Skip to content

Instantly share code, notes, and snippets.

@Luzifer

Luzifer/lpass-ssh.sh

Last active January 14, 2020 15:03
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save Luzifer/2f188ed3adc0f1b166f7 to your computer and use it in GitHub Desktop.
Save Luzifer/2f188ed3adc0f1b166f7 to your computer and use it in GitHub Desktop.
Download ZIP
`lpass-ssh` wrapper script #blog
Raw
lpass-ssh.sh
#!/bin/bash
KEY_NAME=$1
if ! ( which lpass > /dev/null ); then
echo "LastPass CLI is required."
exit 2
fi
# Require something to be passed to this command
if [ -z "${KEY_NAME}" ]; then
echo "You need to specify a key name."
exit 2
fi
# Try to find the passed key path / name
if ! [ -e "${KEY_NAME}" ]; then
if [ -e "${HOME}/.ssh/${KEY_NAME}" ]; then
KEY_NAME="${HOME}/.ssh/${KEY_NAME}"
else
echo "Could not find key file."
exit 1
fi
fi
# If this key is already in the agent we don't need to do anything
if ( ssh-add -l | grep -q "${KEY_NAME}" ); then
echo "Key already present."
exit 0
fi
# Retrieve key from LastPass
PWD=$(lpass show --field=Passphrase "SSH: $(basename ${KEY_NAME})")
# In case LastPass exitted non-zero we have no password
if ! [ $? -eq 0 ]; then
echo "Unable to get password. Not trying to unlock."
exit 1
fi
# Fill password to ssh-add utility
expect <<EOF >/dev/null
spawn ssh-add ${KEY_NAME}
expect "Enter passphrase"
send "$PWD\n"
expect eof
EOF
# Check whether the key was added to the agent
if ( ssh-add -l | grep -q "${KEY_NAME}" ); then
echo "Key successfully added."
exit 0
else
echo "Found passphrase but could not add key."
exit 1
fi
@odkr
Copy link

odkr commented Jan 14, 2020
edited

Did you consider that bash (and many other shells) implements here documents by way of temporary files?

The script

#!/bin/bash
cat <<EOF
Hello there!
EOF

makes, among others, these system calls:

PID/THRD SYSCALL(args) = return
[...]
83002/0x1f567f: stat64("/var/tmp/\0", 0x7FFEE4A11C38, 0x0) = 0 0
83002/0x1f567f: access("/var/tmp/\0", 0x2, 0x0) = 0 0
83002/0x1f567f: pathconf("/var/tmp/\0", 0x4, 0x0) = 255 0
83002/0x1f567f: open("/var/tmp//sh-thd-1578936516\0", 0xE01, 0x180) = 3 0
83002/0x1f567f: dup(0x3, 0x0, 0x0) = 4 0
83002/0x1f567f: fcntl_nocancel(0x4, 0x3, 0x0) = 1 0
83002/0x1f567f: fstat64(0x4, 0x7FFEE4A11F88, 0x0) = 0 0
83002/0x1f567f: close_nocancel(0x4) = 0 0
83002/0x1f567f: open("/var/tmp//sh-thd-1578936516\0", 0x0, 0x180) = 4 0
83002/0x1f567f: close(0x3) = 0 0
83002/0x1f567f: unlink("/var/tmp//sh-thd-1578936516\0", 0x0, 0x0) = 0 0
83002/0x1f567f: dup2(0x4, 0x0, 0x0) = 0 0
83002/0x1f567f: close(0x4) = 0 0

On my macOS, that is.

~$ uname -v
Darwin Kernel Version 18.7.0: Sun Dec  1 18:59:03 PST 2019; root:xnu-4903.278.19~1/RELEASE_X86_64
~$ bash --version
GNU bash, version 3.2.57(1)-release (x86_64-apple-darwin18)
Copyright (C) 2007 Free Software Foundation, Inc.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment