n4dir 2017-02-26 21:15:11
ssh-add , not ssh-key
bezaban 2017-02-26 21:15:34
I discovered sshpass to specify passWORD on command line, it might have something similar for passphrase.
nikitasius 2017-02-26 21:15:50
n4dir: but if i don't want to store my keys in id_rsa? if i store them in my folder.
n4dir 2017-02-26 21:16:01
doesn't matter, give full path
bezaban 2017-02-26 21:16:03
but think about the potential consequences and consider ssh-agent
n4dir 2017-02-26 21:16:46
nikitasius: you will perhaps want to use ~/.ssh/config file, that will safe you from having to do long ssh commands
nikitasius 2017-02-26 21:18:03
n4dir: great... but in case if i want to use long ssh commands and store my keys 1 by 1 in ecryptfs folder? ssh-add just add key into storage in my home dir.
nikitasius 2017-02-26 21:18:37
question is: how to force `ssh` command from bin/sh script ask my passphrase?
n4dir 2017-02-26 21:18:43
i don't know if it matters if the keys are not stored in ~/.ssh; never did it, but doubt it matters
nikitasius 2017-02-26 21:18:47
posted earlier: `#!/bin/sh ssh -i mykey root@example.com exit 0` and.. script just stop.. no passphrase asking
babilen 2017-02-26 21:18:56
It doesn't matter where your keys are stored
nikitasius 2017-02-26 21:19:03
n4dir: hmmm?..
nikitasius 2017-02-26 21:19:25
let me try...
n4dir 2017-02-26 21:19:50
ssh -i /home/me/encrypted_folder/ssh_stuff/remote_server_rsa remote_server ; like that, i guess
babilen 2017-02-26 21:20:07
You could easily configure that in ~/.ssh/config
babilen 2017-02-26 21:20:18
Ah .. you mentioned that already
babilen 2017-02-26 21:20:31
"But I want my life to be complicated" :)
nikitasius 2017-02-26 21:20:54
babilen: life is beautiful, im on debian <3
n4dir 2017-02-26 21:22:58
nikitasius: that would be an example how i use ~/.ssh/config (but i can't say i that good with it, be warned): http://sprunge.us/WIHC
n4dir 2017-02-26 21:23:35
perhaps babilen can have a quick look and confirm it doesn't look plain wrong :-)
nikitasius 2017-02-26 21:25:28
hmm.... plaint text in home folder...
nikitasius 2017-02-26 21:25:31
*plain
bezaban 2017-02-26 21:26:04
that's not sensitive
nikitasius 2017-02-26 21:26:17
but for folks who love long commands there is no `-param` for `ssh` where we can setup passphrase..?
babilen 2017-02-26 21:26:23
n4dir: Sure, looks alright
n4dir 2017-02-26 21:27:02
thanks.
n4dir 2017-02-26 21:27:55
nikitasius: the permissions of ~/.ssh are set to be very restrict
n4dir 2017-02-26 21:28:12
besides that there ain't much info of *that much use to be found.
n4dir 2017-02-26 21:28:47
if it bugs you too much, encrypt the file and decrypt it before using ssh (that is: "make your life complicated")
n4dir 2017-02-26 21:29:31
if you use your command, anyone with access to your account can look it as well up via shell history ...
nikitasius 2017-02-26 21:29:38
n4dir: i use ecryptfs folder :)
n4dir 2017-02-26 21:34:38
i would first of all consider who are the possible attackers you worry about (and what their options are)
n4dir 2017-02-26 21:35:11
my username is user, my user password is user. Now see how far you can get with that.
nikitasius 2017-02-26 21:36:36
n4dir: as google tells me, `ssh-add mykey` stored in memory till reboot. Right?
n4dir 2017-02-26 21:37:32
no idea, but per default it seems like that.
joze 2017-02-26 21:37:53
someone may freeze your ram with nitrogen and steal the data
nikitasius 2017-02-26 21:37:54
joze: i know that:)
n4dir 2017-02-26 21:38:36
nikitasius: man ssh-add, ssh-add -t lifetime
n4dir 2017-02-26 21:39:06
doesn't make much sense to store a key for a short time only though, i think
Shadow_7 2017-02-26 21:39:23
it does for security
n4dir 2017-02-26 21:39:36
uh? well: then don't store the key.
nikitasius 2017-02-26 21:39:45
i'll check if bin/sh script will load my keys into ssh-add with asking passphrase
camh 2017-02-26 21:39:50
tomg2, n4dir: setsid -w in an Xsession.d script fixes it with no obvious downsides: http://pastebin.com/mNpwF0ME
Shadow_7 2017-02-26 21:39:58
having worked for companies that required you to re-login every 20 minutes and they felt that that was generous.
n4dir 2017-02-26 21:40:59
log in and being logged out right away would even be more secure
nikitasius 2017-02-26 21:41:27
lol.. finally even if i made `#!/bin/bash ssh-add mykey exit 0` it doesn't ask password..
nikitasius 2017-02-26 21:41:36
to be added....
nikitasius 2017-02-26 21:41:53
:-|
camh 2017-02-26 21:42:04
Shadow_7: I've worked at a place where keys were valid for 19 hours. That gets you through a (long) workday, but you need to re-auth every day
