How do I login over ssh without using password less RSA / DSA public keys? How do I use ssh in a shell script? How do I login non-interactivly performing password authentication with SSH and shell scripts?

You can use the sshpass command to provide the password for ssh based login. It is a non-interactive ssh password auth tool. From the man page:

sshpass is a utility designed for running ssh using the mode referred to as “keyboard-interactive” password authentication, but in non-interactive mode.

ssh uses direct TTY access to make sure that the password is indeed issued by an interactive keyboard user. Sshpass runs ssh in a dedicated tty, fooling it into thinking it is getting the password from an interactive user.

The command to run is specified after sshpass’ own options. Typically it will be “ssh” with arguments, but it can just as well be any other command. The password prompt used by ssh is, however, currently hardcoded into sshpass.

WARNING! These examples considered the least secure as simple ps command can expose password to all users on the same host. I highly recommend using ssh’s public key authentication or keychain software to set up secure passwordless SSH access.

Install sshpass under Debian / Ubuntu Linux

Type the following command:
$ sudo apt-get install sshpass
Sample outputs:

Fig.01: Installing sshpass on Debian/Ubuntu Linux

Fig.01: Installing sshpass on Debian/Ubuntu Linux

Install sshpass under RHEL/CentOS Linux

First, enable EPEL repo and type the following yum command:
$ sudo yum install sshpass
If you are using Fedora Linux, type:
$ sudo dnf install sshpass

Install sshpass under Arch Linux

$ sudo pacman -S sshpass

Install sshpass under OpenSUSE Linux

$ sudo zypper install sshpass

Install sshpass under FreeBSD Unix

To install the port, enter:
# cd /usr/ports/security/sshpass/ && make install clean
To add the package, run:
# pkg install sshpass

How do I use sshpass in Linux or Unix?

Login to ssh server called with password called t@uyM59bQ:
$ sshpass -p 't@uyM59bQ' ssh
For shell script you may need to disable host key checking:
$ sshpass -p 't@uyM59bQ' ssh -o StrictHostKeyChecking=no

Security unwise warning: The -p option should be considered the least secure of all of sshpass’s options. I recommend that you use ssh’s public key authentication.

A bash shell script example with SSHPASS

The syntax is:

SSHPASS='t@uyM59bQ' sshpass -e ssh
SSHPASS='t@uyM59bQ' sshpass -e ssh date
SSHPASS='t@uyM59bQ' sshpass -e ssh w
SSHPASS='t@uyM59bQ' sshpass -e ssh -o StrictHostKeyChecking=no

The password is passed as environment variable called SSHPASS.

Reading password from file

Another option is to read password from file using the -f option. The syntax is:
sshpass -f fileNameHere ssh user@server
Create a file as follows:

$ echo 'myPassword' > myfile
$ chmod 0400 myfile
$ sshpass -f myfile ssh

How do I backup /var/www/html using rsync?

Run rsync over SSH using password authentication, passing the password on the command line:
$ rsync --rsh="sshpass -p myPassword ssh -l username" /backup/
$ SSHPASS='yourPasswordHere' rsync --rsh="sshpass -e ssh -l username" /backup/

How do I use sshpass with gpg encrypted file?

First, create a file as follows:
$ echo 'mySshPasswordHere' > .sshpassword
Now, encrypt a file using gpg command:
$ gpg -c .sshpassword
$ rm .sshpassword

Finally, use it as follows:
$ gpg -d -q .sshpassword.gpg > fifo; sshpass -f fifo ssh

If you just type sshpass, you will see help screen as follows:

Fig.02: sshpass command in action

Fig.02: sshpass command in action

Further readings:

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 37 comments so far... add one

CategoryList of Unix and Linux commands
Disk space analyzersncdu pydf
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
37 comments… add one
  • Robert de Bock Sep 12, 2008 @ 11:54

    I don’t agree to this trick, better use an ssh-agent and ssh-add. Check out this howto:
    Regards, Robert de Bock.

  • Dave Sep 12, 2008 @ 15:00

    Wow… this is scary. I would never recommend this method to anyone! If you want to ssh using command line with no password prompt, just create your ssh key without a password.

    Not only would ps reveal the password for your ssh key, but also it is stored in your history on the filesystem!

