Re: PEM_read_PrivateKey failed

From: Darren Dunham (ddunham@redwood.taos.com)
Date: 01/16/03

• Next message: Richard E. Silverman: "Re: run ssh via an expect script as cgi on apache?"
• Previous message: Tom Combs: "authc-hostbased.c:650: Server Rej Sign"
• In reply to: Mark Lundy: "Re: PEM_read_PrivateKey failed"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: Darren Dunham <ddunham@redwood.taos.com>
Date: Thu, 16 Jan 2003 22:16:02 GMT

Mark Lundy <marklundy@comcast.net> wrote:
> slade@shore.net (Richard E. Silverman) wrote in message news:<m1lof6jpikq.fsf@syrinx.oankali.net>...
>> So it prompts you for your key passphrase, everything looks normal up to
>> there... and then what happens? You don't say or show whether you get
>> logged in or not. What is the problem?

> Please excuse the following oversight. I was focusing on what I was
> trying to do, now what I wanted to do.

> What I'm attempting to do is to allow ssh and scp without a password
> or passphrase.

The general way to do that is..

1) Don't put a passphrase on the key or
2) Run ssh-agent and type your passphrase in once (perhaps when you log
   in)

I'd use #2.

> I need to use these in a script. I've looked all over, and tried
> several how-to's to figure out how to do this.

If you have a script that *must* run unattended, then use a
passphraseless key, and secure the key. It should be no more dangerous
than putting the password for an account in a script.

If you change the key periodically, that would probably be good, too.

Also you can restrict the actions permitted by the keyholder.
Definitely a good idea for a passphraseless access key.

> I was under the impression that distributing the keys would allow me
> to do this.

It does, but if the key is encrypted (passphrase) it must be decrypted
first.

-- 
Darren Dunham                                           ddunham@taos.com
Unix System Administrator                    Taos - The SysAdmin Company
Got some Dr Pepper?                           San Francisco, CA bay area
         < This line left intentionally blank to confuse you. >

---

• Next message: Richard E. Silverman: "Re: run ssh via an expect script as cgi on apache?"
• Previous message: Tom Combs: "authc-hostbased.c:650: Server Rej Sign"
• In reply to: Mark Lundy: "Re: PEM_read_PrivateKey failed"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: SSH login automation, get stuck at the last step. ... I hope you managed to create the keys with the script. ... I have modified Uwe's script to handle passphrase. ... puts stderr "EXP username requested and sent " ... (comp.lang.tcl) Re: scp and scripts? ... The following is basically what I want the script to do, ... >> but I heard scp will not work with authentication. ... > an SSH key of the appropriate type. ... > want a passphrase; press enter to use a blank passphrase. ... (Debian-User) Re: scp in a script with keys and passphrase ... Expect can automate task of typing passphrase in a expect script - but ask yourself a question what good is the passphrase if you have to store it in clear text? ... scp in a script with keys and passphrase ... Expect is a tcl extension for automating interactive applications such ... (RedHat) RE: scp in a script with keys and passphrase ... the "expect" package may be what you're looking for. ... Expect is a tcl extension for automating interactive applications such ... scp in a script with keys and passphrase ... passphrase in a script to scp from one computer to another. ... (RedHat) Simple expect script has erratic behavior, why? ... I have a simple expect script to decrypt a gpg file when passed the ... passphrase on the command line. ... If I run the gpg command from the command line, ... (comp.lang.tcl)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.security.ssh  > 2003-01