Running ssh-agent from a shell script
Solution 1
ssh-agent is supposed to start a session and when it finishes the user session is over. So any command after ssh-agent would perhaps be executed after logoff.
What you want is a session-script
that contains your sessions commands like this:
#!/bin/bash
ssh-add /path/to/key
bash -i # or other session starter
Then start ssh-agent session-script
.
Solution 2
Put the following at the top of your script:
eval `ssh-agent`
Your script should look like this:
#!/bin/bash
eval `ssh-agent`
ssh-add /path/to/key
...
...
Explanation
The backticks around ssh-agent
collect its output. eval
collects that output, concatenates it into a single command, and then executes the command. Then you can use ssh-add
to provide your key credentials.
Solution 3
I found this works for me.
eval `ssh-agent` # create the process
ssh-add ~/.ssh/priv_key # add the key
git -C $repo_dir pull # this line is the reason for the ssh-agent
eval `ssh-agent -k` # kill the process
I create the ssh-agent process, add the key, do what I need to do, then kill it. No need to check if it's running later.
Solution 4
I tend to do something like this in scripts that require an agent.
#!/bin/bash
# if we can't find an agent, start one, and restart the script.
if [ -z "$SSH_AUTH_SOCK" ] ; then
exec ssh-agent bash -c "ssh-add ; $0"
exit
fi
... and so on.
Basically the first thing the script does it check to see if an agent is running. If it isn't exec is used to start a new process in place of the script. The agent is started, keys are added, and finally, the script is called again (see the $0
).
Solution 5
It is better to use keychain in this case
Debian/Ubuntu:
apt-get install keychain
RHEL/Fedora/CentOS
yum install keychain
Add in your .bashrc the following:
eval `keychain --eval id_rsa`
Related videos on Youtube
Dan
Updated on September 18, 2022Comments
-
Dan over 1 year
I'm trying to create a shell script that, among other things, starts up ssh-agent and adds a private key to the agent. Example:
#!/bin/bash # ... ssh-agent $SHELL ssh-add /path/to/key # ...
The problem with this is ssh-agent apparently kicks off another instance of $SHELL (in my case, bash) and from the script's perspective it's executed everything and ssh-add and anything below it is never run.
How can I run ssh-agent from my shell script and keep it moving on down the list of commands?
-
thebiggestlebowski over 3 yearsThis answer helped me: serverfault.com/questions/547923/…
-
-
Dan over 10 yearsThanks! Creating a separate script and ending the script with
exit
did the trick. -
Denilson Sá Maia almost 10 yearsBut that will not preserve any script parameters. And if any of the parameters has whitespace, it won't be easy to pass them along.
-
Zoredache almost 10 yearsYou could use
.. "ssh-add ; $0 $*"
, or.. "ssh-add ; $0 $@"
instead, which may work. Which wouldn't be perfect, but would certainly work in many cases. The best solution is almost always to have your agent running before anything else anyway, this is just something that might be useful in obscure cases. -
sibaz over 8 yearsThis is exactly what I needed, thanks, although worth pointing out that backticks are on the way out. In the new bash form, it should be
eval $(ssh-agent)
-
JFlo over 6 yearsBetter? Why is it better?
-
Scott Carlson almost 6 years@JFlo "Better" in that, it will save the env variables to $HOME/.keychain/<file>. Running that command again will pickup an existing ssh-agent if it is still running. It can then be reused between shells/scripts. In some scenarios that isn't super safe, so you have to make that call. For me, it is an improvement over some scripts I'd written to accomplish the same task
-
JFlo almost 6 yearsThis is a very unsafe practice. Why bother using ssh at all? If you don't protect your private key, you might as well be talking in clear text.
-
Adolfo Correa over 5 yearsThis solution didn't work for me until I put
bash -i
at the end of the script. -
dave_thompson_085 about 5 years@JFlo: not if your client system is sufficiently secure, which it might be. Especially if you (can and do) add ACL, SELinux, or similar, which is easy with a static file but less so with ssh-agent's randomized socket. That said I wouldn't usually recommend it as first choice.
-
Alexander Bird about 5 yearsWhile that is a very helpful process you provide, I don't think it answers anything about the OP's question.
-
Alexander Mills about 5 yearswhat is a session-script?
-
Adrian Lopez over 2 yearsThis solution works perfectly, and I consider it very secure. You could run the eval command from a script, you can add 'zsh -i' after. That way you enable the keyring, and you can disable it typing 'exit'. Example: pastebin.com/6bdsLKZR