How can I run a script to log into a remote server and execute a remote ssh command without entering in my passphrase?
For example:
When I log onto a remote server and execute the git pull
command I see ssh
prompt me for my passphrase:
$ git pull origin master
Enter passphrase for /home/v3ed2/.ssh/id_rsa:
Once I enter my passphrase I continue with the command.
I want to run a script that will log into the remote server and run the command for me. I already tried this script:
ssh ve "cd clients/ ; git pull"
However, when the script runs, it does not prompt me for my passphrase. The script just hangs while it waits for my passphrase, but when I try to enter a passphrase, I get the error:
bash: line 1: [REDACTED]: command not found
Best Answer
When you run ssh with no command, it sets up a pseudo-terminal on the server side and runs an interactive shell in that terminal. When you pass a command, the command is executed with its input and output directly connected to the SSH channel, there is no remote terminal. If you pass the
-t
option, then a terminal is created on the remote side, and you will get a password prompt where you can type your password.However, this is not a convenient way to do it. The convenient way is to run an SSH agent on your local machine, and forward that agent's connection.
First, you need to use public key authentication, not password authentication, on the second connection (to the git server). You're already doing this so I won't go into more detail.
Copy the private key for the second server (
/home/v3ed2/.ssh/id_rsa
on the intermediate machine) to your local machine. Alternatively, on the git server, authorize a public key for which you have the private key on your local machine. Alternatively, first runssh -t ve ssh-add .ssh/id_rsa
to register the intermediate machine's key with your local agent.Some distributions and desktop environments already set up an SSH agent. Check if you have one running with
ssh-add -l
. If this tells you you have no agent running, you'll need to start one with your session. Either runssh-agent your-session-manager
instead of callingyour-session-manager
directly, or runeval $(ssh-agent)
in your session startup script, or tick the “run SSH agent” checkbox in your GUI configuration. You need to do two things: start thessh-agent
program, and get theSSH_AUTH_SOCK
variable that it sets or prints into your session's environment. The details of how to do this are very specific to your distribution and desktop environment.Once you have the SSH agent running locally, make sure that it is forwarded. It may or may not be forwarded by default. Run
ssh ev ssh-add -l
to check whether the agent is forwarded. If it isn't, add the lineForwardAgent yes
to your local~/.ssh/config
.If you're running Windows with PuTTY locally, it comes with a key agent too, Pageant. See the PuTTY manual for instructions.
When you have a working SSH agent setup, register your key(s) with the agent once per session, with the command
ssh-add ~/.ssh/id_rsa
(or whatever the path to the private key is). After this, you can use the key with no prompting for the remainder of the session.