Carry Private SSH RSA / DSA Key For Connection Using Unix / Linux Shell Script

How do I add my RSA or DSA keyfile in shell script itself for the connection so that I need to carry only one file on my USB pen drive instead of $HOME/.ssh/id_rsa file under Unix / Linux operating systems?

Linux / Unix / Apple OS X / BSD operating system stores your rsa / dsa private and public keys in your $HOME/.ssh/ directory. You can use the following syntax to specific a file from which the identity (private key) for RSA or DSA authentication is used by the ssh command:

ssh -i /path/to/your/rsa_or_dsa_file user@server1.cyberciti.biz

The default is ~/.ssh/id_rsa and ~/.ssh/id_dsa for protocol version 2.

Shell Script Hack To Carry ~/.ssh/id_rsa And ~/.ssh/id_dsa In Script Itself

The shell script syntax is as follows:

#!/bin/bash
/usr/bin/ssh -i $0 user@server1.cyberciti.biz
exit 
 
##################################################
### Append ~/.ssh/id_rsa or ~/.ssh/id_dsa here ###
##################################################
-----BEGIN RSA PRIVATE KEY-----
 
-----END RSA PRIVATE KEY-----

Now just run a script and it will get connected to remote server called server1.cyberciti.biz:
$ ./path/to/your/script

Sample Shell Script

I use the following to rescue or connect to my home server called nas.cyberciti.biz:

Warning shell script examples may expose your keys

WARNING! These examples may expose your private data as it contains the private key for authentication. These files (or shell script) contain sensitive data and should be readable by the user but not accessible by others (read/write/execute)

#!/bin/bash
_me="${0##*/}"
_user="root"
_port="22"
_server="nas.cyberciti.biz"
_args="$@"
## Server name validation ##
host $_server &>/dev/null
[ $? -ne 0 ] && { echo "Server '$_server' not found. Set correct \$_server in $_me script."; exit 1; }
 
