Automatically no-overwrite in ssh-keygen - bash

If I run
ssh-keygen -t rsa -N "" -f id_rsa
and the file id_rsa already exists, it will prompt me whether I want to overwrite:
id_rsa already exists.
Overwrite (y/n)?
How do I automatically answer no in a bash script? I checked man ssh-keygen but couldn't find any such option.

you could simply do like this:
echo "n"|ssh-keygen -t rsa -N "" -f id_rsa

You can use here-string to automatically answer n to the Overwrite (y/n)? question.
ssh-keygen -t rsa -N "" -f id_rsa <<< n

Related

difference in 0>&- and 0<&- I/O redirections

In example below 0>&- works that ssh-keygen command exists when input prompt appears.
Shouldn't it be 0<&- (close stdin) instead?
Both 0>&- and 0<&- seem to be working in the same way (when ssh-keygen's input/confirmation prompt appears it's closed) - how to explain it?
user#system:~/.ssh$ ls -al test123
ls: cannot access 'test123': No such file or directory
user#system:~/.ssh$ ssh-keygen -b 2048 -t rsa -f test123 -q -N "" 0>&-
user#system:~/.ssh$
user#system:~/.ssh$ ls -al test123
-rw------- 1 user user 1823 Sep 21 08:01 test123
user#system:~/.ssh$ ssh-keygen -b 2048 -t rsa -f test123 -q -N "" 0>&-
test123 already exists.
Overwrite (y/n)? user#system:~/.ssh$
user#system:~/.ssh$
user#system:~/.ssh$ ssh-keygen -b 2048 -t rsa -f test123 -q -N "" 0<&-
test123 already exists.
Overwrite (y/n)? user#system:~/.ssh$
In a documentation there is:
n<&-
Close input file descriptor n.
0<&-, <&-
Close stdin.
n>&-
Close output file descriptor n.
There is no difference between 0>&- and 0<&-.
There is a difference between >&- and <&-.
That difference is:
>&- defaults to n=1
<&- defaults to n=0
See more at this StackExchange post

How to generate and copy a SSH key in one line on macOS?

I use this command to generate a key:
ssh-keygen -t rsa -b 4096 -C "your_email#example.com"`
However I do not want to save it as a file, instead I would like to copy it to my clipboard so it is ready to be pasted.
How can I do that? How to combine this with some sort of copy to clipboard command?
I tried the following command but it didn't work:
pbcopy ssh-keygen -t rsa -b 4096 -C "your_email#example.com"ssh-keygen -t rsa -b 4096 -C "your_email#example.com"
You should create a script (or a function) to achieve this. Example with a script:
genkey.sh
#!/bin/bash
ssh-keygen -t rsa -b 4096 -C "your_email#example.com" -f $1 && pbcopy < $1.pub
The first command generates a key at the location given in the first argument of the script. The second one, pbcopy, copies the content of the newly-generated public key in your clipboard.
When running the script, feed it the path to the private key you want to generate:
sh genkey.sh ~/.ssh/id_rsa

Automate generating deploy key for github

I execute the following commands a few times a day:
ssh-keygen -t rsa -N "" -C "info#example.com" -f ~/.ssh/id_rsa_projectname
eval `ssh-agent`
ssh-add ~/.ssh/id_rsa_projectname
cat ~/.ssh/id_rsa_projectname.pub
ssh -T git#github.com
The only variable in this script is the projectname, I would like to make a keygen.sh script or something like that to automate this process and pass along the projectname. Is this possible?
Also where should I start looking and what not to forget, I'm a bit new to bash scripting and I know it can be quite dangerous in the wrong hands.
Would it not be easier to just maintain a single set of staging or development keys rather than generating them for everything? IMHO you're losing configurability and not gaining much in security.
That aside, you're on the right track but I would do things a bit different.
export PROJECT=foo;
ssh-keygen -t rsa -N "" -C "info#example.com" -f ~/.ssh/id_rsa_${PROJECT}
That will generate named keys id_rsa_foo and id_rsa_foo.pub
Now you need to make your ssh config use it for github. ~/.ssh/config should have something like:
Host remote github.com
IdentityFile ~/.ssh/id_rsa_foo
User git
StrictHostKeyChecking no
You'll need to upload the public key to github. You'll have to figure this out for yourself using their API.
If you do all this correctly you should be able to git clone automagically.
#!/bin/bash
[[ -z "${PROJECT}" ]] && echo "project must be set" && exit 1
ssh-keygen -t rsa -N "" -C "info#example.com" -f ~/.ssh/id_rsa_${PROJECT}
chmod 400 ~/.ssh/id_rsa_${PROJECT}
echo $' Host remote github.com\n IdentityFile ~/.ssh/id_rsa_'${PROJECT}'\n User git\n StrictHostKeyChecking no' >> ~/.ssh/config
chmod 644 ~/.ssh/config
# do the github api stuff to add the pub key

