`knife ssh` to multiple servers with passphrase on key


#1

Hello guys,

I’m having some issues using “knife ssh” with an identity file that needs
to be unlocked with a passphrase.

I would expect to be prompted for the passphrase just once, but that’s not
happening, Instead I’m getting prompted for every server I’m trying to
connect to, all at the same time. (As a side effect, this also breaks the
shell until I run ‘reset’).

For example:

[chef@inf-01 ~]# knife ssh -p2020 -x root ‘name:*’ 'ls -a’
Enter passphrase for /var/chef/.ssh/id_rsa: Enter passphrase for
/var/chef/.ssh/id_rsa: Enter passphrase for /var/chef/.ssh/id_rsa: Enter
passphrase for /var/chef/.ssh/id_rsa: Enter passphrase for
/var/chef/.ssh/id_rsa: Enter passphrase for /var/chef/.ssh/id_rsa: Enter
passphrase for /var/chef/.ssh/id_rsa: Enter passphrase for
/var/chef/.ssh/id_rsa: Enter passphrase for /var/chef/.ssh/id_rsa: Enter
passphrase for /var/chef/.ssh/id_rsa: Enter passphrase for
/var/chef/.ssh/id_rsa: Enter passphrase for /var/chef/.ssh/id_rsa: Enter
passphrase for /var/chef/.ssh/id_rsa: Enter passphrase for
/var/chef/.ssh/id_rsa:

I’ve tried it with -C1 but that also breaks (and negates any advantages of
using knife ssh in the first place, IMO!)

[chef@inf-01 ~]# knife ssh -C1 -p2020 -x root ‘name:*’ 'ls -a’
Enter passphrase for /var/chef/.ssh/id_rsa:
ks-02.os.ecloud.ukfast.net . … .bash_history .bashrc .cache .gem
.profile .ssh
Enter passphrase for /var/chef/.ssh/id_rsa: Enter passphrase for
/var/chef/.ssh/id_rsa: Enter passphrase for /var/chef/.ssh/id_rsa: Enter
passphrase for /var/chef/.ssh/id_rsa: Enter passphrase for
/var/chef/.ssh/id_rsa: Enter passphrase for /var/chef/.ssh/id_rsa: Enter
passphrase for /var/chef/.ssh/id_rsa: Enter passphrase for
/var/chef/.ssh/id_rsa: Enter passphrase for /var/chef/.ssh/id_rsa: Enter
passphrase for /var/chef/.ssh/id_rsa: Enter passphrase for
/var/chef/.ssh/id_rsa: Enter passphrase for /var/chef/.ssh/id_rsa:

Using the -P option doesn’t work as that’s for the SSH session itself, not
the passphrase to the key.

Any idea how I can get around this?

Thanks

Dane


#2

Use ssh-agent to load the passphrase into memory before running knife ssh,
and then kill ssh-agent afterwards?


~~ StormeRider ~~

“Every world needs its heroes […] They inspire us to be better than we
are. And they protect from the darkness that’s just around the corner.”

(from Smallville Season 6x1: “Zod”)

On why I hate the phrase “that’s so lame”… http://bit.ly/Ps3uSS

On Fri, Feb 22, 2013 at 11:45 AM, Dane Elwell mlist@xiol.co.uk wrote:

Hello guys,

I’m having some issues using “knife ssh” with an identity file that needs
to be unlocked with a passphrase.

I would expect to be prompted for the passphrase just once, but that’s not
happening, Instead I’m getting prompted for every server I’m trying to
connect to, all at the same time. (As a side effect, this also breaks the
shell until I run ‘reset’).

For example:

[chef@inf-01 ~]# knife ssh -p2020 -x root ‘name:*’ 'ls -a’
Enter passphrase for /var/chef/.ssh/id_rsa: Enter passphrase for
/var/chef/.ssh/id_rsa: Enter passphrase for /var/chef/.ssh/id_rsa: Enter
passphrase for /var/chef/.ssh/id_rsa: Enter passphrase for
/var/chef/.ssh/id_rsa: Enter passphrase for /var/chef/.ssh/id_rsa: Enter
passphrase for /var/chef/.ssh/id_rsa: Enter passphrase for
/var/chef/.ssh/id_rsa: Enter passphrase for /var/chef/.ssh/id_rsa: Enter
passphrase for /var/chef/.ssh/id_rsa: Enter passphrase for
/var/chef/.ssh/id_rsa: Enter passphrase for /var/chef/.ssh/id_rsa: Enter
passphrase for /var/chef/.ssh/id_rsa: Enter passphrase for
/var/chef/.ssh/id_rsa:

I’ve tried it with -C1 but that also breaks (and negates any advantages of
using knife ssh in the first place, IMO!)

