112

I would like to create script, which simply runs ssh-keygen -t rsa. But how to pass to it 3 times enter?

Charles Duffy
  • 280,126
  • 43
  • 390
  • 441
Sławosz
  • 11,187
  • 15
  • 73
  • 106

5 Answers5

234

Try:

ssh-keygen -t rsa -N "" -f my.key

-N "" tells it to use an empty passphrase (the same as two of the enters in an interactive script)

-f my.key tells it to store the key into my.key (change as you see fit).

The whole thing runs without you needing to supply any enter keys :)

To send enters to an interactive script:

echo -e "\n\n\n" | ssh-keygen -t rsa
Rudu
  • 15,682
  • 4
  • 47
  • 63
  • 4
    It is correct anwser, but i still would like to know how to press enter more then one time - in another script. – Sławosz Sep 07 '10 at 14:45
  • 3
    Sure thing - updated the answer to include how to send newlines to a script. – Rudu Sep 07 '10 at 14:47
  • 2
    echo -e "\n\n\n" | sshkeygen -t rsa is not working for me, can you try it yourself? It pass only first enter. But on other, simple script it works. – Sławosz Sep 08 '10 at 10:00
  • 1
    I tested it before I posted it - it works fine, although it looks like the dash from `ssh-keygen` got dropped - did you add that back in? {edited} Also - you can't run the script more than once - it changes the questions to confirm you want to overwrite the existing `_rsa` keyfile (so a y or n needs to be supplied) – Rudu Sep 08 '10 at 13:23
  • 13
    I'd recommend using `yes ""` instead of `echo -e "\n\n\n"` (`yes` outputs whatever argument is given [or "y" by default] in infinity – perfect for these situations where one just want to provide a "yes" answer to whatever a program might prompt for). `yes` is shorter, and should `ssh-keygen` ever add a question, that will automatically be answered in too. :) – zrajm Apr 24 '15 at 11:08
  • @zrajm how would that be used? `yes "" | ssh-keygen...` ? because it doesn't seem to work – eis Mar 23 '16 at 14:33
  • 'yes "y"|...` didn't work. Only sent it to the first prompt. – Mannix Jul 23 '18 at 17:52
  • I've tested all the above. None work. This works: `echo -e "\n"|ssh-keygen -t rsa -N ""` – Mannix Jul 23 '18 at 17:56
  • 1
    `echo -e` isn't *guaranteed* to work at all -- even in bash, it will just echo `-e` as literal output when both `xpg_echo` and `posix` flags are enabled; non-bash shells may treat it that way out-of-the-box. `printf '\n'` is much more reliable. See the APPLICATION USAGE section of [the POSIX `echo` spec](http://pubs.opengroup.org/onlinepubs/9699919799/utilities/echo.html). – Charles Duffy Jul 23 '18 at 18:04
  • I made slight modification so I could use this for GitHub - `echo -e "\n\n\n" | ssh-keygen -t rsa -b 4096 -C "myemail@someaccount.com"`. Worked great. Thanks @Rudu – AnnawanDev Jan 03 '19 at 21:15
  • For Windows use `-N '""'` https://stackoverflow.com/questions/10767488/automate-ssh-keygen-t-rsa-so-it-does-not-ask-for-a-passphrase/14946700 – JohnLBevan Aug 11 '20 at 16:33
22

a version with passphrase is:

$ ssh-keygen -t rsa -b 4096 -C "comment" -P "examplePassphrase" -f "desired pathAndName" -q
  • the -q is for silent

Source is http://linux.die.net/man/1/ssh-keygen

Michel Marro
  • 347
  • 2
  • 6
3

Agree with Michel Marro except that it needs some more: If the file already exists, it will still be interactive asking if it has to overwrite it.

Use the answer of this question.

yes y | ssh-keygen -q -t rsa -N '' >/dev/null

The redirection to null is necessary to silence the overwrite message.

shamox
  • 178
  • 1
  • 5
2

It is recommended to use ed25519 for security and performance.

yes "y" | ssh-keygen -o -a 100 -t ed25519 -C "Bla Bla" -f /mypath/bla -N ""

here

-o OpenSSH key format instead of older PEM (needs OpenSSH 6.5+)

-a Number of primality test while screening DH-GEX candidates

-t Type of key (ed25519, RSA, DSA etc.)

-f /mypath/bla The output file path and name

-N "" Use empty passphase

and yes "y" for no interaction.

It will generate two files

/mypath/bla
/mypath/bla.pub

where the bla file is private and bla.pub is public.

Madan Sapkota
  • 25,047
  • 11
  • 113
  • 117
1
echo -e "\n"|ssh-keygen -t rsa -N ""
Mannix
  • 411
  • 10
  • 23
  • Eh? This actually has *fewer* newlines than one of the answers you claim don't work (and that's on the subset of platforms where `echo -e` emits something other than `-e` at all, which is not everywhere `ssh-keygen` is available). – Charles Duffy Jul 23 '18 at 18:07
  • ...to be clear, I make production use of `ssh-keygen -N ''` as part of an automated install procedure, and it doesn't read stdin at all, so there's no need for the `echo` (*any* `echo` variant) piped into it. (Granted, I believe stdin is connected to `/dev/null` in my production use case; there could well be different behavior when it's attached to a TTY, but the better answer is ` – Charles Duffy Jul 23 '18 at 18:10
  • 2
    It prompts me for a filename: `$ ssh-keygen -t rsa -N '' Generating public/private rsa key pair. Enter file in which to save the key (/home/dlyons/.ssh/id_rsa):` – Mannix Jul 24 '18 at 22:36