1

I can't get security (the command line interface for the keychain) to retrieve passwords with security 2>&1 >/dev/null find-generic-password -ga <name> over SSH. It only seems to work in physical console sessions - is this actually intended behaviour?

For example, in a normal console session the above command retrieves the password without any problems. SSH to localhost and run it again though and it returns an empty string.

I need the ability to login over SSH and run a script that draws a password down from the keychain for authentication; am I right in thinking Apple have shipped a command line client that breaks in SSH sessions or have I missed something?

toxefa
  • 426
  • Agreed, that other question basically covers it. This is so poor from Apple though. It's like they never considered the obvious use case for security was scripting - you have to put in a password to unlock the keychain before this command does anything thereby invalidating the point of using the keychain in the first place.. Not to mention there's 0 in the way of stdout for this so you're left thinking you've misconfigured the Keychain item you're trying to retrieve after fiddling with it for hours. – toxefa Feb 17 '17 at 19:09
  • they seem to have fixed this – code_monk May 15 '17 at 13:53
  • @code_monk not for me. Are you able to retrieve passwords with security in an SSH session? I'm running the latest version of Mac OS (10.12.5) and still have to be in a console session for it to work. – toxefa May 17 '17 at 09:52
  • yes i am. i'm on 10.12.4. Maybe it has to do with the fact i've authenticated with an RSA key, and have turned password auth off? – code_monk May 21 '17 at 10:37

0 Answers0