[chef@inf-01 ~]# knife ssh -C1 -p2020 -x root ‘name:*’ 'ls -a’
Enter passphrase for /var/chef/.ssh/id_rsa:
ks-02.os.ecloud.ukfast.net . … .bash_history .bashrc .cache .gem
.profile .ssh
Enter passphrase for /var/chef/.ssh/id_rsa: Enter passphrase for
/var/chef/.ssh/id_rsa: Enter passphrase for /var/chef/.ssh/id_rsa: Enter
passphrase for /var/chef/.ssh/id_rsa: Enter passphrase for
/var/chef/.ssh/id_rsa: Enter passphrase for /var/chef/.ssh/id_rsa: Enter
passphrase for /var/chef/.ssh/id_rsa: Enter passphrase for
/var/chef/.ssh/id_rsa: Enter passphrase for /var/chef/.ssh/id_rsa: Enter
passphrase for /var/chef/.ssh/id_rsa: Enter passphrase for
/var/chef/.ssh/id_rsa: Enter passphrase for /var/chef/.ssh/id_rsa:

Using the -P option doesn’t work as that’s for the SSH session itself, not
the passphrase to the key.

Any idea how I can get around this?

Thanks

Dane


#3

yeah, thats one option, also you can prepare a password less private key
from the current with password private key, using the -p option , (not sure
but you can try the ASK_PASS environment variable).

On Fri, Feb 22, 2013 at 11:49 AM, Morgan Blackthorne
stormerider@gmail.comwrote:

Use ssh-agent to load the passphrase into memory before running knife ssh,
and then kill ssh-agent afterwards?


~~ StormeRider ~~

“Every world needs its heroes […] They inspire us to be better than we
are. And they protect from the darkness that’s just around the corner.”

(from Smallville Season 6x1: “Zod”)

On why I hate the phrase “that’s so lame”… http://bit.ly/Ps3uSS

On Fri, Feb 22, 2013 at 11:45 AM, Dane Elwell mlist@xiol.co.uk wrote:

Hello guys,

I’m having some issues using “knife ssh” with an identity file that needs
to be unlocked with a passphrase.

I would expect to be prompted for the passphrase just once, but that’s
not happening, Instead I’m getting prompted for every server I’m trying to
connect to, all at the same time. (As a side effect, this also breaks the
shell until I run ‘reset’).

For example:

[chef@inf-01 ~]# knife ssh -p2020 -x root ‘name:*’ 'ls -a’
Enter passphrase for /var/chef/.ssh/id_rsa: Enter passphrase for
/var/chef/.ssh/id_rsa: Enter passphrase for /var/chef/.ssh/id_rsa: Enter
passphrase for /var/chef/.ssh/id_rsa: Enter passphrase for
/var/chef/.ssh/id_rsa: Enter passphrase for /var/chef/.ssh/id_rsa: Enter
passphrase for /var/chef/.ssh/id_rsa: Enter passphrase for
/var/chef/.ssh/id_rsa: Enter passphrase for /var/chef/.ssh/id_rsa: Enter
passphrase for /var/chef/.ssh/id_rsa: Enter passphrase for
/var/chef/.ssh/id_rsa: Enter passphrase for /var/chef/.ssh/id_rsa: Enter
passphrase for /var/chef/.ssh/id_rsa: Enter passphrase for
/var/chef/.ssh/id_rsa:

I’ve tried it with -C1 but that also breaks (and negates any advantages
of using knife ssh in the first place, IMO!)

