I'm trying to set up my shell to automatically run ssh-add and read the passphrase for my SSH key from a file. I found a shell script that should work, which involves using `ssh-agent` and `expect`, but I've run into a bit of an issue. The `expect` command spawns a subshell, so when it executes, the `ssh-agent` that was started loses the stored passphrase. I thought of a workaround: instead of running the `ssh-agent` in the script, I added it to my .bashrc before calling the script. Does this sound okay? Also, I'm worried about the security of my setup. Sorry for the edits; the forum's editing tools are a bit tricky!
1 Answer
Your workaround seems a bit risky. If the key is exposed, anyone can get access to the passphrase. It might be safer to use something like a keyring, which can automatically manage the SSH agent for you without needing to store your passphrase in a file. If you’re looking for unattended access, think about removing the passphrase altogether. Can you share why you're aiming for that specific setup? There could be a better approach than this.
Exactly! If you're just automating tasks, consider whether you really need a passphrase on the key at all. It's a trade-off between convenience and security.