## Get in ##
ssh -i "${_me}" -p $_port ${_user}@${_server} "$_args"
exit 
 
### Replace this with your actual key. This is not a valid key :P ###
-----BEGIN RSA PRIVATE KEY-----
MIIEpgIBAAKCAQEAxPzlOsgLM72jv93rj7Tcw5Sj6V797mLL7GoZKcQIFeo2e3G7
q69bTcaDwnaxf7vTCWdcJbgrQRGbZ6w1EzuB5xC0YYVF2TGlWu1L9n8rGvJQm0OH
tyMMi+O5i+2VwED4gDaLuBE83IZpeaHn6PmSbV3JGstz4QkeW/PqT5XJyCS2qHzo
lWkY/SGXXPn9rM+U5KOAwIdetMQooGdZGkaAWbqmm6Ujsqz6IeKOnP0sQNvvyvpv
UQogLGnJDdI+hrhOtzVZ+qiHmUlJC8EgiWedRz3mFF9G3Z1LSUqR++NAGmGuZFph
utrKNR9LRqis4FzqkGb9rpaT5749yZRqQgJdwwIDAQABAoIBAQCvFDaIsBOEwSAw
/4TGDPHJwuqMGKmInrawQPxsapblI22Y+dTbGtgDoFSrGeNYrA89ZGg5/h4zjvqY
gi4KEfG69NXddx5FlCJrVk0VoKEnKgcKeFK/Kp+UFapr+5YFcblr+w7jYi69sZk9
SfFc17SVD64V6o3rjLc28utmILNe9fHmyLyLuaOvrwrWu1qxds9npDEPHks+0PUN
xaeFzI5zPqWQfiu7j3FjsG2h1QCGL/Uqd5+IYSCqouOgsWCD10PFlryKc9+3PXFU
ZrvB2+U0/LmFcI3+MYgGsCiL3zQzOWZg6hV6mNCHXh5yq4SskKKsntpclF2nrWWx
fUQ07ccBAoGBAPRd9nwUf8tobEGdRSKYM+JqL+DN7yUKqbZsrho9sfvxg537DZRo
24BFRD6GmnZWFq0pgTymDNIyGNI4NNj44VR+oqE4sfsQHRoJ2IJidgDvbZGJqo9Zu
Uib40IdXvYe6rwgjfBaksVUkPNkUZuDGsWuFXvDsZ6ECOl4VHSm5dSPzAoGBAM5d
iPnTwZwoXk2H/F1uwHiBm8ZB6x9FofiN06sf3Und1oQT74LwiHZL/1BA2Oh/kMls
blwfHry3HCBXuFLudd4AV1y9XlonUA4OgcPm4KJJoWfOiRwyZgMNUf9oTl1neo/q
p2pkwIauKUSXH1flZhgATQnKPZnIh6XEIlnNxeLxAoGBAIS/rrEFKc9EMNsMJox+
hmEPMmc7OBi1TDCvpXzX2yJ0tv1RbrUaqXNrLYGR+cMjTTpQe8aIphph4J4CrqLX
wQD3sj1GvUZ7FVC1/0so9IqPyl60c8B/Od21+QItJebgAUm4jSZ33WXVQ8Dhlmmx
RpyUXVkf88PBxBdr/OW3u+0FAoGBAKNB/iZerxGiIhDGHxGvl5b+OkVbSu5fgScI
1MWiaizQ0m+E8fut3Ndxghd0ZeVxXhLrtFcuy3tShW7U1t7NBfROYs7chXNfHIcy
235+ito1LgW0+rZm8nM+sAM7mSRETCo4SNiEq0Ug35GuvHfqVjtyQPwOKY26j4qq
Xd6b2wyRAoGBAMt9sWTgSKUKHnSoxtRG5Yy+g3GainjT4Lc1JUJjBGr7bYio2ZB/
L/W4H2mtZpkx0kYSI+TdzTJh9W15Ck1z+NmZxmCb2rbr4ESjQpWd/9G4MLO6tLtP
sAk1hN1HMU2hXR+ObvtODXamUQjBq72WXpqVgyhIF2TMMVWEMQAdf8Lg
-----END RSA PRIVATE KEY-----

