Non-interactive SSH sessions
If you don't need to have an interactive session on the remote server, you can execute ssh
in an environment without tty
, e.g. as part of a Run Shell Script action in Automator.
You need to create a program that when called prints the password to standard out, e.g. the following bash script you need to make executable using chmod +x pwd.sh
:
#!/usr/bin/env bash
echo "password"
Then, set the SSH_ASKPASS
environment variable to the path to this program, and then run ssh
in the Automator action, like this:
export SSH_ASKPASS=/Users/danielbeck/pwd.sh
ssh user@hostname ls
When there is no tty
, but SSH_ASKPASS
and DISPLAY
(for X11, set by default) are set, SSH executes the program specified by SSH_ASKPASS
and uses its output as password. This is intended to be used in graphical environments, so that a window can pop up asking for your password. In this case, we just skipped the window, returning the password from our program. You can use security
to read from your keychain instead, like this:
#!/usr/bin/env bash
security find-generic-password -l password-item-label -g 2>&1 1>/dev/null | cut -d'"' -f2
ls
(on the ssh
command line) is the command executed when ssh
has logged in, and its output is printed in Automator. You can, of course, redirect it to a file to log output of the program you start.
Interactive SSH sessions using sshpass
I downloaded, compiled and installed sshpass
and it worked perfectly. Here's what I did:
- Get the Apple developer tools
- Download and open
sshpass-1.05.tar.gz
- Open a shell to the directory
sshpass-1.05
- Run
./configure
- Run
make
- Run
make install
(you might need sudo
for it)
Now the program is installed to /usr/local/bin/sshpass
. Execute using a line like the following:
sshpass -pYourPassword ssh username@hostname
You can read the password from security
just before doing that, and use it like this:
SSHPASSWORD=$( security find-generic-password -l password-item-label -g 2>&1 1>/dev/null | cut -d'"' -f2 )
sshpass -p"$SSHPASSWORD" ssh username@hostname
Wrap this in a shell function and you can just type e.g. ssh-yourhostname
to connect, having it retrieve and enter the password automatically.
Make sure you have followed heavyd directions on the ssh keys
Windows Git AND TortoiseGit require 2 environment variables set in Windows.
GIT_SSH=C:\Program Files\TortoiseGIT\bin\TortoiseGitPlink.exe
SVN_SSH=C:\Program Files\TortoiseGIT\bin\TortoiseGitPlink.exe
(replace with your paths if different)
You also need to make sure the PLINK_PROTOCOL is not being overridden. Otherwise,
PLINK_PROTOCOL=ssh
After making these changes, verify access with the following:
Open a Dos Command window
issue the command plink git@your git depot server name
If a list of Git repositories is returned, you are communicating with Git.
If an error is returned, you may need to edit your .ssh/config and/or etc/hosts windows files
Best Answer
As far as I can tell, the GitHub folks created the git-credential-osxkeychain helper, and their page on setting it up contains this tip:
Tip: The credential helper only works when you clone an HTTPS repository URL. If you use the SSH repository URL instead, SSH keys are used for authentication. This guide offers help generating and using an SSH key pair.
I'm not sure what your security concern is regarding putting your public key in your network home directory. It's your public key. It's meant to be public.
On the other hand, if your network home directory volume is set to automount and isn't mounted when you're trying to use
git
orssh
, it becomes a bit of a chicken-and-egg problem trying to figure out how to get your home directory mounted before you log in, so that you can be authenticated and logged in.