Re: OpenSSH ssh-keygen and non-empty passphrase
From: Per Hedeland (per_at_hedeland.org)
Date: 05/26/05
- Next message: Darren Tucker: "Re: OpenSSH can mess up Linux-PAM's pam_access"
- Previous message: Petr Pisar: "OpenSSH can mess up Linux-PAM's pam_access"
- In reply to: bnies_at_bluewin.ch: "Re: OpenSSH ssh-keygen and non-empty passphrase"
- Next in thread: bnies_at_bluewin.ch: "Re: OpenSSH ssh-keygen and non-empty passphrase"
- Reply: bnies_at_bluewin.ch: "Re: OpenSSH ssh-keygen and non-empty passphrase"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 26 May 2005 21:50:26 +0000 (UTC)
In article <1117087278.332242.129320@g49g2000cwa.googlegroups.com>
bnies@bluewin.ch writes:
>I thought of this, but unfortunately expect is not a standard program
>on Solaris. I don't want a script solution that has too many
>dependencies. Probably there is also a Perl module that can generate
>SSH Keys, but on Solaris only a few Perl modules are installed and
>installing a dozen depencencies just for this is not a good solution.
Since ssh-keygen uses the same password/phrase-reading code as ssh
itself (no surprise), you could perhaps use the SSH_ASKPASS trick
described in an earlier thread here:
And since ssh-keygen is marginally more lenient than ssh when reading
the passphrase, it doesn't require the somewhat OS-dependant way to make
the program lose its controlling tty - it's enough that stdin isn't a
tty (ssh-keygen allows reading the passphrase from stdin - but that's
only honoured if stdin is a tty:-).
Of course it's still a bit of a challenge to get the password to the
stdin of the askpass program - twice, since ssh-keygen asks for
confirmation. The script below works for me though - run as
echo "sikrit pass phrase" | script
(of course both this usage and the script assumes that echo is a shell
built-in). It has the deficiency that the passphrase may not contain
characters that a 'read' command in /bin/sh will eat, though
(e.g. backslash).
--Per Hedeland
per@hedeland.org
#!/bin/sh
cat > /tmp/askpass$$ <<'EOF'
#!/bin/sh
read phrase
echo $phrase
EOF
chmod +x /tmp/askpass$$
read phrase
(echo "$phrase"; echo "$phrase") | \
DISPLAY=foo SSH_ASKPASS=/tmp/askpass$$ ssh-keygen -t dsa -f /tmp/key
rm /tmp/askpass$$
- Next message: Darren Tucker: "Re: OpenSSH can mess up Linux-PAM's pam_access"
- Previous message: Petr Pisar: "OpenSSH can mess up Linux-PAM's pam_access"
- In reply to: bnies_at_bluewin.ch: "Re: OpenSSH ssh-keygen and non-empty passphrase"
- Next in thread: bnies_at_bluewin.ch: "Re: OpenSSH ssh-keygen and non-empty passphrase"
- Reply: bnies_at_bluewin.ch: "Re: OpenSSH ssh-keygen and non-empty passphrase"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
