我正在嘗試從腳本ssh-add(不關心當前的安全性)。從bash腳本ssh-add和自動化密碼短語
現在ssh提示輸入密碼,這需要自動執行,所以我讀了幾個例如this和發現expect。
,現在我做如下:
eval `ssh-agent -s`
腳本tmp.sh定義爲:
#!/usr/bin/expect
spawn ssh-add /root/.ssh/id_rsa
expect "Enter passphrase for /root/.ssh/id_rsa:"
send "my_pass"
interact
./tmp.sh
ssh-add -l
如果SSH-ADD會工作這表明像
4096 SHA256:wlfP/nhVSWXLcljBOen5GSYZXJGgfi/XJWfZeBwqRsM id_rsa (RSA)
而是我得到The agent has no identities.好像SSH代理失去它的上下文。
對此可以採用其他解決方案。
更新,因爲第一個沒有工作
我沒有嘗試這一點,但如果是真的約指望鬆動的背景下,這可能是一個好主意,後來將其設置:
自動口令-add.expect(取代tmp.sh)
/usr/bin/expect
spawn ./ssh-agent-ssh-add.sh /root/.ssh/id_rsa
expect "Enter passphrase for /root/.ssh/id_rsa:"
send "my_pass"
interact
ssh-agent-ssh-add.sh
#!/bin/sh
eval `ssh-agent -s`
ssh-add "[email protected]"
vl試試這個在最小 –
它說 代理pid 37 spawn SSH_AUTH_SOCK =/tmp/ssh-Zmv2bGZUfCKp/agent.36 SSH_AGENT_PID = 37 ssh-add /根/的.ssh/id_rsa 無法執行 「SSH_AUTH_SOCK =/TMP/SSH-Zmv2bGZUfCKp/agent.36」:執行 沒有這樣的文件或目錄 「產卵SSH_AUTH_SOCK =/TMP/SSH-Zmv2bGZUfCKp/agent.36 SSH_AGENT_PID = 37 ssh-add /root/.ssh/id_rsa「 –
你可以嘗試第二種方法嗎? –
我個人覺得使用起來有點麻煩。以下方法發現how to make ssh-add read passphrase from a file更具信息性。
所以,如果你的ssh-add版本允許-p參數,你不擔心安全問題那麼這應該工作:
#!/bin/bash
# store a file somewheres with your passphrase. For example's sake
# I'll just use $HOME/.myscrt
<$HOME/.myscrt ssh-add -p ~/.ssh/id_rsa
現在,如果-p是不是一個選擇,我找到了第二個方法婉轉巧妙:
#!/bin/bash
# Same passfile and some minor enhancements from the OP of the linked
# solution
PASS="$(<$HOME/.myscrt)"
# the following is just a one-liner method of making an executable
# one-line script echoing the password to STDOUT
install -vm700 <(echo "echo $PASS") "$PWD/ps.sh"
# then the magic happens. NOTE: your DISPLAY variable should be set
# for this method to work (see ssh-add(1))
[[ -z "$DISPLAY" ]] && export DISPLAY=:0
< id_rsa SSH_ASKPASS="$PWD/ps.sh" ssh-add - && shred -n3 -uz $PWD/ps.sh
當我測試了我所謂的 「J」 的腳本,見下圖:
$ cd /tmp
$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/home/me/.ssh/id_rsa): /tmp/id_rsa
Enter passphrase (empty for no passphrase): asdfasdf
Enter same passphrase again: asdfasdf
Your identification has been saved in /tmp/id_rsa.
Your public key has been saved in /tmp/id_rsa.pub.
The key fingerprint is:
ed:1a:ae:c7:ac:47:5e:31:98:8e:18:8f:1c:67:94:6d [email protected]
The key's randomart image is:
+--[ RSA 2048]----+
| o |
| o E |
| . . o |
| o o o.o |
| . O oS .o |
| + o o.. |
| =... |
| .*o |
| o=o |
+-----------------+
$ echo 'asdfasdf' > ~/.myscrt
$ chmod 0600 ~/.myscrt
$ ls -altr ~/.myscrt
-rw------- 1 me me 9 Feb 16 19:00 /home/me/.myscrt
$ cat ~/.myscrt
asdfasdf
$ ls -ltr
total 12
-rw-r--r-- 1 me me 400 Feb 16 18:59 id_rsa.pub
-rw------- 1 me me 1766 Feb 16 18:59 id_rsa
-rwx------ 1 me me 151 Feb 16 19:04 j
$ cat j
#!/bin/bash
PASS="$(<$HOME/.myscrt)"
install -vm700 <(echo "echo $PASS") "$PWD/ps.sh"
cat id_rsa | SSH_ASKPASS="$PWD/ps.sh" ssh-add - && shred -n3 -uz $PWD/ps.sh
$ ./j
‘/dev/fd/63’ -> ‘/tmp/so/ps.sh’
Identity added: (stdin) ((stdin))
$ ls
id_rsa id_rsa.pub j
所以,有一點需要注意的快速關於這個方法是列出裝入ssh-agent身份只會顯示stdin加載:
$ ssh-add -D
All identities removed.
$ ssh-add -l
2048 ed:1a:ae:c7:ac:47:5e:31:98:8e:18:8f:1c:67:94:6d (stdin) (RSA)
$ ./j
‘/dev/fd/63’ -> ‘/tmp/so/ps.sh’
Identity added: (stdin) ((stdin))
$ ssh-add -l
2048 ed:1a:ae:c7:ac:47:5e:31:98:8e:18:8f:1c:67:94:6d (stdin) (RSA)
你運行'的eval \'的ssh-agent -s \ ''或'eval'ssh-agent -s''? –
我運行了eval \'ssh-agent -s \'但是由於格式化我想能夠像這樣寫 –
如果你不關心安全性並且願意將密碼存儲在一個文件中,那麼你也可以完全從密鑰中刪除密碼。 – Kenster