How do I add my RSA or DSA keyfile in shell script itself for the connection so that I need to carry only one file on my USB pen drive instead of $HOME/.ssh/id_rsa file under Unix / Linux operating systems?
Linux / Unix / Apple OS X / BSD operating system stores your rsa / dsa private and public keys in your $HOME/.ssh/ directory. You can use the following syntax to specific a file from which the identity (private key) for RSA or DSA authentication is used by the ssh command:
ssh -i /path/to/your/rsa_or_dsa_file user@server1.cyberciti.biz
The default is ~/.ssh/id_rsa and ~/.ssh/id_dsa for protocol version 2.
Shell Script Hack To Carry ~/.ssh/id_rsa And ~/.ssh/id_dsa In Script Itself
The shell script syntax is as follows:
#!/bin/bash /usr/bin/ssh -i $0 user@server1.cyberciti.biz exit ################################################## ### Append ~/.ssh/id_rsa or ~/.ssh/id_dsa here ### ################################################## -----BEGIN RSA PRIVATE KEY----- -----END RSA PRIVATE KEY-----
Now just run a script and it will get connected to remote server called server1.cyberciti.biz:
$ ./path/to/your/script
Sample Shell Script
I use the following to rescue or connect to my home server called nas.cyberciti.biz:
#!/bin/bash _me="${0##*/}" _user="root" _port="22" _server="nas.cyberciti.biz" _args="$@" ## Server name validation ## host $_server &>/dev/null [ $? -ne 0 ] && { echo "Server '$_server' not found. Set correct \$_server in $_me script."; exit 1; } ## Get in ## ssh -i "${_me}" -p $_port ${_user}@${_server} "$_args" exit ### Replace this with your actual key. This is not a valid key :P ### -----BEGIN RSA PRIVATE KEY----- MIIEpgIBAAKCAQEAxPzlOsgLM72jv93rj7Tcw5Sj6V797mLL7GoZKcQIFeo2e3G7 q69bTcaDwnaxf7vTCWdcJbgrQRGbZ6w1EzuB5xC0YYVF2TGlWu1L9n8rGvJQm0OH tyMMi+O5i+2VwED4gDaLuBE83IZpeaHn6PmSbV3JGstz4QkeW/PqT5XJyCS2qHzo lWkY/SGXXPn9rM+U5KOAwIdetMQooGdZGkaAWbqmm6Ujsqz6IeKOnP0sQNvvyvpv UQogLGnJDdI+hrhOtzVZ+qiHmUlJC8EgiWedRz3mFF9G3Z1LSUqR++NAGmGuZFph utrKNR9LRqis4FzqkGb9rpaT5749yZRqQgJdwwIDAQABAoIBAQCvFDaIsBOEwSAw /4TGDPHJwuqMGKmInrawQPxsapblI22Y+dTbGtgDoFSrGeNYrA89ZGg5/h4zjvqY gi4KEfG69NXddx5FlCJrVk0VoKEnKgcKeFK/Kp+UFapr+5YFcblr+w7jYi69sZk9 SfFc17SVD64V6o3rjLc28utmILNe9fHmyLyLuaOvrwrWu1qxds9npDEPHks+0PUN xaeFzI5zPqWQfiu7j3FjsG2h1QCGL/Uqd5+IYSCqouOgsWCD10PFlryKc9+3PXFU ZrvB2+U0/LmFcI3+MYgGsCiL3zQzOWZg6hV6mNCHXh5yq4SskKKsntpclF2nrWWx fUQ07ccBAoGBAPRd9nwUf8tobEGdRSKYM+JqL+DN7yUKqbZsrho9sfvxg537DZRo 24BFRD6GmnZWFq0pgTymDNIyGNI4NNj44VR+oqE4sfsQHRoJ2IJidgDvbZGJqo9Zu Uib40IdXvYe6rwgjfBaksVUkPNkUZuDGsWuFXvDsZ6ECOl4VHSm5dSPzAoGBAM5d iPnTwZwoXk2H/F1uwHiBm8ZB6x9FofiN06sf3Und1oQT74LwiHZL/1BA2Oh/kMls blwfHry3HCBXuFLudd4AV1y9XlonUA4OgcPm4KJJoWfOiRwyZgMNUf9oTl1neo/q p2pkwIauKUSXH1flZhgATQnKPZnIh6XEIlnNxeLxAoGBAIS/rrEFKc9EMNsMJox+ hmEPMmc7OBi1TDCvpXzX2yJ0tv1RbrUaqXNrLYGR+cMjTTpQe8aIphph4J4CrqLX wQD3sj1GvUZ7FVC1/0so9IqPyl60c8B/Od21+QItJebgAUm4jSZ33WXVQ8Dhlmmx RpyUXVkf88PBxBdr/OW3u+0FAoGBAKNB/iZerxGiIhDGHxGvl5b+OkVbSu5fgScI 1MWiaizQ0m+E8fut3Ndxghd0ZeVxXhLrtFcuy3tShW7U1t7NBfROYs7chXNfHIcy 235+ito1LgW0+rZm8nM+sAM7mSRETCo4SNiEq0Ug35GuvHfqVjtyQPwOKY26j4qq Xd6b2wyRAoGBAMt9sWTgSKUKHnSoxtRG5Yy+g3GainjT4Lc1JUJjBGr7bYio2ZB/ L/W4H2mtZpkx0kYSI+TdzTJh9W15Ck1z+NmZxmCb2rbr4ESjQpWd/9G4MLO6tLtP sAk1hN1HMU2hXR+ObvtODXamUQjBq72WXpqVgyhIF2TMMVWEMQAdf8Lg -----END RSA PRIVATE KEY-----
Because of the potential for abuse, this file must have strict permissions: read/write for the user, and not accessible by others. Use the chown and chmod commands as follows:
chown vivek:vivek script
chmod 0700 script
Run the script as follows:
$ ./script
$ ./script uptime
Sample outputs:
07:46:03 up 13 days, 1:07, 1 user, load average: 0.00, 0.00, 0.00
See also:
- How to setup RSA and DSA based passwordless login.
- Sshpass: Use ssh password in a script.
- keychain: Set Up Secure Passwordless SSH Access For Backup Scripts
🐧 Get the latest tutorials on Linux, Open Source & DevOps via:
- RSS feed or Weekly email newsletter
- Share on Twitter • Facebook • 3 comments... add one ↓
Category | List of Unix and Linux commands |
---|---|
File Management | cat |
Firewall | Alpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04 |
Network Utilities | dig • host • ip • nmap |
OpenVPN | CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04 |
Package Manager | apk • apt |
Processes Management | bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time |
Searching | grep • whereis • which |
User Information | groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w |
WireGuard VPN | Alpine • CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04 |
Nice article and thanks for sharing it.
The shell script hack is tricky.
I strongly recommend encrypt your private key using:
This will ask you to set a passphrase for your key.
And incorporate the encrypted key into your shell script. It would look like this:
—–BEGIN RSA PRIVATE KEY—–
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,34B03A2FC16BDFAD
……………………………….
……………………………….
—–END RSA PRIVATE KEY—–
What does “${0##*/}” mean?