28

Would it be possible to run ssh-keygen without human interaction?

I have a shell script that takes care of server deployment from start to finish, but ssh-keygen is the only remaining piece that still requires my input.

Would it be possible to feed the parameters to it? Or is there something similar to debconf-set-selections that could be used for this?

*running Debian

Hayek
  • 1,975
  • 3
  • 21
  • 26

3 Answers3

21

You can do more or less anything with command-line arguments. Is there something particular you want to do which doesn't appear in the man page?

wry@onyx:~$ ssh-keygen -t dsa -N "my passphrase" -C "test key" -f mykey
Generating public/private dsa key pair.
Your identification has been saved in mykey.
Your public key has been saved in mykey.pub.
The key fingerprint is:
2f:17:a4:5d:6f:25:d7:5a:0e:84:be:af:ee:52:8b:42 test key

(the rest snipped for brevity)

crazyscot
  • 347
  • 2
  • 5
  • 3
    Best to avoid storing this command in your history - you don't want the passphrase recorded in plaintext on your computer. (Yes, generally the history file has 600 permissions so only root could snoop, but better safe than sorry.) – Cascabel Mar 28 '10 at 20:26
  • 2
    The point is he's going to script it anyway. – Joshua Sep 05 '12 at 18:14
  • 1
    In your script, use a prompt (`read -s`) to read the password to pass on. Also beware `ps` may reveal process command args (which will include password). Because of that it may be best to use `expect` along with the normal password prompt, to send it in that way. – Steven Lu Jul 19 '13 at 19:09
  • 2
    It will still require human interaction if the file by that name already exists. – Suhail Gupta Jan 15 '19 at 05:39
  • Recovering passwords from ssh keys is relatively trivial. In a world where many people use their admin workstation's login password as the key password it's better to advise people to NOT put a passphrase on keys. (protect your private key, if you fail to do that at least you don't also lose your password) – jorfus Jan 22 '21 at 21:39
20

In case of server deployment:

ssh-keygen -t rsa -q -f "$HOME/.ssh/id_rsa" -N ""

In terms of communication from server installed to git repositories or other servers would be easy.

techraf
  • 4,852
  • 11
  • 24
  • 40
Yogesh Kamat
  • 297
  • 2
  • 2
-2
operacao@ubuntu:~$ ssh-keygen -t dsa