RE: ssh with no passphrase?

Wed, 24 May 2000 09:30:04 -0700 

Hi Noel,
I'm using a shell-script, call it "sshsetup", which I source in my .profile at login 
time or in scripts startet by cron. 

[ -f $HOME/bin/sshsetup ] && . $HOME/bin/sshsetup

Because the passphrases for the SSH-keys are readable in this schript, You should 
read/write protect it with "chmod 600 $HOME/bin/sshsetup".

I know that root-users are still able to read the passphrases in the script, but i 
think it's more secure then using SSH-keys without any pasphrases.

/Stefan

sshsetup:
=========
#!/usr/bin/ksh

SSH1_ENV=$HOME/.ssh/ssh1environment
SSH2_ENV=$HOME/.ssh2/ssh2environment

function start_ssh1agent   {
   echo  "Initialisierung des SSH1-Agenten ..."

   /usr/local/ssh1/bin/ssh-agent1 >$SSH1_ENV
   chmod 600 $SSH1_ENV
   . $SSH1_ENV
   echo PASSPHRASE | /usr/local/ssh1/bin/ssh-add1 -p 1>/dev/null 2>&1
}

function start_ssh2agent   {
   echo  "Initialisierung des SSH2-Agenten ..."

   /usr/local/ssh2/bin/ssh-agent2 >$SSH2_ENV
   chmod 600 $SSH2_ENV
   . $SSH2_ENV
   echo PASSPHRASE | /usr/local/ssh2/bin/ssh-add2 -p 1>/dev/null 2>&1
}

if [ -f $SSH1_ENV ]; then
   . $SSH1_ENV 1>/dev/null 2>&1
   test -r $SSH_AUTH_SOCK || kill -9 $SSH_AGENT_PID 1>/dev/null 2>&1
   ps -p $SSH_AGENT_PID >/dev/null 2>&1 || start_ssh1agent
else
   start_ssh1agent
fi

if [ -f $SSH2_ENV ]; then
   . $SSH2_ENV 1>/dev/null 2>&1
   test -r $SSH2_AUTH_SOCK || kill -9 $SSH2_AGENT_PID 1>/dev/null 2>&1
   ps -p $SSH2_AGENT_PID >/dev/null 2>&1 || start_ssh2agent
else
   start_ssh2agent
fi

> -----Original Message-----
> From: Noel L Yap [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, May 23, 2000 4:43 PM
> To: [EMAIL PROTECTED]
> Subject: ssh with no passphrase?
> 
> 
> I've been able to get ssh not to ask for a passphrase (via 
> ssh-agent and
> ssh-add) when the keys are generated with no passphrase.  How 
> can I get the same
> behaviour when the keys are generated with a passphrase?
> 
> Thanks,
> Noel
> 
> 
> 
> This communication is for informational purposes only.  It is 
> not intended as
> an offer or solicitation for the purchase or sale of any 
> financial instrument
> or as an official confirmation of any transaction. All market 
> prices, data
> and other information are not warranted as to completeness or 
> accuracy and
> are subject to change without notice. Any comments or 
> statements made herein
> do not necessarily reflect those of J.P. Morgan & Co. 
> Incorporated, its
> subsidiaries and affiliates.
>

Reply via email to