Reputation: 99
Bash script don't take efect ater passphrase enter
I don't want to login automatically to ssh agent, but only effective execute simple script in 'sh' file:
#!/bin/bash
clear
echo " >> Start the ssh-agent in the background."
eval $(ssh-agent -s)
echo " >> Add SSH private key to the ssh-agent"
ssh-add ~/.ssh/id_rsa
echo " >> List of ssh agents"
ssh-add -l
echo " >> Attempts ssh to GitHub"
ssh -T [email protected]
it does trigger the password request and does wait for it to be entered, even not in home dir. git inform that 'Identity added:' and 'You've successfully authenticated'
but the problem is after try to communicate with Github - 'git push' or 'pull' command does not take any positive effect :
sign_and_send_pubkey: signing failed: agent refused operation
[email protected]: Permission denied (publickey).
fatal: Could not read from remote repository.
Please make sure you have the correct access rights
and the repository exists.
after that issue I can type from keyboard the same commands ex.
ssh-add ~/.ssh/id_rsa
enter passphrase and then it enables me successfully communication with Github. What's wrong in the above script?
My context:
OS name: "linux", version: "4.15.0-76-generic", arch: "amd64", family: "unix"
Upvotes: 1
Views: 189
Answers (2)
Reputation: 3777
I was able to solve this problem with Funtoo keychain. I put a call to keychain in my .bash_profile so that the first time I log in, it asks for a passphrase, but not every time. It has the option of requiring certain keys in the agent, and only prompting you if they're not present.
Here are the relevant lines from my .bash_profile:
keychain --inherit any ~/.ssh/id_rsa_github
. ~/.keychain/$HOSTNAME-sh
The --inherit any option tells keychain to inherit any ssh-agent that's already present (e.g. the system one, or an already running one, or gnome-keyring or what have you). If none is present, it will start one. Then keychain writes a shell script in my home directory (~/.keychain/$HOSTNAME-sh) which my .bash_profile sources (with the . command above). The second argument to keychain, (~/.ssh/id_rsa_github above) is the key that needs to be loaded. The first time keychain runs, it sees that the key is not in the agent, so it prompts the user for the passphrase. Any subsequent times that it runs, it detects that the key is present, and does not prompt the user.
Upvotes: 1
Reputation: 164679
ssh-agent works by setting a bunch of environment variables to tell your shell how to communicate with it. It prints them to STDOUT and eval $(ssh-agent -s) turns them into environment variables. The important one is SSH_AUTH_SOCK which points to the socket file used to communicate with the agent.
$ echo $SSH_AUTH_SOCK
/tmp/path/to/the/socket
Environment variables only persist for the current process and its children. Your shell program is executed in a new process. Any environment variables set in your shell program die with the shell program. Your shell will not know how to speak to the agent.
You have two choices.
First, instead of executing your shell program, you can source it. This runs it as a series of shell commands in your current shell just as if you'd typed them. Environment variables which are set by the script will persist.
Second, and better, is to start ssh-agent when you login. There's many ways to do this depending on your operating system. You might already have one running. Check $SSH_AUTH_SOCK.
PS echo " >> List of ssh agents" should be echo " >> List of ssh keys"
Upvotes: 3
Related Questions
- Supplying a password to Git in a Bash script
- Git Clone ssh authentication through bash script
- Provide passphrase to git in bash script
- How can my script invoke SSH and avoid "Enter passphrase for key" messages?
- Script that executes ssh-add and feeds the passphrase automatically
- Git enter long passphrase for every push
- Bash script stops execution on password promt
- How to run git pull and bypass SSH passphrase prompt in user startup script?
- Send passphrase with git push
- Stop github from asking for passphase in bash file