[chef@inf-01 ~]# knife ssh -C1 -p2020 -x root ‘name:*’ 'ls -a’
Enter passphrase for /var/chef/.ssh/id_rsa:
ks-02.os.ecloud.ukfast.net . … .bash_history .bashrc .cache
.gem .profile .ssh
Enter passphrase for /var/chef/.ssh/id_rsa: Enter passphrase for
/var/chef/.ssh/id_rsa: Enter passphrase for /var/chef/.ssh/id_rsa: Enter
passphrase for /var/chef/.ssh/id_rsa: Enter passphrase for
/var/chef/.ssh/id_rsa: Enter passphrase for /var/chef/.ssh/id_rsa: Enter
passphrase for /var/chef/.ssh/id_rsa: Enter passphrase for
/var/chef/.ssh/id_rsa: Enter passphrase for /var/chef/.ssh/id_rsa: Enter
passphrase for /var/chef/.ssh/id_rsa: Enter passphrase for
/var/chef/.ssh/id_rsa: Enter passphrase for /var/chef/.ssh/id_rsa:

Using the -P option doesn’t work as that’s for the SSH session itself,
not the passphrase to the key.

Any idea how I can get around this?

Thanks

Dane


#4

I’ve been using this project for ~10 years, and it solves this problem.

On Fri, Feb 22, 2013 at 1:57 PM, Ranjib Dey dey.ranjib@gmail.com wrote:

yeah, thats one option, also you can prepare a password less private key
from the current with password private key, using the -p option , (not sure
but you can try the ASK_PASS environment variable).

On Fri, Feb 22, 2013 at 11:49 AM, Morgan Blackthorne <
stormerider@gmail.com> wrote:

Use ssh-agent to load the passphrase into memory before running knife
ssh, and then kill ssh-agent afterwards?


~~ StormeRider ~~

“Every world needs its heroes […] They inspire us to be better than we
are. And they protect from the darkness that’s just around the corner.”

(from Smallville Season 6x1: “Zod”)

On why I hate the phrase “that’s so lame”… http://bit.ly/Ps3uSS

On Fri, Feb 22, 2013 at 11:45 AM, Dane Elwell mlist@xiol.co.uk wrote:

Hello guys,

I’m having some issues using “knife ssh” with an identity file that
needs to be unlocked with a passphrase.

I would expect to be prompted for the passphrase just once, but that’s
not happening, Instead I’m getting prompted for every server I’m trying to
connect to, all at the same time. (As a side effect, this also breaks the
shell until I run ‘reset’).

For example:

[chef@inf-01 ~]# knife ssh -p2020 -x root ‘name:*’ 'ls -a’
Enter passphrase for /var/chef/.ssh/id_rsa: Enter passphrase for
/var/chef/.ssh/id_rsa: Enter passphrase for /var/chef/.ssh/id_rsa: Enter
passphrase for /var/chef/.ssh/id_rsa: Enter passphrase for
/var/chef/.ssh/id_rsa: Enter passphrase for /var/chef/.ssh/id_rsa: Enter
passphrase for /var/chef/.ssh/id_rsa: Enter passphrase for
/var/chef/.ssh/id_rsa: Enter passphrase for /var/chef/.ssh/id_rsa: Enter
passphrase for /var/chef/.ssh/id_rsa: Enter passphrase for
/var/chef/.ssh/id_rsa: Enter passphrase for /var/chef/.ssh/id_rsa: Enter
passphrase for /var/chef/.ssh/id_rsa: Enter passphrase for
/var/chef/.ssh/id_rsa:

I’ve tried it with -C1 but that also breaks (and negates any advantages
of using knife ssh in the first place, IMO!)

[chef@inf-01 ~]# knife ssh -C1 -p2020 -x root ‘name:*’ 'ls -a’
Enter passphrase for /var/chef/.ssh/id_rsa:
ks-02.os.ecloud.ukfast.net . … .bash_history .bashrc .cache
.gem .profile .ssh
Enter passphrase for /var/chef/.ssh/id_rsa: Enter passphrase for
/var/chef/.ssh/id_rsa: Enter passphrase for /var/chef/.ssh/id_rsa: Enter
passphrase for /var/chef/.ssh/id_rsa: Enter passphrase for
/var/chef/.ssh/id_rsa: Enter passphrase for /var/chef/.ssh/id_rsa: Enter
passphrase for /var/chef/.ssh/id_rsa: Enter passphrase for
/var/chef/.ssh/id_rsa: Enter passphrase for /var/chef/.ssh/id_rsa: Enter
passphrase for /var/chef/.ssh/id_rsa: Enter passphrase for
/var/chef/.ssh/id_rsa: Enter passphrase for /var/chef/.ssh/id_rsa:

Using the -P option doesn’t work as that’s for the SSH session itself,
not the passphrase to the key.

Any idea how I can get around this?

Thanks

Dane


Charles Sullivan
charlie.sullivan@gmail.com