You are not logged in.

#1 2013-08-14 05:25:01

EvanPurkhiser
Member
From: Akron, Ohio
Registered: 2010-08-17
Posts: 225
Website

[Unknowingly Solved] Bash, passing password to ssh-add

Hey guys,

I'm working on a script to add my ssh key to my ssh-agent using pam_exec.so. pam_exec passes the password to my script over STDIN, which is fine. But I can't for the life of me figure out how to pass the password to ssh-add.

I've already seen this question, but would really perfer not to have to install extra/expects just for this on script.

Any ideas?

Last edited by EvanPurkhiser (2013-08-14 05:40:34)

Offline

#2 2013-08-14 05:40:23

EvanPurkhiser
Member
From: Akron, Ohio
Registered: 2010-08-17
Posts: 225
Website

Re: [Unknowingly Solved] Bash, passing password to ssh-add

Wow.. Ok. So I feel dumb. I was way over thinking this one.

Since pam_exec passes the password to the script over STDIN (WITH a trailing null character) I actually just have to add the ssh-add command somewhere in the script and it will read from STDIN.

I was actually stuck on this for awhile and had already tried

echo "myPassword" | add-pass

which obviously didn't work. And even now, trying something like this

printf "MyPassword\x00" | ssh-add

still doesn't work.

I'm actually a little perplexed as to WHY this worked.

Here's the full script

#!/bin/sh
# Takes a password from STDIN, starts the ssh-agent as a systemd user service,
# and decrypts the ssh key using the provided password, adding it to the agent.

# Handle inital checks as root
if [ $(id -u) = 0 ]
then
	# Don't execute if the user-session isn't running
	systemctl -q is-active user-session@${PAM_USER} || exit 0

	# Re-execute this script as the user to add their key (while piping STDIN)
	cat | exec su ${PAM_USER} -c $(realpath ${BASH_SOURCE[0]})

# Handle adding the key as the user
else
	# We need to specify the XDG_RUNTIME_DIR because pam_systemd won't have run
	export XDG_RUNTIME_DIR=/run/user/$(id -u)

	# Get the SSH_AUTH_SOCK variable from the user session
	export $(systemctl --user show-environment | grep SSH_AUTH_SOCK)

	# Ensure the ssh-agent service is started
	systemctl --user start ssh-agent

	ssh-add
fi

... Marking as unknowingly solved

Last edited by EvanPurkhiser (2013-08-14 05:40:58)

Offline

Board footer

Powered by FluxBB