Re: PEM_read_PrivateKey failed

From: Darren Dunham (ddunham@redwood.taos.com)
Date: 01/16/03


From: Darren Dunham <ddunham@redwood.taos.com>
Date: Thu, 16 Jan 2003 22:16:02 GMT

Mark Lundy <marklundy@comcast.net> wrote:
> slade@shore.net (Richard E. Silverman) wrote in message news:<m1lof6jpikq.fsf@syrinx.oankali.net>...
>> So it prompts you for your key passphrase, everything looks normal up to
>> there... and then what happens? You don't say or show whether you get
>> logged in or not. What is the problem?

> Please excuse the following oversight. I was focusing on what I was
> trying to do, now what I wanted to do.

> What I'm attempting to do is to allow ssh and scp without a password
> or passphrase.

The general way to do that is..

1) Don't put a passphrase on the key or
2) Run ssh-agent and type your passphrase in once (perhaps when you log
   in)

I'd use #2.

> I need to use these in a script. I've looked all over, and tried
> several how-to's to figure out how to do this.

If you have a script that *must* run unattended, then use a
passphraseless key, and secure the key. It should be no more dangerous
than putting the password for an account in a script.

If you change the key periodically, that would probably be good, too.

Also you can restrict the actions permitted by the keyholder.
Definitely a good idea for a passphraseless access key.

> I was under the impression that distributing the keys would allow me
> to do this.

It does, but if the key is encrypted (passphrase) it must be decrypted
first.

-- 
Darren Dunham                                           ddunham@taos.com
Unix System Administrator                    Taos - The SysAdmin Company
Got some Dr Pepper?                           San Francisco, CA bay area
         < This line left intentionally blank to confuse you. >


Relevant Pages

  • Re: SSH login automation, get stuck at the last step.
    ... I hope you managed to create the keys with the script. ... I have modified Uwe's script to handle passphrase. ... puts stderr "EXP username requested and sent " ...
    (comp.lang.tcl)
  • Re: scp and scripts?
    ... The following is basically what I want the script to do, ... >> but I heard scp will not work with authentication. ... > an SSH key of the appropriate type. ... > want a passphrase; press enter to use a blank passphrase. ...
    (Debian-User)
  • Re: scp in a script with keys and passphrase
    ... Expect can automate task of typing passphrase in a expect script - but ask yourself a question what good is the passphrase if you have to store it in clear text? ... scp in a script with keys and passphrase ... Expect is a tcl extension for automating interactive applications such ...
    (RedHat)
  • RE: scp in a script with keys and passphrase
    ... the "expect" package may be what you're looking for. ... Expect is a tcl extension for automating interactive applications such ... scp in a script with keys and passphrase ... passphrase in a script to scp from one computer to another. ...
    (RedHat)
  • Simple expect script has erratic behavior, why?
    ... I have a simple expect script to decrypt a gpg file when passed the ... passphrase on the command line. ... If I run the gpg command from the command line, ...
    (comp.lang.tcl)