0

When applying the solution

ssh-keygen -t rsa -N "" -f my.key

to Automating "enter" keypresses for bash script generating ssh keys in Python 3 I stumbled over the following issue:

sp.check_call(["ssh-keygen", "-t", "rsa", "-N", "\"\"", "-f", "my.key"])

as well as

sp.check_call(["ssh-keygen", "-t", "rsa", "-N", "''", "-f", "my.key"])

fail due to

Saving key "my.key" failed: passphrase is too short (minimum five characters)

and

sp.check_call(["ssh-keygen", "-t", "rsa", "-N", "", "-f", "my.key"])

causes ssh-keygen to prompt for the key which should be avoided by passing -N "".

What the pythonic way to acchieve the command receiving -N ""? I'm aware of the possibility to pass the command and arguments as one string which would probably solve this or take another approach from the answers to the referenced questions. I want to broaden my Python knowledge.

martineau
  • 119,623
  • 25
  • 170
  • 301
Kalle Richter
  • 8,008
  • 26
  • 77
  • 177
  • The last one should be correct. – chepner Jul 20 '19 at 17:16
  • `""` is the option equivalent to what you did on the command line. If that's producing results different from writing `-N ""` on the command line, there's something else going on. Maybe you passed `shell=True` when you shouldn't have, or maybe `ssh-keygen` behaves differently when not connected to a tty. – user2357112 Jul 20 '19 at 17:16
  • Cannot reproduce in macOS 10.14; what operating system are you using? – chepner Jul 20 '19 at 17:18
  • 1
    It looks like you retyped these lines by hand (for example, there are several missing quotation marks that would have produced a SyntaxError rather than the results you describe). We need to see something you have actually run, and the results you actually got when you ran it. It doesn't have to be the full, original program that caused you to ask this question; you can strip it down, as long as you run what you post. – user2357112 Jul 20 '19 at 17:19
  • @user2357112 You're right, however the missing closing quotes come from replacing a variable with `"ssh-keygen"`. I figured it out anyway - not a great satisfaction, but still clarity. – Kalle Richter Jul 20 '19 at 17:26
  • To be clear, when you run `-N ""` in the shell, the quotes are not ever actually passed to `ssh-keygen`; they're consumed by the shell itself, which puts an empty string in the argument list passed to the `execve` syscall. – Charles Duffy Jul 20 '19 at 17:27
  • @CharlesDuffy I agree, however, it leads to the expected result/behavior of ssh-keygen, see my answer below. I should have done better research outside Docker image `google/cloud-sdk` before opening the question. – Kalle Richter Jul 20 '19 at 17:28
  • Yes -- your answer is equivalent, because it too does not pass any quotes to `ssh-keygen`, but only passes an empty string; the quotes are Python syntax, just as in the original they're shell syntax, and in neither case are they literals. – Charles Duffy Jul 20 '19 at 18:35

1 Answers1

0
sp.check_call(["ssh-keygen", "-t", "rsa", "-N", "", "-f", "my.key"])

works on the command line as well as in the Docker image python:3, but not when the code is invoked in a script which is invoke with python3 script.py inside the Docker image google/cloud-sdk.

That's interesting, but probably caused by different behaviour if tty is missing as stated in some comments.

Kalle Richter
  • 8,008
  • 26
  • 77
  • 177