From a3710d5d3eef5757f53f7d0f20f205b0501ebc5d Mon Sep 17 00:00:00 2001 From: Steven Agyekum Date: Mon, 2 Aug 2021 19:14:10 +0200 Subject: [PATCH 1/5] simplify perms handling --- Dockerfile | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 12ac8f5..c0d14dc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,8 +9,7 @@ RUN rm -rf /var/cache/apk/* RUN mkdir ~/.ssh # Copy in our executables. -COPY agent-start agent-stop agent-add agent-autostart /bin/ -COPY hosts-clear hosts-add /bin/ +COPY agent-* hosts-* /bin/ RUN chmod +x /bin/agent-* /bin/hosts-* # Prepare for known hosts. From d0cc021e8430d6c6bbd59558f49a682b7d8fcdb4 Mon Sep 17 00:00:00 2001 From: Steven Agyekum Date: Mon, 2 Aug 2021 19:14:48 +0200 Subject: [PATCH 2/5] add ssh-askpass(1) program --- agent-askpass | 2 ++ 1 file changed, 2 insertions(+) create mode 100644 agent-askpass diff --git a/agent-askpass b/agent-askpass new file mode 100644 index 0000000..3233cd9 --- /dev/null +++ b/agent-askpass @@ -0,0 +1,2 @@ +#!/bin/sh +echo "$SSH_PASS" \ No newline at end of file From eb3ddd767e7550a1abdceccd3a6b9fcb6f2a3ae8 Mon Sep 17 00:00:00 2001 From: Steven Agyekum Date: Mon, 2 Aug 2021 19:16:39 +0200 Subject: [PATCH 3/5] add ssh pass ability to agent-start * invokes agent-askpass when a passphrase protected key should be added via ssh-add --- agent-add | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/agent-add b/agent-add index 29e665a..e314f1e 100644 --- a/agent-add +++ b/agent-add @@ -1,4 +1,4 @@ #!/bin/sh source agent-start "${1:-default}" -cat - | tr -d '\r' | ssh-add - >/dev/null \ No newline at end of file +cat - | tr -d '\r' | DISPLAY=1 SSH_ASKPASS=agent-askpass ssh-add - >/dev/null \ No newline at end of file From 2b8e763f5920101fd3b3d838f0f4ef3c0d9a6e0a Mon Sep 17 00:00:00 2001 From: Steven Agyekum Date: Mon, 2 Aug 2021 19:18:51 +0200 Subject: [PATCH 4/5] correct old typo --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index bb93c8d..6dc0be0 100644 --- a/README.md +++ b/README.md @@ -41,7 +41,7 @@ It takes one optional argument, for the name of the agent to be stopped. Default #### agent-add This command adds a key to the currently running SSH agent. The key is taken from stdin, and the agent used is that in SSH_AGENT_PID. -#### agent-autoadd +#### agent-autostart This command starts the SSH agent and loads the private key from the "SSH_PRIVATE_KEY" environment var. The command takes one optional argument, for the name of the agent to be started. Defaults to "default". As with agent-start, this command needs to be sourced. From babc7ad0c2a6a16c6720183d940ff157171954dc Mon Sep 17 00:00:00 2001 From: Steven Agyekum Date: Mon, 2 Aug 2021 19:36:36 +0200 Subject: [PATCH 5/5] mention new agent-askpass and agent-add behavior --- README.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/README.md b/README.md index 6dc0be0..f6d2a30 100644 --- a/README.md +++ b/README.md @@ -45,6 +45,11 @@ This command adds a key to the currently running SSH agent. The key is taken fro This command starts the SSH agent and loads the private key from the "SSH_PRIVATE_KEY" environment var. The command takes one optional argument, for the name of the agent to be started. Defaults to "default". As with agent-start, this command needs to be sourced. +#### agent-askpass +This command is called by ssh-add when the [SSH_ASKPASS](https://man.openbsd.org/ssh-add.1#ENVIRONMENT) variable is set active. The command returns the SSH_PASS to [ssh-askpass(1)](https://man.openbsd.org/ssh-askpass.1). + +This command is ignored by ssh-add if the key does not require a passphrase. + ### known_hosts management #### hosts-clear This command truncates the known_hosts file and sets its permissions. @@ -78,3 +83,11 @@ deploy: script: - rsync -zrSlhaO --chmod=D2775,F664 --delete-after . $FTP_USER@$FTP_HOST:/var/www/deployment/ ``` + +## Using with passphrase protected key + +You can supply a passphrase with ``SSH_PASS`` to ``agent-add``, ``agent-start`` or ``agent-autostart``. + +``` +SSH_PASS="THE_PASSPHRASE" agent-add +```