0

I've got a standard command which I use from the CL to to share my key with a remote host (Raspberry Pi usually). So, using ssh user pi, I send my id_rsa.pub to 192.168.1.5 like this. 

cat ~/.ssh/id_rsa.pub | ssh pi@192.168.1.5 "mkdir -p ~/.ssh && cat >> ~/.ssh/authorized_keys"

And it works fine... Because I clear out the known hosts to be safe (with ssh-keygen -R 192.168.1.5) beforehand, I always get the fingerprint warning which I type "yes" (&enter) and then confirm Pi's password (&enter).

However, I'm trying to write it into an automated script (which is fed just the IP and the password) and I can't get it working. So far, I've been trying to prefix the command with variations of...

printf 'yes\n\PASSWORD\n' | SAME COMMAND AS ABOVE
yes | printf 'PASSWORD\n' | SAME COMMAND AS ABOVE

I assume it's an issue with all the redirection/piping but since I stole that command and understand roughly how it works, I'm not experienced enough to know why it's falling over. Any help would be greatly appreciated!

Jelby-John
  • 155
  • 1
  • 6
  • It's because password prompts are read from the TTY, not from stdin. – Charles Duffy Jun 07 '16 at 14:54
  • ...this is a very intentional security feature, by the way. You might take a close look at best-practice alternatives before bypassing it. – Charles Duffy Jun 07 '16 at 14:55
  • Also, I hope you aren't taking that password on the command line: Process command lines are readable to the entire system, including untrusted users like `nobody` (which is often used by daemons to run pre-authentication code it wants to mitigate attack risk for). – Charles Duffy Jun 07 '16 at 14:56
  • ...similarly, your "yes" can be made unnecessary by passing appropriate client options on the command line, exactly *which* option depending on what kind of prompt you're trying to bypass. – Charles Duffy Jun 07 '16 at 14:57

0 Answers0