Non-interactive SSH sessions
If you don't need to have an interactive session on the remote server, you can execute ssh
in an environment without tty
, e.g. as part of a Run Shell Script action in Automator.
You need to create a program that when called prints the password to standard out, e.g. the following bash script you need to make executable using chmod +x pwd.sh
:
#!/usr/bin/env bash
echo "password"
Then, set the SSH_ASKPASS
environment variable to the path to this program, and then run ssh
in the Automator action, like this:
export SSH_ASKPASS=/Users/danielbeck/pwd.sh
ssh user@hostname ls
When there is no tty
, but SSH_ASKPASS
and DISPLAY
(for X11, set by default) are set, SSH executes the program specified by SSH_ASKPASS
and uses its output as password. This is intended to be used in graphical environments, so that a window can pop up asking for your password. In this case, we just skipped the window, returning the password from our program. You can use security
to read from your keychain instead, like this:
#!/usr/bin/env bash
security find-generic-password -l password-item-label -g 2>&1 1>/dev/null | cut -d'"' -f2
ls
(on the ssh
command line) is the command executed when ssh
has logged in, and its output is printed in Automator. You can, of course, redirect it to a file to log output of the program you start.
Interactive SSH sessions using sshpass
I downloaded, compiled and installed sshpass
and it worked perfectly. Here's what I did:
- Get the Apple developer tools
- Download and open
sshpass-1.05.tar.gz
- Open a shell to the directory
sshpass-1.05
- Run
./configure
- Run
make
- Run
make install
(you might need sudo
for it)
Now the program is installed to /usr/local/bin/sshpass
. Execute using a line like the following:
sshpass -pYourPassword ssh username@hostname
You can read the password from security
just before doing that, and use it like this:
SSHPASSWORD=$( security find-generic-password -l password-item-label -g 2>&1 1>/dev/null | cut -d'"' -f2 )
sshpass -p"$SSHPASSWORD" ssh username@hostname
Wrap this in a shell function and you can just type e.g. ssh-yourhostname
to connect, having it retrieve and enter the password automatically.
ssh-agent
is the piece that you want to get working, as it does exactly what you're asking about. The agent runs as a daemon, and when you "add" a private key to it, it remembers that key and automatically provides it to the remote sshd
during the initial connection. (ssh-add
is simply the command you run to manually add a private key to ssh-agent
).
In OS X, as of Leopard, you shouldn't ever have to run ssh-agent
or ssh-add
manually. It should "just happen" when you attempt to connect to a server. Once per key, it will prompt you with a UI password dialog, which (among other things) will allow you to automatically add the key to the ssh-agent
so you never get prompted again.
This is handled by having a launchd
configuration that listens for connections on the $SSH_AUTH_SOCK
socket, and automatically launches ssh-agent
when it first needs to; after that, ssh-agent
prompts you for credentials only when it needs to open a new key.
If that's not working, make sure you have the correct launchd
configuration file present:
/System/Library/LaunchAgents/org.openbsd.ssh-agent.plist
If it's still not working for you for some reason, here's the "old" way of getting things running by hand:
http://timesinker.blogspot.com/2007/08/getting-ssh-agent-going-on-mac-osx.html
There is also this application, which I have stopped using since Leopard came out but basically did the same thing in previous versions of Mac OS X:
http://www.sshkeychain.org/
Best Answer
Open up Keychain Access (in /Applications/Utilities/), locate the SSH key (try typing SSH into the search box), right click and choose "Delete".