Sending passphrase w/o keyboard interaction
Damien Miller
djm at mindrot.org
Tue Sep 28 10:25:02 EST 2004
Morgan Small wrote:
> I have an account where I have DSA key setup with a passphrase. I am trying
> to write a script to ssh over to another Unix server, without having to type
> in the passphrase and have ssh read the passphrase from either a file or
> pass it in from the command line. Is there a way to do something like this?
> I know that we can it so I don't need to enter a passphrase but we don't
> want to do that.
You could use ssh-agent, which will allow you to enter the passphrase
once per system boot.
If you don't want to do this, then you might as well make a
passphraseless key, because you will need to store the passphrase
someone on the system anyway.
If you still want to do this, you could feed a key into the agent by
providing a ssh-askpass that just echos the passphrase to stdout and
doing something like:
SSH_ASKPASS=/path/to/script_which_echoes_passphrase DISPLAY=foo \
ssh-add /path/to/key </dev/null
Otherwise, use expect.
-d
More information about the openssh-unix-dev
mailing list