Non-interactive SSH sessions
If you don't need to have an interactive session on the remote server, you can execute ssh in an environment without tty, e.g. as part of a Run Shell Script action in Automator.
You need to create a program that when called prints the password to standard out, e.g. the following bash script you need to make executable using chmod +x pwd.sh:
#!/usr/bin/env bash
echo "password"
Then, set the SSH_ASKPASS environment variable to the path to this program, and then run ssh in the Automator action, like this:
export SSH_ASKPASS=/Users/danielbeck/pwd.sh
ssh user@hostname ls
When there is no tty, but SSH_ASKPASS and DISPLAY (for X11, set by default) are set, SSH executes the program specified by SSH_ASKPASS and uses its output as password. This is intended to be used in graphical environments, so that a window can pop up asking for your password. In this case, we just skipped the window, returning the password from our program. You can use security to read from your keychain instead, like this:
#!/usr/bin/env bash
security find-generic-password -l password-item-label -g 2>&1 1>/dev/null | cut -d'"' -f2
ls (on the ssh command line) is the command executed when ssh has logged in, and its output is printed in Automator. You can, of course, redirect it to a file to log output of the program you start.
Interactive SSH sessions using sshpass
I downloaded, compiled and installed sshpass and it worked perfectly. Here's what I did:
- Get the Apple developer tools
- Download and open
sshpass-1.05.tar.gz
- Open a shell to the directory
sshpass-1.05
- Run
./configure
- Run
make
- Run
make install (you might need sudo for it)
Now the program is installed to /usr/local/bin/sshpass. Execute using a line like the following:
sshpass -pYourPassword ssh username@hostname
You can read the password from security just before doing that, and use it like this:
SSHPASSWORD=$( security find-generic-password -l password-item-label -g 2>&1 1>/dev/null | cut -d'"' -f2 )
sshpass -p"$SSHPASSWORD" ssh username@hostname
Wrap this in a shell function and you can just type e.g. ssh-yourhostname to connect, having it retrieve and enter the password automatically.
ssh-agent is the piece that you want to get working, as it does exactly what you're asking about. The agent runs as a daemon, and when you "add" a private key to it, it remembers that key and automatically provides it to the remote sshd during the initial connection. (ssh-add is simply the command you run to manually add a private key to ssh-agent).
In OS X, as of Leopard, you shouldn't ever have to run ssh-agent or ssh-add manually. It should "just happen" when you attempt to connect to a server. Once per key, it will prompt you with a UI password dialog, which (among other things) will allow you to automatically add the key to the ssh-agent so you never get prompted again.
This is handled by having a launchd configuration that listens for connections on the $SSH_AUTH_SOCK socket, and automatically launches ssh-agent when it first needs to; after that, ssh-agent prompts you for credentials only when it needs to open a new key.
If that's not working, make sure you have the correct launchd configuration file present:
/System/Library/LaunchAgents/org.openbsd.ssh-agent.plist
If it's still not working for you for some reason, here's the "old" way of getting things running by hand:
http://timesinker.blogspot.com/2007/08/getting-ssh-agent-going-on-mac-osx.html
There is also this application, which I have stopped using since Leopard came out but basically did the same thing in previous versions of Mac OS X:
http://www.sshkeychain.org/
Best Answer
Open up Keychain Access (in /Applications/Utilities/), locate the SSH key (try typing SSH into the search box), right click and choose "Delete".