When I run a command like ssh-keygen -t rsa -b 2048, it asks me:
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
I'd like to write the path in advance and tried like this: ssh-keygen -t rsa -b 2048 | cat '/root/.ssh/id_rsa.pub'.
But this doesn't work....
How can I do this?
Your attempt was in reverse, meaning you were trying to pass the output of ssh-keygen to cat. But we need to pass the output of cat to ssh-keygen:
# using multiline here doc
$ cat <<EOF | ssh-keygen -t rsa -b 2048
/tmp/id_rsa
/tmp/id_rsa.pub
password
EOF
OR
$ echo -e "/tmp/id_rsa\n/tmp/id_rsa.pub" | ssh-keygen -t rsa -b 2048
But use it with caution, this just feeds the entire input to the piped command. Depending on how that command processes input this might fail if the expected input is different from what is being piped in.
It may be fine for simple scripts/commands (will NOT work for ssh-keygen reliably in all cases [because it seems to spawn another process in some cases to ask for the passphrase]).
ref. https://tldp.org/LDP/abs/html/here-docs.html for heredoc
Related
I a writing a script. There is a command that colud request to answer yes or no to override a certain file.
I want to automate the script to answer YES or NO ONLY IF the command request it (i don't want to echo yes inside the command).
The command I am referring to is ssh-keygen, which requires to override the key in case already exists.
In my mind there is something like this...
if (ssh-keygen requests input) --> Sends yes to the ssh-keygen
In particular, I am using the following command:
ssh-keygen -t rsa -b 4096 -N '' -f ~/.ssh/id_rsa -q
Even if i am using -q, still asks yes or no to override the file.
Thanks in advance
i suggest using the echo command to send "yes" to the command.
echo "yes" | ssh-keygen -t rsa -b 4096 -N '' -f ~/.ssh/id_rsa -q
I would suggest you to check the yes command.
It is sending a loop of y.
If you want to force the acceptation of the command it should work.
But if the keygen request for an input (filename, etc.) it will also send 'y'.
the command would be :
yes | ssh-keygen -t rsa -b 4096 -N '' -f ~/.ssh/id_rsa -q
My aim is to create a bash script that can add new users to Ec2 and give access to ssh keys but I am having abit of an issue.
This is my current script and the script stops whenever it requires to generate a private/public key because it asks for the passphrase . How can I configure my script to just press enter?
#!/bin/bash
username=$1
ssh-keygen -b 1024 -f $username -t dsa
chmod 600 $username.pub
useradd $username
mkdir /home/$username/.ssh
chmod 700 /home/$username/.ssh
chown ball:ball /home/$username/.ssh
cat ball.pub >> /home/$username/.ssh/authorized_keys
chown 600 /home/.ssh/$username/authorized_keys
chown ball:ball /home/$username/.ssh/authorized_keys
[root#ip-172- /]# ssh-keygen -b 1024 -f ball -t dsa
Generating public/private dsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in ball.
You can pipe empty lines to ssh-keygen:
ssh-keygen -b 1024 -f ball -t dsa <<< ''
or
printf "" | ssh-keygen -b 1024 -f ball -t dsa
or reading from /dev/null:
ssh-keygen -b 1024 -f ball -t dsa < /dev/null
I have a shell script that I am using to compare directory contents. The script has to ssh to different servers to get a directory listing. When I run the script below, I am getting the contents of the server that I am logged into's /tmp directory listing and not that of the servers I am trying to ssh to. Could you please tell me what I am doing wrong?
The config file used in the script is as follows (called config.txt):
server1,server2,/tmp
The script is as follows
#!/bin/sh
CONFIGFILE="config.txt"
IFS=","
while read a b c
do
SERVER1=$a
SERVER2=$b
COMPDIR=$c
`ssh user#$SERVER1 'ls -l $COMPDIR'`| sed -n '1!p' >> server1.txt
`ssh user#$SERVER2 'ls -l $COMPDIR'`| sed -n '1!p' >> server2.txt
done < $CONFIGFILE
When I look at the outputs of server1.txt and server2.txt, they are both exactly the same - having the contents of /tmp of the server the script is running on (not server1 or 2). Doing the ssh +dir listing on command line works just fine. I am also getting the error "Pseudo-terminal will not be allocated because stdin is not a terminal". Adding the -t -t to the ssh command isnt helping either
Thank you
I have the back ticks in order to execute the command.
Backticks are not needed to execute a command - they are used to expand the standard output of the command into the command line. Certainly you don't want the output of your ssh commands to be interpreted as commands. Thus, it should work fine without the backticks:
ssh user#$SERVER1 "ls -l $COMPDIR" | sed -n '1!p' >>server1.txt
ssh user#$SERVER2 "ls -l $COMPDIR" | sed -n '1!p' >>server2.txt
(provided that double quotes to allow expansion of $COMPDIR are used).
first you need to generate keys to login to remote without keys
ssh-keygen -t rsa
ssh-copy-id -i ~/.ssh/id_rsa.pub remote-host
then try to ssh without pass
ssh remote-host
then try to invoke in your script but first make sanity check
var1=$(ssh remote-host) die "Cannot connect to remote host" unless $var1;
I am trying to call ssh-keygen using a variable through bash as an input instead of a file to get a fingerprint of a public key. I am aware that I could use a temp file to get around this issue, but for reasons out of scope of this question, I do not want to.
This method does not work as it says the key file is invalid (it's correct for sure)
echo $pubkey | ssh-keygen -lf /dev/stdin
This does work, but is not using a variable, rather a file.
ssh-keygen -lf alpha.pub
This does work, but is not using a variable, rather a redirected file.
ssh-keygen -lf /dev/stdin < alpha.pub
This does not work because I get an ambiguous redirect
ssh-keygen -lf /dev/stdin < $(echo $pubkey)
I would appreciate some insight as to how to get ssh-keygen to read from a variable with a public key and if possible, an explanation as to why the redirects aren't doing what I think they should be doing. In specific why the | behaves differently than the < and why the third example is an ambiguous redirect. I searched online but many of the redirect tutorials didn't seem to answer my questions.
echo $pubkey | ssh-keygen -lf /dev/stdin
/dev/stdin is not a public key file.
/dev/stdin is actually a unix pipe, not a regular file, so ssh-keygen fails to open the file
ssh-keygen -lf /dev/stdin <<<$key
1024 92:6a:3f:5c:1f:78:.....
/dev/stdin refers to a regular file, created by using a bash heredoc. You can verify this:
# ls -l /dev/stdin <<<$pubkey
lrwxrwxrwx 1 root root 15 Feb 11 08:07 /dev/stdin -> /proc/self/fd/0
# ls -l /proc/self/fd/0 <<<$pubkey
lr-x------ 1 juergen juergen 64 Apr 14 13:31 /proc/self/fd/0 -> /tmp/sh-thd-1271250023 (deleted)
Since version 7.2 (released on on 2016-02-28), this is now possible by passing - as the file name. From the release notes:
ssh-keygen(1): allow fingerprinting from standard input, e.g. ssh-keygen -lf -
If you want to redirect a string as stdin, use this syntax:
cmd <<< "some $STR here"
If you want to redirect the output of a command as if it was a file, you do it like this:
cmd <( /bin/somecmd )
And if you want to use a command as an OUTPUT file, it's more or less the same:
cmd >( /bin/othercmd )
Here is a one liner using the file /dev/stdin as described in other answers.
$ ssh-keygen -lf /dev/stdin <<< $( ssh-keygen -f ~/.ssh/keyname.pem -y )
2048 14:df:c7:b7:f1:26:7f:87:d5:e7:10:6c:ac:af:a2:03 /dev/stdin (RSA)
Note that this will break with private keys that use a passphrase. It will work with pem files generated by AWS or OpenStack which do not use passphrases.
I would recommend using a temporary file. The issue is that redirecting, BASH expects a file. By using $(echo $pubkey), bash will complain because when it's done with the substitution, it will look for a file of that name that the substitution creates.
I'm trying to make a bash script in linux where some encrypted data is embedded and then retrieved and decrypted with openssl, like this:
cat | openssl des3 -d -a -salt -pass pass:asdf > output.txt <<EOF
U2FsdGVkX1/zN55FdyL5j1nbDVt5vK4V3WLQrnHPoycCJPwWO0ei3PCrrMqPaxUH.....blablablah data
EOF
The only problem with this, that would otherwise work, is that I have to hit enter when the script reaches this position. I have tried changing the way \n are placed, but no luck.
I can't afford to press manually enter for all the files that are going to be embedded like this one!!
Thanks for your help!
A couple of things wrong here:
You shouldn't use both cat | ... and also a here document (<<EOF). Use one or the other.
Your example isn't testable because the example text is not the DES3 encryption of any input.
This example works as expected:
cat ~/.profile | openssl des3 -e -a -salt -pass pass:asdf -out /tmp/output.txt
That is, it writes an encrypted version of ~/.profile, base64 encoded, to file /tmp/output.txt.
Here's a working decryption example with a here document:
openssl des3 -d -a -salt -pass pass:asdf <<EOF
U2FsdGVkX1/03DBd+MpEKId2hUY82cLWpYltYy2zSsg=
EOF
Try this in the safety and comfort of your own home...