ssh-add(1))
[[ -z "$DISPLAY" ]] && export DISPLAY=:0
< id_rsa SSH_ASKPASS="$PWD/ps.sh" ssh-add - && shred -n3 -uz $PWD/ps.sh
When I tested the script I called "j", see below:
$ cd /tmp
$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/me/.ssh/id_rsa): /tmp/id_rsa
Enter passphrase (empty for no passphrase): asdfasdf
Enter same passphrase again: asdfasdf
Your identification has been saved in /tmp/id_rsa.
Your public key has been saved in /tmp/id_rsa.pub.
The key fingerprint is:
ed:1a:ae:c7:ac:47:5e:31:98:8e:18:8f:1c:67:94:6d jimconn@redapt-240
The key's randomart image is:
+--[ RSA 2048]----+
| o |
| o E |
| . . o |
| o o o.o |
| . O oS .o |
| + o o.. |
| =... |
| .*o |
| o=o |
+-----------------+
$ echo 'asdfasdf' > ~/.myscrt
$ chmod 0600 ~/.myscrt
$ ls -altr ~/.myscrt
-rw------- 1 me me 9 Feb 16 19:00 /home/me/.myscrt
$ cat ~/.myscrt
asdfasdf
$ ls -ltr
total 12
-rw-r--r-- 1 me me 400 Feb 16 18:59 id_rsa.pub
-rw------- 1 me me 1766 Feb 16 18:59 id_rsa
-rwx------ 1 me me 151 Feb 16 19:04 j
$ cat j
#!/bin/bash
PASS="$(<$HOME/.myscrt)"
install -vm700 <(echo "echo $PASS") "$PWD/ps.sh"
cat id_rsa | SSH_ASKPASS="$PWD/ps.sh" ssh-add - && shred -n3 -uz $PWD/ps.sh
$ ./j
‘/dev/fd/63’ -> ‘/tmp/so/ps.sh’
Identity added: (stdin) ((stdin))
$ ls
id_rsa id_rsa.pub j
So, one thing to quickly note about this method is that listing the identities loaded into ssh-agent will only show that stdin was loaded:
$ ssh-add -D
All identities removed.
$ ssh-add -l
2048 ed:1a:ae:c7:ac:47:5e:31:98:8e:18:8f:1c:67:94:6d (stdin) (RSA)
$ ./j
‘/dev/fd/63’ -> ‘/tmp/so/ps.sh’
Identity added: (stdin) ((stdin))
$ ssh-add -l
2048 ed:1a:ae:c7:ac:47:5e:31:98:8e:18:8f:1c:67:94:6d (stdin) (RSA)
这篇关于从bash脚本ssh-add并自动输入密码短语的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
