Below is a part of my shell script. Currently I have shared the public key of the client with the host, therefore I will not be prompted for the password.
The key that has been created on the client is also without a passphrase. If it is created with a passphrase, the code I have will not suffice as the script waits for the passphrase to be entered.
Is there a mechanism where I still create the key with a passphrase and be able to even send the passphrase in my script (or not be prompted for the passphrase)?
Also, what are the risks associated with having a key created without the passphrase?
ssh-keygen asks if you want to use a password - you have to leave the answer blank and hit return. You will have to create new keys if you want passwordless.
This explains it: ssh-keygen: password-less SSH login
ssh is a reasonably secure protocol. There is no good way to get ssh to accept a password in a script. That defeats security. That is the reason for keys.
I have not tried it, but apparently you can make an expect script to give a password to ssh or sftp or whatever.
I don't think I can use expect with this. I believe expect requires tcl to be installed. That takes it back to my initial question "Is there any way of sending the passphrase in the script?"
Short answer: no. ssh/scp/sftp/su/sudo do check where input is coming from and, if needed, override that by opening the terminal as stdin.
expect works around that by not changing stdin but instead attaching to it.