Bash script to avoid typing SSH key passphrase not working

krishnar · 06-04-2018, 07:43 PM

Hello Experts,

I have a 2 line bash script to start SSH agent so that I don't have to type the passphrase again and again. But it not working as I expect. Its asking the passphrase even after I run the script.

Can anyone please tell me what is wrong this script?

Code:

user@computer:~$ ./bash.sh
Agent pid 18
Enter passphrase for /home/user/.ssh/id_rsa:
Identity added: /home/user/.ssh/id_rsa (/home/user/.ssh/id_rsa)


user@computer:~$ ssh 192.168.0.18
Enter passphrase for key '/home/user/.ssh/id_rsa':   ----> ASKING PASSPHRASE AGAIN!!
user@computer:~$

user@computer:~$ cat bash.sh
#!/bin/bash
eval `ssh-agent -s`
ssh-add
user@computer:~$

Additional info:

Code:

user@computer:~$ cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=15.10
DISTRIB_CODENAME=wily
DISTRIB_DESCRIPTION="Ubuntu 15.10"

ondoho · 06-05-2018, 02:35 AM

it doesn't surprise me.
i think the software expect was written for cases like these.
or maybe ssh has an option to read password from stdin?
also you can blank the key's passphrase.
so now you have 3 separate solutions, i hope one of them is to your liking.

Turbocapitalist · 06-05-2018, 02:42 AM

You have the right idea but notice that you are creating a new agent process each time you run the script. You'll want to modify the script to find an existing agent and use that if it is available but only launch a new agent if one is needed.

Also, Ubuntu 15.10 reached end of life many years ago, you should switch to a different version PDQ.
https://wiki.ubuntu.com/Releases

krishnar · 06-05-2018, 11:34 AM

I changed the script like this, but still not working. I am not sure what is the issue.

Code:

#!/bin/bash
ssh-add
if [ $? -ne 0 ]
then
        eval `ssh-agent -s`
        ssh-add
fi

Turbocapitalist · 06-05-2018, 12:07 PM

Before you can use the existing agent you'll have to track down which socket it is using, if there is one.

Code:

#!/bin/sh

PATH=/bin/:/usr/bin:/usr/local/bin;

agentpid=$(pgrep -u krishnar -ox ssh-agent);

if [ $agentpid -gt 1 ]; then
        echo Agent Exists.  Loading socket path.
        SSH_AUTH_SOCK=$(
                sudo lsof -p $agentpid \
                | awk '$5=="unix"{print $9;exit;}'\
        );
        export SSH_AUTH_SOCK;

else
        echo Agent Missing.  Launching agent.
        eval $(ssh-agent -s);

fi

echo Done.

Then 'source' it.

Code:

 
. /some/path/to/your/script

Edit: note the space after the dot.

X-LFS-2010 · 06-05-2018, 12:37 PM

what i did is to have phrases auto generated and distributed to all participating PC

caveat: all the pc have to be running, and first login you have to answer "Yes" and type password

==================

do i see a LAN IP? hey if it's just between two 'nix boxes on a LAN use rsh(1), finished quick - you'll love the speed improvement, no encryption who cares

TB0ne · 06-05-2018, 01:11 PM

Quote:

Originally Posted by X-LFS-2010

what i did is to have phrases auto generated and distributed to all participating PC caveat: all the pc have to be running, and first login you have to answer "Yes" and type password

...which is exactly what the OP is trying to AVOID...typing in things over and over.

Quote:

do i see a LAN IP? hey if it's just between two 'nix boxes on a LAN use rsh(1), finished quick - you'll love the speed improvement, no encryption who cares

Sorry, but are you serious??? RSH and other such protocols aren't used for good reasons; security is ALWAYS something to care about. SSH (keyless) is far faster, easier, and more secure. There is zero reason to use rsh, and there hasn't been for going on 20 years now.

scasey · 06-05-2018, 05:03 PM

If the key is generated with a passphrase, won't the passphrase always be required when the key is used?

OP, can you generate and distribute a key that doesn't contain a passphrase? (one of ondoho's suggestions)

Turbocapitalist · 06-05-2018, 09:28 PM

Quote:

Originally Posted by scasey

If the key is generated with a passphrase, won't the passphrase always be required when the key is used?

Only when it is loaded into the agent. After that, the agent takes care of the key and responds to authentication requests. If a key is made without a passphrase then it really ought to be locked down by prepending command="..." in the authorized_keys file where ... is a specific command with specific options.

What appears to be happening is that krishnar's script keeps launching new agents and loading the key into each one rather than doing that just once.

krishnar · 06-08-2018, 02:00 PM

I am still confused.

Code:

user@5CG5372W36:~/python/AWS$ eval `ssh-agent -s`
Agent pid 924
user@5CG5372W36:~/python/AWS$ echo  $SSH_AGENT_SOCK

user@5CG5372W36:~/python/AWS$

Why the SSH_AGENT_SOCK value is not showing after I ran the 'eval `ssh-agent -s`' command? I am totally lost.

Turbocapitalist · 06-08-2018, 02:06 PM

The variable $SSH_AGENT_SOCK is not used so it should be empty. Please check $SSH_AUTH_SOCK instead.

dugan · 06-08-2018, 02:21 PM

If you're not set on rolling your own solution and you're willing to use an existing one, try:

https://www.funtoo.org/Keychain