我正在尝试编写一个脚本来从Mac钥匙串中获取密码,并使用该脚本将密码保护的钥匙添加到钥匙串中(使用ssh-add)。它打算成为zsh来源的脚本集合的一部分。目前,我的脚本是这样的
cat <<EOF | expect -d
set password [exec /usr/bin/security find-generic-password -s SSH -w]
puts "$password"
spawn -noecho /usr/bin/ssh-add $::env(HOME)/.ssh/id_ecdsa
expect -timeout 3 "Enter passphrase for"
send "$password\r"
interact
EOF
puts "$password"仅用于调试目的。我得到以下结果
$ source .zshrc.d/090_ssh_keys
Password:
Enter passphrase for /Users/james.dominy/.ssh/id_ecdsa:
$ ssh-add -l
The agent has no identities.
如您所见,未设置password变量;我尝试更改变量名称,并且作为调试工作,我尝试将其设置为数字(set password 1)和字符串文字(set password "a"),但这些都不起作用。但是,如果我将其剪切并粘贴到交互式的“期望会话”中,则一切都会按预期运行
expect1.1> set password [exec /usr/bin/security find-generic-password -s SSH -w]
**********
expect1.2> puts $password
**********
expect1.3> spawn -noecho /usr/bin/ssh-add $::env(HOME)/.ssh/id_ecdsa
89080
expect1.4> expect -timeout 3 "Enter passphrase for"
Enter passphrase for /Users/sirlark/.ssh/id_ecdsa: expect1.5> send "$password\r"
expect1.6> interact
Identity added: /Users/sirlark/.ssh/id_ecdsa (sirlark main ssh key)
expect1.7> %
密码明显不明显,但这是可行的。为什么?