    • Frans Jan 13, 2012 @ 18:18

      For history, just store the password in a var..

      read pass
      sshpass -p “$pass” ssh root@wherever

      history | grep sshpass
      1028 sshpass -p “$pass” ssh root@localhost

      for ps, modern linux blanks out the pasword.

      0 S root 28468 27445 0 80 0 – 1554 poll_s 13:16 pts/3 00:00:00 sshpass -p zzzzzzzz ssh root@localhost

  • Miker Sep 12, 2008 @ 16:30

    I’ve always done it using ssh-copy-id or the good ol manual way.

    $ mkdir -p ~/.ssh If it doesn’t already exist
    $ chmod 700 ~/.ssh
    $ cd ~/.ssh
    $ ssh-keygen -t rsa
    $ cat ~/.ssh/ | ssh ‘mkdir .ssh; chmod 700 .ssh; cat>>.ssh/authorized_keys’

  • Miker Sep 12, 2008 @ 21:19

    Web input filter changed the last line of my comment.

    $ cat ~/.ssh/ | ssh hostname ‘mkdir .ssh; chmod 700 .ssh; cat>>.ssh/authorized_keys’

  • ram Sep 13, 2008 @ 7:54

    it is recommended for sererrs it may used in scripts,that is not comes under system history and you may given password for that script.

  • Raj Sep 13, 2008 @ 8:47

    I use this tool and it is safe. Here is my scenario

    I’ve a central backup server and I’m the only person who logs in. Server is connected to internet and no services are running except ssh on vpn interface. I need to login to over 20 boxes collocated or leased in 5 data centers. With this tool I don’t have to upload ssh keys to those boxes. So if any one of the production box got hacked, my backup server remain intact.

  • KwangErn Oct 9, 2008 @ 21:41

    Personally, I find keychain to be the best alternative. At least I know I’m save from any possible cracking!

  • KwangErn Oct 9, 2008 @ 21:43

    On an extra note, one can clear the keychain (keychain –clear) on every login using .bash_profile just in case. ;)

  • MPerera May 6, 2009 @ 23:51

    This is what exactly I looking for.
    All the servers I used ssh-copy-id. But recently one server replaced by 3rd party and they manage it and I do not have any write access login (no home directory). I run a script to rsync just two directories and last two weeks I had to do this manually since cron job filling.
    My problem fixed by this solution.

  • Arete Vestige Jul 1, 2009 @ 15:41

    Sometimes it is not possible to add the keys or advisable to do so. sshpass is an excellent solution for large deployments of secure systems that prevents the innate issues of unauthenticated access.

    • harperS Feb 21, 2014 @ 15:05

      Agreed. Not always the “preferred” solution but sometimes when SSH keys aren’t an option, this solution will get you going.

  • t0kneneng Dec 6, 2010 @ 2:31

    I was wondering how to implement this on different port not default port 22…

  • Tyler Dec 7, 2010 @ 23:03

    Just put :[portnumber] after the location
    Ex: $ sshpass -p ‘t@uyM59bQ’ ssh

    • arepalli May 25, 2011 @ 9:15

      Nice post

    • dan Oct 28, 2011 @ 16:27

      Is it really working on your distribution?

      Only -p port is working on Opensuse.

      ssh: Could not resolve hostname Name or service not known

    • vladkras Jan 13, 2016 @ 10:42

      for me this is not working, but sshpass -p ‘password’ ssh -p 12345

      • Michael C Sep 9, 2016 @ 17:10


        sshpass -p 'P@$$W0RD' ssh -p 12345

    • s Apr 28, 2017 @ 9:14

      doesn’t work

  • Rich Aug 8, 2011 @ 15:41

    You can always write a bash script and secure the credentials in an include file:

    # Include the Login credentials:
    . /path/to/credentials

    # rsync using vars defined in credentials, e.g.:
    rsync -r -a -v -e “sshpass -p $SSH_PASSWORD ssh -l $SSH_LOGIN” –delete /path/to/local/dir $SSH_HOST:/path/to/remotedir/

  • dan Oct 28, 2011 @ 16:20

    IT world is complex and there are situations where you simply can’t use rsa keys.

    Ii’s stupid that ssh developers think just one way and not letting users chose what thay need to use.

    I’m now adding second account to dd-wrt router and since rsa keys are global there for all users I have to use password in bash to create reverse ssh tunnel.
    My second account has /bin/false shell.

    And finally this sshpass is not working for me. Not sure why.

