1

I want to execute a command via ssh but my server is using passphrase, I want to make one-line only without asking passphrase. 

~# ssh -t root@dev5 'echo "tes" ; bash'
Enter passphrase for key '/home/sed22/.ssh/id_rsa':

Thanks for help.

user1070579
  • 141
  • 1
  • 2
  • 7

2 Answers2

2

but my server is using passphrase

No it's not. Your key is encrypted so your client is requesting the pass phrase so that it can decrypt it.

Don't be tempted to remove the encryption from the key - it's a Bad Thing TM.

Instead use ssh-agent or pageant (windows) to store your keys (safely) in memory for the duration of your session. How eactly you do this depends upon what your client OS is.

If you are attempting to automate a process then you may have to use an unencrypted key but you should take special precautions to limit what the key can be used for an example.

user9517
  • 114,104
  • 20
  • 206
  • 289
1

You can remove the passphrase from a key with ssh-keygen -p. This is the beginning of a key called FOO, which as you can see is encrypted with a passphrase:

[me@risby .ssh]$ head -5 FOO
-----BEGIN RSA PRIVATE KEY----- 
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,DCF8CD9222D62A42D0BFE4FC284BD6BB

f2hDtfkOeUC0Gw0MhQzSvPSj+6XtYX+Y7XMZ7m8BuAz4mg2G/M99LmXlmGW/7AUj

We strip the passphrase off (entering return when prompted for the new passphrase):

[me@risby .ssh]$ ssh-keygen -p -f FOO
Enter old passphrase: 
Enter new passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved with the new passphrase.

and the key is now unencrypted:

[me@risby .ssh]$ head -2 FOO
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEA2mfFcvjEuIsyZbhdp4U9Hn7XxFr5naBJEqSMGFdrfL7iX38C
MadHatter
  • 78,442
  • 20
  • 178
  • 229
  • perfect! this what I looking for. but what if I still need the passphrase so I want to execute the entire command with passpharase in one line? – user1070579 Apr 28 '16 at 06:28
  • Don't use an encrypted key for "security", while putting the passphrase in a script; you are fooling yourself, because it is false security. There are solutions like `ssh-agent` that will let an unattended, encrypted key work under certain circumstances, but if you're not going to do that - and it can be quite a pain - consider using an unencrypted key, but limiting **on the server** what that key can do, by using (eg) `from=` and `command=` restrictions in the `authorized_keys` file. – MadHatter Apr 28 '16 at 06:35
  • @user1070579 you might also want to go back through your old questions, and accept answers to those where you think the question has been dealt with. This prevents the questions from floating around forever like querulous albatrosses, and is the local etiquette. – MadHatter Apr 28 '16 at 07:32