SSH Keys on a USB jump drive on Mac OS X Part 2

All right! You read my post SSH Keys on a USB jump drive on Mac OS X (Mountain Lion Edition) and want to take this to the next level huh? Maybe having your config posting back to a jump drive and having to have it plugged in every time you want to log into something is sooooo lame! You often just leave it there, plugged in when you walk away from your work station. There has to be a better way…

I got you bro

What you need to be doing is adding your keys to ssh-agent on demand then pulling your key except for when you REALLY need it. But how do you do that easily?

I got you bro


Lets start with the basics. PuTTY Download Page - Pageant

The cool part is that Pageant remembers your keys so if you pin it to the start menu then it’s highlight, over enter, password… you get the point.

The shitty part is it keeps that key loaded until you reboot. That’s ULTRA fucking weak. Sorry windows. If anyone knows better give me a shout out.


Linux is easier and way better. Lets assume you do everything in the command line so.

alias loadkey=ssh-add -t 30m /mnt/whatever/ssh/$1

then all you have to do is

loadkey keyname

then POW!!! for 30 minutes you have you key loaded. See the 30m in the command? Change that for maximum moddage of commands. Are you a lazy brogrammer slash skriptkiddie and need the time format table?

Bro… got… you are… by me

<none>  seconds
s | S   seconds
m | M   minutes
h | H   hours
d | D   days
w | W   weeks

Time format examples:
600     600 seconds (10 minutes)
10m     10 minutes
1h30m   1 hour 30 minutes (90 minutes)

Damn! Yea….


Ok, this is where the gold is. I slaved over a hot mess of applescript to you guys this so feel the love bro. Since it’s my Mac and I wanted key exchange to be as easy as possible I pulled out all my scripting to invoke MAXIMUM lazy.

Maximum lazy engage!

Ok. To start there is no ssh-askpass on Mac OS X Mountain Lion which is fairly un-bro of apple but whatever. I replaced it with an applescript I stole and slightly tweaked to run better.

Take this, it’s dangerous to go alone. onlyhavecans/mac-ssh-askpass · GitHub

Just put it in ~/Applications like me or /usr/local/bin or where ever makes you warmest and fuzziest inside. Either way don’t forget where you put our makeshift ssh-askpass

Now break out the applescript editor and take this puppy for a ride.

This key adding mini program indexes the keyfiles on your jump drive
then prompts you for what one you want to load into ssh-agent

You need mac-ssh-addpass for this to work as well

property keyFolder : "KEYDRIVE:ssh"
property askPass : "$HOME/Applications/ssh-askpass"
property keyTime : "1h"

tell application "System Events"
  set theList to the name of every item of folder keyFolder
  set theKeys to {}
  repeat with i from 1 to the count of theList
    set theFile to {item i of theList}
    if (theFile as string) ends with "pem" or (theFile as string) ends with "_dsa" or (theFile as string) ends with "_rsa" then
      set end of theKeys to theFile
    end if
  end repeat

  set frontApp to short name of first process whose frontmost is true
  tell application frontApp
    set theKey to choose from list theKeys with title "Choose your Destiny" with prompt "What Key do you want to activate for " & keyTime default items {first item of theKeys} without empty selection allowed and multiple selections allowed
  end tell

  do shell script "SSH_ASKPASS=" & askPass & " /usr/bin/ssh-add -t " & keyTime & " \"" & {POSIX path of folder keyFolder} & "/" & theKey & "\""
end tell

Now pay attention or this will hurt.

The keyFolder property is in Apple’s format because it just worked better that way. It needs to point to the folder that has all your key files. The format is drive:folder:subfolder:youget:theidea. Now make sure to set that and the location of our new ask-pass. Also because I was a lazy scripter the filter is hardcoded. If your key files end in anything other than .pem, _rsa, or _dsa you are perfectly legit but I hate you anyways and you will need to edit the nasty (theFile as string) ends with blah line.

Now… toss this applescript in your scripts folder and set the hotkey ctrl-opt-k in FastScripts and if you don’t have it then shut up and go buy it in thanks from having this awesomeness rained down upon you… or put it in Alfred App… whatever bro; the point is you should be running all your shell and applescripts from the keyboard so do it.

Now hit that key command and watch the awesome of the menu box you can arrow through! Select your key of the minute and hit enter! Be amazed at the applescript password prompt.

Feel amazing bro. Feel amazing.

Note for those who are curious

The applescripts are hooking off the frontmost application. IE it’s telling whatever app is in front to activate1 and then display the dialogs for the scripts. So don’t bug out because the icon displayed is some “random seeming” app on your system. I do this so that the box is always to front so it can be keyboard operated and drops you right back into your front most app without fuzzing off the focus elsewhere or in some truly random app of my choosing like Finder.

I’ll probably put this in my GitHub later, or forget and leave it as a blog exclusive so enjoy.

  1. I had some weird edge case focus issues and making sure to activate before springing the next dialog box smoothed it all out. Sorry if that has any weirds, it really shouldn’t ↩︎

comments powered by Disqus