pass password to ssh

p4l4cl][n · 2013-08-09 19:36:23

Hi,
it's possible to pass password into ssh-add? If it is, how? I want to unlock key automatically after reboot.

graysky · 2013-08-09 19:43:55

Not sure what you're asking here but have you considered key-based ssh authentication?

p4l4cl][n · 2013-08-09 19:48:08

I'm using key-based ssh authentication. I have password encrypted rsa key and I need to get it into keychain (using ssh-add). But it asks for password. My question is if I can somehow provide password without user input. Something like

echo "password" | ssh-add id_rsa

Last edited by p4l4cl][n (2013-08-09 19:48:27)

graysky · 2013-08-10 09:24:24

Hmm... sounds like you just want to unlocking keyrings upon login? Which greeter are you using (lxdm, lightdm, gdm, etc)? Check the wiki for this topic.

jasonwryan · 2013-08-10 09:37:04

p4l4cl][n wrote:

I'm using key-based ssh authentication. I have password encrypted rsa key and I need to get it into keychain (using ssh-add). But it asks for password. My question is if I can somehow provide password without user input. Something like
echo "password" | ssh-add id_rsa

That sort of undermines the whole point of having a passphrase in the first place.

This sounds like an XY Problem. What are you trying to achieve?

p4l4cl][n · 2013-08-10 10:12:02

Thanks of answers ^_^

graysky wrote:

Which greeter are you using (lxdm, lightdm, gdm, etc)? Check the wiki for this topic.

I am using autologin via systemd with XServer autostart

https://wiki.archlinux.org/index.php/Au … al_console
https://wiki.archlinux.org/index.php/Start_X_at_Login

jasonwryan wrote:

That sort of undermines the whole point of having a passphrase in the first place.

No, it doesn't. I don't wan't to input password every time I restarted my laptop, but I don't want to keep my key unprotected for cases
when someone copies it.

jasonwryan wrote:

This sounds like an XY Problem. What are you trying to achieve?

Possibly it is. I am trying to achieve:

After autologin my ssh key is in keychain (https://wiki.archlinux.org/index.php/SSH_Keys#Keychain), gnome-keyring and others seems
just to heavy and I can use it without writing my password. Writing my password for the key once is accetable, however need to manually
write ssh-add is not.

So if key will be added automatically on "ssh host" and I must input password first time I connect somewhere, I am fine with it..

I hope I made clear what I need.

jasonwryan · 2013-08-10 20:52:25

Not really. But the way you keep using the term "password" leads me to believe that you use the same string for your user's password and for your passphrase for your SSH keys, and that you only want to enter this once, when you login.

Is that your aim?

p4l4cl][n · 2013-08-11 04:17:45

No no, I dont have. User password is about 10 chars, ssh about 40.

Well, not exactly. Once, whe autologin I know how to, I just add "ssh-add ~/.ssh/id_rsa" into .xinitrc. But I was curious about passing password to ssh-add so I can avoid even this (so no need to enter password).

jasonwryan · 2013-08-11 04:45:48

So how would the agent cache your passphrase if you don't enter it?

'echoing' it has exactly the same effect (it still has to be entered) but it opens up a security hole...

p4l4cl][n · 2013-08-11 05:01:25

My whole system (except windows ) is encrypted (dm-crypt with LUKS), so security hole associated with storing password in plaintext (in order of "echoing" it) is not so big and I am willing to overlook it (while I know that it's issue, it's small enough for me).

jasonwryan · 2013-08-11 05:04:26

That won't protect you if someone gets access to the machine remotely, nor will it help if they get hold of the physical machine while you are logged in.

Seriously, what you are asking for doesn't make any real sense. Set a decent timeout on your agent so that you only need enter your passphrase on login, and you are done.

p4l4cl][n · 2013-08-11 05:08:15

Very well, I defer to your opinion. Thanks for your time anyway ^_^

Arch Linux

#1 2013-08-09 19:36:23

pass password to ssh

#2 2013-08-09 19:43:55

Re: pass password to ssh

#3 2013-08-09 19:48:08

Re: pass password to ssh

#4 2013-08-10 09:24:24

Re: pass password to ssh

#5 2013-08-10 09:37:04

Re: pass password to ssh

#6 2013-08-10 10:12:02

Re: pass password to ssh

#7 2013-08-10 20:52:25

Re: pass password to ssh

#8 2013-08-11 04:17:45

Re: pass password to ssh

#9 2013-08-11 04:45:48

Re: pass password to ssh

#10 2013-08-11 05:01:25

Re: pass password to ssh

#11 2013-08-11 05:04:26

Re: pass password to ssh

#12 2013-08-11 05:08:15

Re: pass password to ssh

Board footer