#!/bin/bash _me="${0##*/}" _user="root" _port="22" _server="nas.cyberciti.biz" _args="$@" ## Server name validation ## host $_server &>/dev/null [ $? -ne 0 ] && { echo "Server '$_server' not found. Set correct \$_server in $_me script."; exit 1; } ## Get in ## ssh -i "${_me}" -p $_port ${_user}@${_server} "$_args" exit ### Replace this with your actual key. This is not a valid key :P ### -----BEGIN RSA PRIVATE KEY----- MIIEpgIBAAKCAQEAxPzlOsgLM72jv93rj7Tcw5Sj6V797mLL7GoZKcQIFeo2e3G7 q69bTcaDwnaxf7vTCWdcJbgrQRGbZ6w1EzuB5xC0YYVF2TGlWu1L9n8rGvJQm0OH tyMMi+O5i+2VwED4gDaLuBE83IZpeaHn6PmSbV3JGstz4QkeW/PqT5XJyCS2qHzo lWkY/SGXXPn9rM+U5KOAwIdetMQooGdZGkaAWbqmm6Ujsqz6IeKOnP0sQNvvyvpv UQogLGnJDdI+hrhOtzVZ+qiHmUlJC8EgiWedRz3mFF9G3Z1LSUqR++NAGmGuZFph utrKNR9LRqis4FzqkGb9rpaT5749yZRqQgJdwwIDAQABAoIBAQCvFDaIsBOEwSAw /4TGDPHJwuqMGKmInrawQPxsapblI22Y+dTbGtgDoFSrGeNYrA89ZGg5/h4zjvqY gi4KEfG69NXddx5FlCJrVk0VoKEnKgcKeFK/Kp+UFapr+5YFcblr+w7jYi69sZk9 SfFc17SVD64V6o3rjLc28utmILNe9fHmyLyLuaOvrwrWu1qxds9npDEPHks+0PUN xaeFzI5zPqWQfiu7j3FjsG2h1QCGL/Uqd5+IYSCqouOgsWCD10PFlryKc9+3PXFU ZrvB2+U0/LmFcI3+MYgGsCiL3zQzOWZg6hV6mNCHXh5yq4SskKKsntpclF2nrWWx fUQ07ccBAoGBAPRd9nwUf8tobEGdRSKYM+JqL+DN7yUKqbZsrho9sfvxg537DZRo 24BFRD6GmnZWFq0pgTymDNIyGNI4NNj44VR+oqE4sfsQHRoJ2IJidgDvbZGJqo9Zu Uib40IdXvYe6rwgjfBaksVUkPNkUZuDGsWuFXvDsZ6ECOl4VHSm5dSPzAoGBAM5d iPnTwZwoXk2H/F1uwHiBm8ZB6x9FofiN06sf3Und1oQT74LwiHZL/1BA2Oh/kMls blwfHry3HCBXuFLudd4AV1y9XlonUA4OgcPm4KJJoWfOiRwyZgMNUf9oTl1neo/q p2pkwIauKUSXH1flZhgATQnKPZnIh6XEIlnNxeLxAoGBAIS/rrEFKc9EMNsMJox+ hmEPMmc7OBi1TDCvpXzX2yJ0tv1RbrUaqXNrLYGR+cMjTTpQe8aIphph4J4CrqLX wQD3sj1GvUZ7FVC1/0so9IqPyl60c8B/Od21+QItJebgAUm4jSZ33WXVQ8Dhlmmx RpyUXVkf88PBxBdr/OW3u+0FAoGBAKNB/iZerxGiIhDGHxGvl5b+OkVbSu5fgScI 1MWiaizQ0m+E8fut3Ndxghd0ZeVxXhLrtFcuy3tShW7U1t7NBfROYs7chXNfHIcy 235+ito1LgW0+rZm8nM+sAM7mSRETCo4SNiEq0Ug35GuvHfqVjtyQPwOKY26j4qq Xd6b2wyRAoGBAMt9sWTgSKUKHnSoxtRG5Yy+g3GainjT4Lc1JUJjBGr7bYio2ZB/ L/W4H2mtZpkx0kYSI+TdzTJh9W15Ck1z+NmZxmCb2rbr4ESjQpWd/9G4MLO6tLtP sAk1hN1HMU2hXR+ObvtODXamUQjBq72WXpqVgyhIF2TMMVWEMQAdf8Lg -----END RSA PRIVATE KEY-----

Because of the potential for abuse, this file must have strict permissions: read/write for the user, and not accessible by others. Use the chown and chmod commands as follows:
chown vivek:vivek script chmod 0700 script
Run the script as follows:
$ ./script $ ./script uptime
Sample outputs:

07:46:03 up 13 days,  1:07,  1 user,  load average: 0.00, 0.00, 0.00

Posted by: Vivek Gite

The author is the creator of nixCraft and a seasoned sysadmin, DevOps engineer, and a trainer for the Linux operating system/Unix shell scripting. Get the latest tutorials on SysAdmin, Linux/Unix and open source topics via RSS/XML feed or weekly email newsletter.

3 comment

ttt says:

March 27, 2012 at 1:48 pm

Nice article and thanks for sharing it.
Peter says:

March 29, 2012 at 1:59 am

The shell script hack is tricky.

I strongly recommend encrypt your private key using:

ssh-keygen -p

This will ask you to set a passphrase for your key.
And incorporate the encrypted key into your shell script. It would look like this:
—–BEGIN RSA PRIVATE KEY—–
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,34B03A2FC16BDFAD
……………………………….
……………………………….
—–END RSA PRIVATE KEY—–
abhay says:

November 19, 2012 at 5:46 pm

What does “${0##*/}” mean?

Still, have a question? Get help on our forum!

nixCraft