How do I login over ssh without using password less RSA / DSA public keys? How do I use ssh in a shell script? How do I login non-interactivly performing password authentication with SSH and shell scripts?
You can use sshpass command to provide password for ssh based login. From the man page:
sshpass is a utility designed for running ssh using the mode referred to as "keyboard-interactive" password authentication, but in non-interactive mode.
ssh uses direct TTY access to make sure that the password is indeed issued by an interactive keyboard user. Sshpass runs ssh in a dedicated tty, fooling it into thinking it is getting the password from an interactive user.
The command to run is specified after sshpass' own options. Typically it will be "ssh" with arguments, but it can just as well be any other command. The password prompt used by ssh is, however, currently hardcoded into sshpass.
WARNING! These examples considered the least secure as simple ps command can expose password to all users on the same host. I highly recommend using ssh's public key authentication or keychain software to set up secure passwordless SSH accessInstall sshpass under Debian / Ubuntu Linux
Type the following command:
$ sudo apt-get install sshpass
How do I use sshpass?
Login to ssh server called server.example.com with password called t@uyM59bQ:
$ sshpass -p 't@uyM59bQ' ssh username@server.example.com
Under shell script you may need to disable host key checking:
$ sshpass -p 't@uyM59bQ' ssh -o StrictHostKeyChecking=no username@server.example.com
How do I backup /var/www/html using rsync?
Run rsync over SSH using password authentication, passing the password on the command line:
$ rsync --rsh="sshpass -p myPassword ssh -l username" server.example.com:/var/www/html/ /backup/
Further readings:
Featured Articles:
- 20 Linux System Monitoring Tools Every SysAdmin Should Know
- 20 Linux Server Hardening Security Tips
- My 10 UNIX Command Line Mistakes
- Linux: 20 Iptables Examples For New SysAdmins
- 25 PHP Security Best Practices For Sys Admins
- The Novice Guide To Buying A Linux Laptop
- 10 Greatest Open Source Software Of 2009
- Top 5 Email Client For Linux, Mac OS X, and Windows Users
- Top 20 OpenSSH Server Best Security Practices
- Top 10 Open Source Web-Based Project Management Software
- Top 5 Linux Video Editor Software
Facebook it - Tweet it - Print it -
{ 18 comments… read them below or add one }
I don’t agree to this trick, better use an ssh-agent and ssh-add. Check out this howto: http://meinit.nl/ssh-agent-trick
Regards, Robert de Bock.
Wow… this is scary. I would never recommend this method to anyone! If you want to ssh using command line with no password prompt, just create your ssh key without a password.
Not only would ps reveal the password for your ssh key, but also it is stored in your history on the filesystem!
I’ve always done it using ssh-copy-id or the good ol manual way.
$ mkdir -p ~/.ssh If it doesn’t already exist
$ chmod 700 ~/.ssh
$ cd ~/.ssh
$ ssh-keygen -t rsa
$ cat ~/.ssh/id_rsa.pub | ssh ‘mkdir .ssh; chmod 700 .ssh; cat>>.ssh/authorized_keys’
Web input filter changed the last line of my comment.
$ cat ~/.ssh/id_rsa.pub | ssh hostname ‘mkdir .ssh; chmod 700 .ssh; cat>>.ssh/authorized_keys’
it is recommended for sererrs it may used in scripts,that is not comes under system history and you may given password for that script.
I use this tool and it is safe. Here is my scenario
I’ve a central backup server and I’m the only person who logs in. Server is connected to internet and no services are running except ssh on vpn interface. I need to login to over 20 boxes collocated or leased in 5 data centers. With this tool I don’t have to upload ssh keys to those boxes. So if any one of the production box got hacked, my backup server remain intact.
Personally, I find keychain to be the best alternative. At least I know I’m save from any possible cracking!
http://www.gentoo.org/proj/en/keychain/
On an extra note, one can clear the keychain (keychain –clear) on every login using .bash_profile just in case. ;)
This is what exactly I looking for.
All the servers I used ssh-copy-id. But recently one server replaced by 3rd party and they manage it and I do not have any write access login (no home directory). I run a script to rsync just two directories and last two weeks I had to do this manually since cron job filling.
My problem fixed by this solution.
Sometimes it is not possible to add the keys or advisable to do so. sshpass is an excellent solution for large deployments of secure systems that prevents the innate issues of unauthenticated access.
I was wondering how to implement this on different port not default port 22…
Just put :[portnumber] after the location
Ex: $ sshpass -p ‘t@uyM59bQ’ ssh username@server.example.com:2400
Nice post
Is it really working on your distribution?
Only -p port is working on Opensuse.
ssh: Could not resolve hostname some.server.com:2222: Name or service not known
You can always write a bash script and secure the credentials in an include file:
# Include the Login credentials:
. /path/to/credentials
# rsync using vars defined in credentials, e.g.:
rsync -r -a -v -e “sshpass -p $SSH_PASSWORD ssh -l $SSH_LOGIN” –delete /path/to/local/dir $SSH_HOST:/path/to/remotedir/
IT world is complex and there are situations where you simply can’t use rsa keys.
Ii’s stupid that ssh developers think just one way and not letting users chose what thay need to use.
I’m now adding second account to dd-wrt router and since rsa keys are global there for all users I have to use password in bash to create reverse ssh tunnel.
My second account has /bin/false shell.
And finally this sshpass is not working for me. Not sure why.
“It’s not recommended”, bla bla bla bla bla. Sometimes you need these solutions, even if they are risk.
Thanks for giving this option. I F*UCKING KNOW the best way is using ssh keys. But if you F*CKING CANT use them for some F*CKING REASON, this solution fits like a glove.
I tested with scp, and it works as well.
Sir my laptop is stolen