Script execution pauses for passphrase protected keys

[srm09]

Problem

For passphrase protected keys, the script execution pauses for the script operator to enter the passphrase. The only way to avoid this is to add the key to the default ssh-agent prior to the script execution.

If the user wants to use the Internal Crashd Agent, there is no way to bypass the passphrase prompt. It would be helpful to add a way to provide the passphrase in the key.

Possible Solution

Introduce a new directive ssh_key which has the following:

• path ==> points to the path of the key file
• passphrase ==> string input for the passphrase of the key
• passphrase-file ==> path of the file containing the passphrase

This ssh_key struct can then be passed to the ssh_config instead of just passing the private_key_pathto the ssh_config.

[vladimirvivien]

@srm09 I don't think it would be good to (encourage) store passphrase in a file. There is no way around it, key requires a passphrase the user must enter it. It probably is a good idea to enter in at standard input masked. That way crashd does not have to handle it. I think good documentation explaining this is enough.

[srm09]

The idea was to introduce a non-interactive way of running crashd with passphrase protected keys.

[vladimirvivien]

Yes, I dont know if there is a safe around it. And definitely storing of passphrase is a no no.