Running ssh-keygen without human interaction?
17,541
Solution 1
You can do more or less anything with command-line arguments. Is there something particular you want to do which doesn't appear in the man page?
wry@onyx:~$ ssh-keygen -t dsa -N "my passphrase" -C "test key" -f mykey
Generating public/private dsa key pair.
Your identification has been saved in mykey.
Your public key has been saved in mykey.pub.
The key fingerprint is:
2f:17:a4:5d:6f:25:d7:5a:0e:84:be:af:ee:52:8b:42 test key
(the rest snipped for brevity)
Solution 2
In case of server deployment:
ssh-keygen -t rsa -q -f "$HOME/.ssh/id_rsa" -N ""
In terms of communication from server installed to git repositories or other servers would be easy.
Related videos on Youtube
Author by
Hamdan
Updated on September 17, 2022Comments
-
Hamdan almost 2 years
Would it be possible to run ssh-keygen without human interaction?
I have a shell script that takes care of server deployment from start to finish, but ssh-keygen is the only remaining piece that still requires my input.
Would it be possible to feed the parameters to it? Or is there something similar to debconf-set-selections that could be used for this?
*running Debian
-
Cascabel about 14 yearsBest to avoid storing this command in your history - you don't want the passphrase recorded in plaintext on your computer. (Yes, generally the history file has 600 permissions so only root could snoop, but better safe than sorry.)
-
Joshua almost 12 yearsThe point is he's going to script it anyway.
-
Steven Lu almost 11 yearsIn your script, use a prompt (
read -s
) to read the password to pass on. Also bewareps
may reveal process command args (which will include password). Because of that it may be best to useexpect
along with the normal password prompt, to send it in that way. -
Admin over 10 yearsThis does ask at least where to save the key.
-
Suhail Gupta over 5 yearsIt will still require human interaction if the file by that name already exists.
-
jorfus over 3 yearsRecovering passwords from ssh keys is relatively trivial. In a world where many people use their admin workstation's login password as the key password it's better to advise people to NOT put a passphrase on keys. (protect your private key, if you fail to do that at least you don't also lose your password)