Re: How to supply ssh-add passphrase from file?

From: Mike Delaney (mdelan_at_computer.org)
Date: 10/20/03 

Date: Mon, 20 Oct 2003 11:53:44 -0700

On 20 Oct 2003 02:01:56 -0700, danielrm26 said something similar to:
: Mike Delaney <mdelan@computer.org> wrote in message news:<slrnbp6t4g.i82.mdelan@shell.lusars.net>...
: > On 17 Oct 2003 22:22:49 -0700 Dr. Muhammad Masroor Ali wrote:
: > : Before you open your fire please allow me to tell you that I know that
: > : this is a security hole. But under a special circumstances I need to
: > : supply the ssh-add passphrase from a file. Could you tell me the best
: > : way to do this.
: >
: > The best way is not to bother putting the passphrase on the key in
: > the first place.
:
: I would recommend doing something like ssh-agent or keychain over
: using the key without a passphrase. Check into them and see if they

Reread the origional post. He wants to add the key to the agent, but supply
the passphrase to ssh-add via a file rather than typing it in. There's
no such thing as an agent for an agent.

While he could go about writting an expect script to run ssh-add
non-interactively, at that point he's effectively reduced the security
of the private key to the same level as that of an un-passphrase protected
key - he may as well just leave the passphrase off of the key and save the
trouble.

Relevant Pages

  • Re: Putty: PSFTP connection without password prompt (CORRECT VERSION)
    ... > can have your startup scripts automatically run `ssh-add mykeyfile'. ... and you must arrange for your batch jobs to find the agent. ... you would have to include the key passphrases in the script. ... script to type in the passphrase. ...
    (comp.security.ssh)
  • Re: Defering passphrase entry with ssh-add
    ... I'm not aware of any technical reason why ssh-add couldn't defer requesting a password until its required. ... Yes which is why you only check/run it when ssh is used. ... until it determined it needed your passphrase. ... Again, ssh-agent works for me across all terminals as well as just in X, it's ssh-add you are talking about here which is ...
    (SSH)
  • Re: Defering passphrase entry with ssh-add
    ... reason why ssh-add couldn't defer requesting a password until its ... until it determined it needed your passphrase. ... Also, how would ssh know if you didn't have a key for this connection, ... you can delay typing your passphrase, which you're going to need to ...
    (SSH)
  • Re: configuring ssh-agent to automate passphrase for the key
    ... The passphrase is a must for our requirement. ... when captured in a shell $construct and passed to the shell "eval" ... with the background agent. ... only to stop a running agent, via the command ...
    (comp.security.ssh)
  • Re: ssh without entering password/passphrase
    ... I created private and public key pairs in my local host ... > this point when I try to ssh, it asks for my passphrase and I can log ... "Could not open connection to your authentication agent". ... What you are missing is that just having ssh-agent run is not enough. ...
    (comp.os.linux.misc)