SUMMARY: Is using stdin to read a passphrase into ssh-add possible?

From: Kevin Burtch <kburtch+sunm_at_gmail.com>
Date: Fri Apr 25 2008 - 17:12:31 EDT
I tried it on a command line and in a shell script with no luck before posting.

What I _didn't_ try is running it via "cron" or "at"... that did the
trick by disassociating it from the tty.

In case anyone is curious,  the script is essentially as follows
(fetchpw is pseudocode that grabs the pw from the appliance):
  #!/bin/sh
  SSH_AGENT_PID=30447
  SSH_AUTH_SOCK=/tmp/ssh-muimL30446/agent.30446
  export SSH_AGENT_PID SSH_AUTH_SOCK
  fetchpw |  ssh-add .ssh/id_rsa


Many thanks to Crist Clark for the clue (email omitted out of respect
for privacy):

> Ssh-add will read the passphrase from stdin if there is no
> terminal associated with the process.
>
> The most simple way I manually start a process with no tty
> is to just run the command within a "batch" command. That's
> not as easy when you want to be automated.
>
> The trick is for a program to make itself a new session, i.e.
> do the setsid(2) call. This will lose the terminal. I'm not
> aware of a convenient way to so this from within a shell. You
> could make a simple wrapper program to do this.


Regards,
Kevin

On Fri, Apr 25, 2008 at 11:14 AM, Kevin Burtch <kburtch+sunm@gmail.com> wrote:
> Since the Solaris version of ssh-add does not support the -p
>  parameter, it does not appear it is possible to have ssh-add read the
>  key passphrase from stdin.
>
>  I would like to be able to do this for reasons beyond the scope of
>  this request, but suffice it to say the passphrase will be provided by
>  a hardened appliance and that this is for the automatic startup of a
>  service that requires repeated authentications (hence, the desired use
>  of ssh-agent).
>
>  Of course I tried the obvious, but stdin is completely ignored as the
>  program attaches to the terminal directly.
>
>  I know I've seen a way around this before, but cannot remember the solution.
>  Does anyone know a way around this?
>
>  Thanks to anyone who might be able to help.
>
>
>  Regards,
>  Kevin
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Fri Apr 25 17:13:16 2008

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:44:10 EST