Navigation Menu

Skip to content

Instantly share code, notes, and snippets.

@sinewalker

sinewalker/ssh-add-pass.md

Last active January 23, 2019 20:49
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save sinewalker/d055fe92f20151ee5921cb7562a20806 to your computer and use it in GitHub Desktop.
Save sinewalker/d055fe92f20151ee5921cb7562a20806 to your computer and use it in GitHub Desktop.
Download ZIP
Get passphrase for an SSH key from password store, securely
Raw
ssh-add-pass.md

This should be a blog post, and I'll make it one when I have more than 5 mins to spare. For instance these examples are hard-coded for my github SSH key, rather than parameterised.

Based on this SO question

Rather than use pass -c to copy an SSH key passphrase to your system clipboard and then paste it at the ssh-askpass prompt (which is not very secure: any program can read the clipboard), you can use an SSH_ASKPASS script to retrieve the passphrase from password store and give it to ssh-add.

  1. Make a script that retrieves the passphrase from pass (which in turn will prompt for a master passphrase if needed, via GnuPG PinEntry):
#!/bin/bash
pass github/sinewalker|head -1
  1. Use this as the $SSH_ASKPASS script to ssh-add. Note the extra $DISPLAY environment variable and redirection trickery to convince ssh-add to use the script:
#!/bin/bash
export DISPLAY=dummy
export SSH_ASKPASS=/path/to/above/script
ssh-add /path/to/keys/github < /dev/null
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment