LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-04-2018, 07:43 PM   #1
krishnar
Member
 
Registered: May 2016
Posts: 32

Rep: Reputation: Disabled
Bash script to avoid typing SSH key passphrase not working


Hello Experts,

I have a 2 line bash script to start SSH agent so that I don't have to type the passphrase again and again. But it not working as I expect. Its asking the passphrase even after I run the script.

Can anyone please tell me what is wrong this script?

Code:
user@computer:~$ ./bash.sh
Agent pid 18
Enter passphrase for /home/user/.ssh/id_rsa:
Identity added: /home/user/.ssh/id_rsa (/home/user/.ssh/id_rsa)


user@computer:~$ ssh 192.168.0.18
Enter passphrase for key '/home/user/.ssh/id_rsa':   ----> ASKING PASSPHRASE AGAIN!!
user@computer:~$

user@computer:~$ cat bash.sh
#!/bin/bash
eval `ssh-agent -s`
ssh-add
user@computer:~$
Additional info:
Code:
user@computer:~$ cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=15.10
DISTRIB_CODENAME=wily
DISTRIB_DESCRIPTION="Ubuntu 15.10"

Last edited by krishnar; 06-04-2018 at 07:45 PM.
 
Old 06-05-2018, 02:35 AM   #2
ondoho
LQ Addict
 
Registered: Dec 2013
Posts: 14,562
Blog Entries: 9

Rep: Reputation: 4069Reputation: 4069Reputation: 4069Reputation: 4069Reputation: 4069Reputation: 4069Reputation: 4069Reputation: 4069Reputation: 4069Reputation: 4069Reputation: 4069
it doesn't surprise me.
i think the software expect was written for cases like these.
or maybe ssh has an option to read password from stdin?
also you can blank the key's passphrase.
so now you have 3 separate solutions, i hope one of them is to your liking.
 
Old 06-05-2018, 02:42 AM   #3
Turbocapitalist
Senior Member
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 4,828
Blog Entries: 3

Rep: Reputation: 2398Reputation: 2398Reputation: 2398Reputation: 2398Reputation: 2398Reputation: 2398Reputation: 2398Reputation: 2398Reputation: 2398Reputation: 2398Reputation: 2398
You have the right idea but notice that you are creating a new agent process each time you run the script. You'll want to modify the script to find an existing agent and use that if it is available but only launch a new agent if one is needed.

Also, Ubuntu 15.10 reached end of life many years ago, you should switch to a different version PDQ.
https://wiki.ubuntu.com/Releases

Last edited by Turbocapitalist; 06-05-2018 at 02:43 AM.
 
Old 06-05-2018, 11:34 AM   #4
krishnar
Member
 
Registered: May 2016
Posts: 32

Original Poster
Rep: Reputation: Disabled
I changed the script like this, but still not working. I am not sure what is the issue.

Code:
#!/bin/bash
ssh-add
if [ $? -ne 0 ]
then
        eval `ssh-agent -s`
        ssh-add
fi
 
Old 06-05-2018, 12:07 PM   #5
Turbocapitalist
Senior Member
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 4,828
Blog Entries: 3

Rep: Reputation: 2398Reputation: 2398Reputation: 2398Reputation: 2398Reputation: 2398Reputation: 2398Reputation: 2398Reputation: 2398Reputation: 2398Reputation: 2398Reputation: 2398
Before you can use the existing agent you'll have to track down which socket it is using, if there is one.

Code:
#!/bin/sh

PATH=/bin/:/usr/bin:/usr/local/bin;

agentpid=$(pgrep -u krishnar -ox ssh-agent);

if [ $agentpid -gt 1 ]; then
        echo Agent Exists.  Loading socket path.
        SSH_AUTH_SOCK=$(
                sudo lsof -p $agentpid \
                | awk '$5=="unix"{print $9;exit;}'\
        );
        export SSH_AUTH_SOCK;

else
        echo Agent Missing.  Launching agent.
        eval $(ssh-agent -s);

fi

echo Done.
Then 'source' it.

Code:
 
. /some/path/to/your/script
Edit: note the space after the dot.

Last edited by Turbocapitalist; 06-05-2018 at 12:17 PM.
 
Old 06-05-2018, 12:37 PM   #6
X-LFS-2010
Member
 
Registered: Apr 2016
Posts: 423

Rep: Reputation: Disabled
what i did is to have phrases auto generated and distributed to all participating PC

caveat: all the pc have to be running, and first login you have to answer "Yes" and type password

==================

do i see a LAN IP? hey if it's just between two 'nix boxes on a LAN use rsh(1), finished quick - you'll love the speed improvement, no encryption who cares
 
Old 06-05-2018, 01:11 PM   #7
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 22,815

Rep: Reputation: 6317Reputation: 6317Reputation: 6317Reputation: 6317Reputation: 6317Reputation: 6317Reputation: 6317Reputation: 6317Reputation: 6317Reputation: 6317Reputation: 6317
Quote:
Originally Posted by X-LFS-2010 View Post
what i did is to have phrases auto generated and distributed to all participating PC caveat: all the pc have to be running, and first login you have to answer "Yes" and type password
...which is exactly what the OP is trying to AVOID...typing in things over and over.
Quote:
do i see a LAN IP? hey if it's just between two 'nix boxes on a LAN use rsh(1), finished quick - you'll love the speed improvement, no encryption who cares
Sorry, but are you serious??? RSH and other such protocols aren't used for good reasons; security is ALWAYS something to care about. SSH (keyless) is far faster, easier, and more secure. There is zero reason to use rsh, and there hasn't been for going on 20 years now.
 
Old 06-05-2018, 05:03 PM   #8
scasey
Senior Member
 
Registered: Feb 2013
Location: Tucson, AZ, USA
Distribution: CentOS 7.8.2003
Posts: 4,835

Rep: Reputation: 1765Reputation: 1765Reputation: 1765Reputation: 1765Reputation: 1765Reputation: 1765Reputation: 1765Reputation: 1765Reputation: 1765Reputation: 1765Reputation: 1765
If the key is generated with a passphrase, won't the passphrase always be required when the key is used?

OP, can you generate and distribute a key that doesn't contain a passphrase? (one of ondoho's suggestions)
 
Old 06-05-2018, 09:28 PM   #9
Turbocapitalist
Senior Member
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 4,828
Blog Entries: 3

Rep: Reputation: 2398Reputation: 2398Reputation: 2398Reputation: 2398Reputation: 2398Reputation: 2398Reputation: 2398Reputation: 2398Reputation: 2398Reputation: 2398Reputation: 2398
Quote:
Originally Posted by scasey View Post
If the key is generated with a passphrase, won't the passphrase always be required when the key is used?
Only when it is loaded into the agent. After that, the agent takes care of the key and responds to authentication requests. If a key is made without a passphrase then it really ought to be locked down by prepending command="..." in the authorized_keys file where ... is a specific command with specific options.

What appears to be happening is that krishnar's script keeps launching new agents and loading the key into each one rather than doing that just once.
 
Old 06-08-2018, 02:00 PM   #10
krishnar
Member
 
Registered: May 2016
Posts: 32

Original Poster
Rep: Reputation: Disabled
I am still confused.


Code:
user@5CG5372W36:~/python/AWS$ eval `ssh-agent -s`
Agent pid 924
user@5CG5372W36:~/python/AWS$ echo  $SSH_AGENT_SOCK

user@5CG5372W36:~/python/AWS$
Why the SSH_AGENT_SOCK value is not showing after I ran the 'eval `ssh-agent -s`' command? I am totally lost.
 
Old 06-08-2018, 02:06 PM   #11
Turbocapitalist
Senior Member
 
Registered: Apr 2005
Distribution: Linux Mint, Devuan, OpenBSD
Posts: 4,828
Blog Entries: 3

Rep: Reputation: 2398Reputation: 2398Reputation: 2398Reputation: 2398Reputation: 2398Reputation: 2398Reputation: 2398Reputation: 2398Reputation: 2398Reputation: 2398Reputation: 2398
The variable $SSH_AGENT_SOCK is not used so it should be empty. Please check $SSH_AUTH_SOCK instead.
 
Old 06-08-2018, 02:21 PM   #12
dugan
LQ Guru
 
Registered: Nov 2003
Location: Canada
Distribution: distro hopper
Posts: 9,597

Rep: Reputation: 4278Reputation: 4278Reputation: 4278Reputation: 4278Reputation: 4278Reputation: 4278Reputation: 4278Reputation: 4278Reputation: 4278Reputation: 4278Reputation: 4278
If you're not set on rolling your own solution and you're willing to use an existing one, try:

https://www.funtoo.org/Keychain
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Passphrase on SSH Key RobInRockCity Linux - Newbie 3 02-17-2015 03:38 PM
SSH not saving key passphrase. Trying every key Wnt2bsleepin Linux - Software 0 05-27-2013 09:45 PM
ssh inside ssh asks for "Enter passphrase for key..." hedpe Linux - Newbie 1 04-30-2012 09:20 AM
SSH freezes after fast typing or key repeats kotya Linux - General 2 05-13-2007 06:18 AM
ssh / ssh-key -- its always asking for passphrase BaerRS Linux - General 1 01-07-2003 06:21 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 01:21 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration