In Python, I would like to verify a pair of public/private keys which have a passphrase by command ssh-keygen -y -f. The code is as below,
#/usr/bin/env python3
...................
...................
command = "ssh-keygen -y -f {}".format(key1)
args = bytes("%s\n%s\n" % (psw, psw), encoding='utf8')
proc = subprocess.Popen(command, shell=True, stdin=subprocess.PIPE, stdout=subprocess.PIPE)
proc.communicate(input=args)
I thought subprocess.communicate(input=args) could answer the prompt with passphrase.
But I still got the prompt for password.
Any comments are welcome.
ssh-keygen has -P switch to provide a passphrase:
command = "ssh-keygen -y -f {} -P \"{}\"".format(key1, passphrase)
It's ok to use an empty passphrase (-P ""), when the key is not encrypted.
And if you use a wrong/empty passphrase (-P "wrong"), for an encrypted key, ssh-keygen will fail – it won't prompt you for a good passphrase again.