How to Execute Ssh-Keygen Without Prompt

How to execute ssh-keygen without prompt

We need to accomplish two steps automatically:

Enter a passphrase. Use the -N flag (void string for this example):
ssh-keygen -t rsa -N ''
Overwrite the key file:

Use -f to enter the path (in this example id_rsa) plus a here-string to answer yes to the following question:

ssh-keygen -q -t rsa -N '' -f ~/.ssh/id_rsa <<<y >/dev/null 2>&1

Or, under a bash like shell, If you certainly want to overwrite the previous one, use just a here-string to feed the command with all the need input:

ssh-keygen -q -t rsa -N '' <<< $'\ny' >/dev/null 2>&1

From ssh-keygen man page:

  -N new_passphrase provides the new passphrase.
  -q                silence ssh-keygen.
  -f filename       specifies the filename of the key file.

Step by step explanation

$ ssh-keygen -t rsa
Generating public/private rsa key pair.
Enter file in which to save the key (/home/klashxx/.ssh/id_rsa):

1) To avoid entering the key use -f:

$ ssh-keygen -t rsa -f ~/.ssh/id_rsa
Generating public/private rsa key pair.
/home/klashxx/.ssh/id_rsa already exists.
Overwrite (y/n)?

ATTENTION: If you don't care about the RSA file name and certainly want to overwrite the previous one, check the instructions below point four.

2) Now we need to answer "y" automatically to the overwrite question (let's use a here-string for that job):

$ ssh-keygen -t rsa -f ~/.ssh/id_rsa <<< y
Generating public/private rsa key pair.
/home/klashxx/.ssh/id_rsa already exists.
Overwrite (y/n)? Enter passphrase (empty for no passphrase):

3) Finally we're going to use the -N flag to enter a void pass:

$ ssh-keygen -t rsa -N '' -f ~/.ssh/id_rsa <<< y
Generating public/private rsa key pair.
/home/klashxx/.ssh/id_rsa already exists.
Overwrite (y/n)? Your identification has been saved in /home/klashxx/.ssh/id_rsa.
Your public key has been saved in /home/klashxx/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:Xo0t6caMB/8TSsigxfY28JIfqYjyqxRZrFrPncx5yiU klashxx@server
The key's randomart image is:
+---[RSA 2048]----+
|                 |
|  .              |
|   o .           |
|  +   *    =     |
| +.  + BSo= o    |
|...o.+o+XO...    |
|.. .o.E==+B. .   |
|o . ...=.o...    |
|.+o.  o     ..   |
+----[SHA256]-----+

4) Extra ball, cleanup the output, just check the return code:

$ ssh-keygen -q -t rsa -N '' -f ~/.ssh/id_rsa <<<y >/dev/null 2>&1
$ echo $?
0

An alternative path to overwrite the previous RSA file (no -f flag needed)

NOTE: Only bash like shells.

If you don't care about the RSA name and just want to overwrite it, we need to answer these two questions automatically:

Enter file in which to save the key: /example/path/.ssh/id_rsa already exists.
Overwrite (y/n)?

If we do this by hand, for the first question we just need to hit enter, and for the second, type y and press enter.

We can simulate these actions by using the following here-string:

$'\ny'

From the bash man page:

Words of the form $'string' are treated specially. The word expands to
"string", with backslash-escaped characters replaced as specified by
the ANSI C standard.
\n new line

So, if we use od to analyze our string:

cat - <<< $'\ny' | od -c
0000000  \n   y  \n

We see that we're getting just what we need to answer the questions.

Points 1 and 2 can be summarized into:

ssh-keygen -q -t rsa  <<< $'\ny'

And the final command will be:

$ ssh-keygen -q -t rsa -N '' <<< $'\ny' >/dev/null 2>&1
$ echo $?
0

Kudos

@lukasz-dynowski, @redochka, @mellow-yellow, @yeti and the rest of the folks in this thread.

How to overwrite existing SSH key file using ssh-keygen and PowerShell without typing y

Try Write-Output instead of Write-Host:

Write-Output "y" | ssh-keygen.exe -f .\test -N "blahblah"

Sample Image

Automating enter keypresses for bash script generating ssh keys

Try:

ssh-keygen -t rsa -N "" -f my.key

-N "" tells it to use an empty passphrase (the same as two of the enters in an interactive script)

-f my.key tells it to store the key into my.key (change as you see fit).

The whole thing runs without you needing to supply any enter keys :)

To send enters to an interactive script:

echo -e "\n\n\n" | ssh-keygen -t rsa

How to generate an ssh key for logging into a server without a password

On the client machine you wish to login from, run ssh-keygen. For a quick and easy key, just hit enter on all of the questions. This will create a key pair in ~/.ssh. Specifically, ~/.ssh/id_rsa is your private key (keep this one safe), and ~/.ssh/id_rsa.pub is your public key (okay to distribute).

Copy your public key (~/.ssh/id_rsa.pub) onto the server that you wish to login to (e.g. scp ~/.ssh/id_rsa.pub me@myserver:. On the server, run cat id_rsa.pub >> .ssh/authorized_keys. To make sure that it has the correct permissions, you can run chmod 644 ~/.ssh/authorized_keys. Also, you can now delete the id_rsa.pub file that you copied over.

That's it! You should have password-less login from client to server. You must repeat the process with client and server swapped if you want password-less login from server to client.

Notes:

If the ~/.ssh directory does not exist on your server, the best way to create it is to ssh from the server to some other machine (e.g. the client). This will ensure that it has the correct permissions.
If you are paranoid about someone getting access to the client, you can password protect the key (one of the prompts when running ssh-keygen), but then you will have to enter that password every time you log in. The solution to this problem is to use ssh-agent.

Automate SSH without using public key authentication or expect(1)

Use sshpass.

For example, when password is in password.txt file:

sshpass -fpassword.txt ssh username@hostname

(taken from the answer to a similar question)

How to Execute Ssh-Keygen Without Prompt