scp shell stops when permission denied

I have a shell script that continuously put some data from one server to another. It works fine but I want to make it more secure. So at the moment if the other server denied the permission because the password was changed the scipts freezes. Is there a possibility so if this occurs it just ignores this line and just goes on?
inotifywait -m /srv/watchfolderfilme -e create -e moved_to |
while read path action file; do
...
sshpass -p "****" scp -r /srv/newtorrentfiles/* user#0.0.0.0:/srv/torrentfiles && rm -r /srv/newtorrentfiles/*
done
scp is no the best tool to deal with your problem.
As George said, using public keys with ssh is the best way to get rid of password change.
Also you can do the trick with rsync like this :
rsync -ahz --remove-source-files /srv/newtorrentfiles/ user#SRVNAME:/srv/torrentfiles/
or
rsync -ahz /srv/newtorrentfiles/ user#SRVNAME:/srv/torrentfiles/ && rm -r /srv/newtorrentfiles/*
To be sure that all is done like you wanted (make this script more "secure"), you can send you an email if the script fails for one reason or another not due to lack of permission.
Maybe not the answer you're looking for but why don't you use SSH keys?
Updated Script:
inotifywait -m /srv/watchfolderfilme -e create -e moved_to |
while read path action file; do
...
scp -r /srv/newtorrentfiles/* b#B:/srv/torrentfiles && rm -r /srv/newtorrentfiles/*
done
How to do it
a#A:~> ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/a/.ssh/id_rsa):
Created directory '/home/a/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/a/.ssh/id_rsa.
Your public key has been saved in /home/a/.ssh/id_rsa.pub.
The key fingerprint is:
3e:4f:05:79:3a:9f:96:7c:3b:ad:e9:58:37:bc:37:e4 a#A
Now use ssh to create a directory ~/.ssh as user b on B. (The directory may already exist, which is fine):
a#A:~> ssh b#B mkdir -p .ssh
b#B's password:
Finally append a's new public key to b#B:.ssh/authorized_keys and enter b's password one last time:
a#A:~> cat .ssh/id_rsa.pub | ssh b#B 'cat >> .ssh/authorized_keys'
b#B's password:
From now on you can log into B as b from A as a without password:
a#A:~> ssh b#B
Source >> http://www.linuxproblem.org/art_9.html

Automating "enter" keypresses for bash script generating ssh keys

I would like to create script, which simply runs ssh-keygen -t rsa. But how to pass to it 3 times enter?
Try:
ssh-keygen -t rsa -N "" -f my.key
-N "" tells it to use an empty passphrase (the same as two of the enters in an interactive script)
-f my.key tells it to store the key into my.key (change as you see fit).
The whole thing runs without you needing to supply any enter keys :)
To send enters to an interactive script:
echo -e "\n\n\n" | ssh-keygen -t rsa
a version with passphrase is:
$ ssh-keygen -t rsa -b 4096 -C "comment" -P "examplePassphrase" -f "desired pathAndName" -q
the -q is for silent
Source is http://linux.die.net/man/1/ssh-keygen
Agree with Michel Marro except that it needs some more:
If the file already exists, it will still be interactive asking if it has to overwrite it.
Use the answer of this question.
yes y | ssh-keygen -q -t rsa -N '' >/dev/null
The redirection to null is necessary to silence the overwrite message.
It is recommended to use ed25519 for security and performance.
yes "y" | ssh-keygen -o -a 100 -t ed25519 -C "Bla Bla" -f /mypath/bla -N ""
here
-o OpenSSH key format instead of older PEM (needs OpenSSH 6.5+)
-a Number of primality test while screening DH-GEX candidates
-t Type of key (ed25519, RSA, DSA etc.)
-f /mypath/bla The output file path and name
-N "" Use empty passphase
and yes "y" for no interaction.
It will generate two files
/mypath/bla
/mypath/bla.pub
where the bla file is private and bla.pub is public.
echo -e "\n"|ssh-keygen -t rsa -N ""

Resources