manb has asked for the wisdom of the Perl Monks concerning the following question:

On the net::ssh::perl documentation I came across this statement, The password $password is needed only for password authentication (it's not used for passphrases on encrypted RSA/DSA identity files, though perhaps it should be). So the question is, if you have rsa keys (which are not created with empty passwords), is it possible to provide this password through net::ssh::perl. I understand you can use the identity fields to use public key authetication. However I want to know if remote commands can be automated if you have passwords on the keys. Thanks
  • Comment on passphrase on a RSA key with net::ssh::perl

Replies are listed 'Best First'.
Re: passphrase on a RSA key with net::ssh::perl
by ambrus (Abbot) on Feb 06, 2011 at 13:22 UTC

    As a workaround you could try to make a copy of the ssh key and change its password using ssh-keygen -p -f keyfilename.

    This is often what you want anyway, since the whole point of passphrase protected ssh keys is that if someone gets hold of your keyfile (such as if your notebook is stolen), they can't use it. This advantage is negated if you store the password on the same computer and supply it automatically from a script. That, of course, may not be what you want: maybe you want to query the password using some GUI, I can't tell.

    Update: for both the original question (supplying the passphrase to ssh) and for changing the passphrase of the key programmatically, you could try setting the SSH_ASKPASS environment variable, as documented in the manual page ssh(1).

[reply]
[d/l]
      Hello Ambrus, Thanks for the response. When I do this outside of perl I would do it with SSH_ASKPASS. (i.e. open up ssh-agent and then ssh-add the key - and using SSH_ASKPASS as a simple shell script to provide the password to ssh-add. This automates the whole process and then lets you freely ssh with password protected keys. To tell the truth I havent tested if SSH_ASKPASS is invoked from net::ssh::perl. i.e. say when the script Khen provided up runs. If it is, then this may work as I could set it to a shell script to simply echo the password. Ill have to give it a try :)
[reply]
        Try using Net::OpenSSH instead of Net::SSH::Perl. As it uses the OpenSSH client to connect to the remote machine, it would also behave in the same way, talking to ssh-agent or asking for the key passphrase on the console or through the X server (via ssh-add).

        What it does not support yet is feeding the passphrase directly from the script to the SSH client.

[reply]
Re: passphrase on a RSA key with net::ssh::perl
by Khen1950fx (Canon) on Feb 06, 2011 at 13:07 UTC
    You should be able to provide the password something like this: 
    #!/usr/bin/perl

use strict;
use warnings;
use Net::SSH::Perl;

my $host = 'localhost';
my $user = 'user';
my @keyfile = ("/home/User/.ssh/id_rsa");

my $ssh = Net::SSH::Perl->new(
               $host,
               debug => 1,
               identity_files => \@keyfile
);

    [download]
    Double check @keyfile as it might be different.
[reply]
[d/l]
      Hello Khen, Thanks for the prompt response. The above would work assuming the key ("/home/User/.ssh/id_rsa") did not have a password. i.e. if you entered a null password when ssh-keygen prompted for one. However my keys have explicit passwords set. Although the example above tells net::ssh::perl to use a key for authentication, it is still not automatically providing the password.
[reply]
        Hi, I am stuck in same problem. Do you got any solution. Please do share.
[reply]

Back to Seekers of Perl Wisdom