markdown 安全地从密码存储区获取SSH密钥的密码

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了markdown 安全地从密码存储区获取SSH密钥的密码相关的知识,希望对你有一定的参考价值。

This should be a blog post, and I'll make it one when I have more than 5 mins to spare. For instance these examples are hard-coded for my github SSH key, rather than parameterised.

Based on [this SO question](https://stackoverflow.com/questions/1340366/how-to-make-ssh-receive-the-password-from-stdin)

Rather than use `pass -c` to copy an SSH key passphrase to your system clipboard and then paste it at the ssh-askpass prompt (which is not very secure: any program can read the clipboard), you can use an `SSH_ASKPASS` script to retrieve the passphrase from [password store](https://www.passwordstore.org/) and give it to `ssh-add`.

1. Make a script that retrieves the passphrase from `pass` (which in turn will prompt for a master passphrase if needed, via GnuPG PinEntry):

```sh
#!/bin/bash
pass github/sinewalker|head -1
```

2. Use this as the `$SSH_ASKPASS` script to `ssh-add`.  Note the extra `$DISPLAY` environment variable and redirection trickery to convince ssh-add to use the script:

```sh
#!/bin/bash
export DISPLAY=dummy
export SSH_ASKPASS=/path/to/above/script
ssh-add /path/to/keys/github < /dev/null
```

以上是关于markdown 安全地从密码存储区获取SSH密钥的密码的主要内容,如果未能解决你的问题,请参考以下文章

markdown 如何使用SSH密钥验证而不是密码验证来“获取”私有存储库。

markdown 如何使用SSH密钥验证而不是密码验证来“获取”私有存储库。

如何使用带有密码的 SSH 密钥身份验证“去获取”私有存储库

markdown SSH使用原密钥生成新的无密码密钥

markdown 将SSH密钥密码导入Keychain

markdown 在git中缓存SSH密钥密码