Hi, I recently found an article on using sshpass with gpg to script the process of connecting to a remote host using a password, while also encrypting that password in a file using gpg.
$ gpg -d -q .sshpasswd.gpg | sshpass ssh user@srv1.example.com
https://www.redhat.com/sysadmin/ssh-automation-sshpass
However, I think it requires having previously stored your key passphrase into the keyring stored in memory, correct? So this script would not work as advertised for this reason. Is that correct?
Also, I'm not new to Linux administration, but somewhat new to sshpass. Does it only work with ssh passwords or public keys as well?
Alex wrote:
Also, I'm not new to Linux administration, but somewhat new to sshpass. Does it only work with ssh passwords or public keys as well?
You don't need sshpass if you have the private key matching the public key already stored on the server. Just use ssh.
Also, I'm not new to Linux administration, but somewhat new to sshpass. Does it only work with ssh passwords or public keys as well?
You don't need sshpass if you have the private key matching the public key already stored on the server. Just use ssh.
This would be for use in a script - I'm assuming someone would use it as part of an automated backup script or when it's not possible to be at the keyboard to enter that passphrase.
Remember "expect"? It sounds reminiscent of that from the 90s.
On Wed, 2024-02-14 at 22:49 -0500, Alex wrote:
Also, I'm not new to Linux administration, but somewhat new to sshpass. Does it only work with ssh passwords or public keys as well?
You don't need sshpass if you have the private key matching the public key already stored on the server. Just use ssh.
This would be for use in a script - I'm assuming someone would use it as part of an automated backup script or when it's not possible to be at the keyboard to enter that passphrase.
AFAIK a stored private key works just fine with a script.
Remember "expect"? It sounds reminiscent of that from the 90s.
'expect' is still available in the standard repo, not that I'm advocating it instead of sshpass.
poc
On 14Feb2024 22:49, Alex mysqlstudent@gmail.com wrote:
You don't need sshpass if you have the private key matching the public key already stored on the server. Just use ssh.
This would be for use in a script - I'm assuming someone would use it as part of an automated backup script or when it's not possible to be at the keyboard to enter that passphrase.
I usually make a special purpose keypair with no passphrase for this, with a distinctive filename, eg .ssh/id_dsa_backups and its .pub partner. You can lock down the authorized_keys file at the far end to constrain its use, too.
Remember "expect"? It sounds reminiscent of that from the 90s.
Ugh.
Cheers, Cameron Simpson cs@cskk.id.au
-
Alex -
Cameron Simpson -
Dave Close -
Patrick O'Callaghan