0

I have a couple of ssh clients that I want to automatically set up a ssh-tunnel to a server. To this end I am using cron and sshpass. Depending on the history of the server it may for example expect a response to

user@server's password:

Enter passphrase for key '/home/he/.ssh/id_rsa':

or Enter passphrase for key '/home/he/id_ed25519':

This may change over time.

Now I would like my script to automatically select the correct passphrase. Which is the best way to accomplish this?

Improve this question
1
  • 1
    Why encrypt the keys in the first place if you store the passphrase in clear text? Why not just store them unencrypted? Commented Sep 7, 2024 at 10:50

2 Answers 2

Reset to default
2

Use keys without passphrase for automation.

To contain the possible impact, restrict them heavily on the target system in authorized_keys. For example, if the key is supposed to be only used to establish the tunnel, I use the following:

restrict,port-forwarding,command="/bin/false" ssh-ed25519 AAAA....

I use this for the SOCKS feature in SSH.

The details of how to use this, refer to man authorized_keys.

Improve this answer
0

Thanks

I have tried 2 somewhat simpler ways:

  1. Simply set the prompt to ":" as in

sshpass -P ":" -v -p"somepassword" ssh -tt -p 6666 -fN -R 7777:localhost:22 someuser@someserver

  1. If you don't like that then extract the entire prompt with:

prompt=$(sshpass -v -P "pass" -p"notapassword" ssh someuser@someserver 2>&1 | sed -n '2 p')

Improve this answer
1
  • Simplify 2:prompt=$(ssh someuser@someserver 2>&1 | sed -n '2 p') Commented Sep 8, 2024 at 9:07

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.