  • __B__ Nov 16, 2011 @ 4:58

    “It’s not recommended”, bla bla bla bla bla. Sometimes you need these solutions, even if they are risk.

    Thanks for giving this option. I F*UCKING KNOW the best way is using ssh keys. But if you F*CKING CANT use them for some F*CKING REASON, this solution fits like a glove.

    I tested with scp, and it works as well.

    • JD Feb 12, 2014 @ 12:22

      Yes! I really wanted to scream this to all those “but it’s not secure!” people.

      Sometimes you have good reasons not to worry about security but on the other hand you need automation and you just can’t use keys. SSH’es insistence on “securing” the ssh by preventing this drives me crazy.

      *NIX used to be about giving people all the rope they need to hang themselves. Now you have all those ‘rm – are you sure? [yes/no]’. Just give me my damn rope please.

  • ashish badola Nov 16, 2011 @ 13:30

    Sir my laptop is stolen

  • Pavan Linux Dec 19, 2011 @ 5:25

    Create Repos under: /etc/yum.repos.d as epel.repo with following contents:
    vim /etc/yum.repos.d/epel.repo

    name=Extra Packages for Enterprise Linux 5 - $basearch
    name=Extra Packages for Enterprise Linux 5 - $basearch - Debug
    name=Extra Packages for Enterprise Linux 5 - $basearch - Source

    Also create file /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL with following contents

    vim /etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL

    Version: GnuPG v1.2.6 (GNU/Linux)

    and then run
    yum -y install sshpass

  • Ed Feb 9, 2012 @ 22:03

    Thanks for this solution. Where I work they don’t have home directories installed on remote hosts so I can’t set up public keys. I would like a solution like ssh-agent where I typed in my password once (so it’s held in memory), and the agent supplied it when I ssh somewhere.

  • Richard Thomas May 29, 2012 @ 15:48

    Seems like an improvement might be to store the password in a file in the local home-dir. The password could be encrypted in a variety of ways and the file 600 protected. The password for the encryption could be passed on the command line or set in an environment variable.

    This would protect from ps, potentially allow repeated access without having to specify the password each time and allow for a few other things like requiring local encryption password rotation independent of the remote password.

    Still not as good as the proper ways of doing things but better than straight password-on-the-commandline and potentially some benefits over interactive or outhorized_keys.

  • Richard Thomas May 29, 2012 @ 15:51

    Note that sshpass does have -f (file) and -e (environment) options. These don’t do all that I mentioned but would be a good first step in guarding against ps revealing your password.

  • Den Jul 12, 2012 @ 4:10

    Thanks for this! I doesn’t work here. I get the message “debug1: Next authentication method: password” and after the process waits forever. Any suggestions?

  • Raj Jul 5, 2013 @ 22:23

    Hi All

    I am in progress of building a syslog and configuration management server. I would like to schedule an automatic backup of Cisco running configurations and that has to be stored as device name and each day a new folder has to be created as mm/dd/year.

    By so, all backup’s that happened yesterday should be under 07/04/2013 directory and the one for today should be under 07/05/2013.

    Need your assistance on this.

    Thanks much…

  • Ravi Patel Dec 17, 2015 @ 13:20

    Thanks a lot buddy, you saved a lot of my time.

  • Aline Giron Jan 11, 2016 @ 21:49

    I couldn’t resist commenting. Perfectly written!

  • Kian Mordaunt Jan 12, 2016 @ 6:02

    Great article.

  • John Feb 23, 2016 @ 11:41

    I want to schedule auto file copy with crontab and sshpass. The file is order than 3 days. Here is the code but not working:
    00 00 * * * find /home/username/folder -mtime +3 -exec scp {} sshpass -p 0000 remotesrver@myipaddress \;
    00 00 * * * sshpass -p 0000 find/home/username/folder -mtime +3 -exec {} scp remoteserver@ipaddress \;

    Both commands are not working. Help

  • Anthony Apr 12, 2016 @ 16:42

    This is exactly what I was looking for. Oh! and thanks for mentioning the “StrictHostKeyChecking” part, that was helpful as well.

    Saw the security risks too, will keep that in mind.

  • Fox Feb 24, 2017 @ 14:05

    Is there a way to set a remote dir when using sshpass, so that after login I cd into a specified directory, please?

  • Andrea Apr 11, 2017 @ 11:30

    Does it works for the cert’s passphrase too ?
    $ ssh -i key.txt user@host

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum