Can you set passwords in .ssh/config to allow automatic login?
Solution 1
Trading off security for convenience never ends well...
Could you use ssh-copy-id
from the openssh-client
package?
From man ssh-copy-id
:
ssh-copy-id is a script that uses ssh to log into a remote machine and append the indicated identity file to that machine's ~/.ssh/authorized_keys file.
Solution 2
If you don't really want to use a public/private key pair, you can write an expect
script to enter the password for you automatically depending on the destination address.
Edit: What I mean is that you can have a script that, on one hand, uses expect
to enter the password for you and, on the other hand, reads the password for a given user and host from a configuration file. For example, the following python script will work for the sunny day scenario:
#!/usr/bin/python
import argparse
from ConfigParser import ConfigParser
import pexpect
def main(args):
url = args.url
user, host = url.split('@', 1)
cfg_file = 'ssh.cfg'
cfg = ConfigParser()
cfg.read(cfg_file)
passwd = cfg.get(user, host)
child = pexpect.spawn('ssh {0}'.format(url))
child.expect('password:')
child.sendline(passwd)
child.interact()
if __name__ == '__main__':
parser = argparse.ArgumentParser(description='Run ssh through pexpect')
parser.add_argument('url')
args = parser.parse_args()
main(args)
and the configuration file format would be as follows:
[user_1]
host1 = passwd_1
host2 = passwd_2
[user_2]
host1 = passwd_1
host2 = passwd_2
Note: As explained, the python script would need to be much more complex to handle all the possible errors and question messages from ssh and all the possible URLs (in the example it's assumed that it will be something like user@host
, but the user part isn't used most of the times), but the basic idea would still be the same. Regarding the configuration file, you may use a different configuration file or use .ssh/config
and write your own code to parse that file and get the password for a given user and host.
Solution 3
How about ProxyCommand:
Host Home-raw
HostName test.com
Host Home
User netmoon
Port 22
ProxyCommand sshpass -pmypass ssh netmoon@%h-raw nc localhost %p
You can use ssh -W
instead of nc
as well:
ProxyCommand sshpass -pmypass ssh netmoon@%h-raw -W localhost:%p
Solution 4
There also is sshpass
program for that.
How to use:
sshpass -p MyPa55word ssh [email protected]
Solution 5
No. This is not possible I'm afraid.
The only real alternative is to use private keys but you've said you don't want to (why not?).
Related videos on Youtube
Netmoon
Updated on September 18, 2022Comments
-
Netmoon over 1 year
I'm using Ubuntu 11.10 and
ssh
for connecting to many servers daily, so I put their parameters in the.ssh/config
file like this:Host Home User netmoon Port 22 HostName test.com
Is there a way to put passwords for each connection in this file, so that, when the server asks for the password, the terminal enters its password and sends it to the server?
I need this because sometimes I'm away from the PC and when I get back, type a password, and press Enter the terminal says
CONNECTION CLOSED
.P.S. I don't want to use a public/private key pair.
-
Admin over 11 yearsI'm in the same situation and I cannot upload my public key because I have ssh access only for svn. That is if I try ssh svnhost I get "( success ( 2 2 ( ) ( edit-pipeline svndiff1 absent-entries commit-revprops depth log-revprops partial-replay ) ) )" svnserve response and not the shell
-
Admin almost 9 yearsSee unix.stackexchange.com/a/83991/26493 and andre.frimberger.de/index.php/linux/… for a way by utilizing
SSH_ASKPASS
.
-
-
Netmoon over 12 yearsbecause i don't have permission to put another key on server.
-
Netmoon over 12 yearscan you explain further?
-
Netmoon over 12 yearssorry, i don't understand. can you explain ?
-
david6 over 12 yearsreworded for you ..
-
jcollado over 12 years@Netmoon I added a small example to my answer to my it clearer.
-
Scott Severance over 12 years@Netmoon: If you can log in, you can add a key, right? You only need write access to your home directory, unless the sysadmin set things up strangely.
-
user239558 about 11 years@ScottSeverance I think that is the situation this question refers to. Not having the ability to add a key. Yes it is strange, but it often happens.
-
Ville over 10 yearsSince posting of the above response there has been several iterations of SecureCRT, including the latest one VanDyke just released in early December 2013. Each iteration has been improving the program making it even more versatile. It also has a rich API that allows the program to be controlled/interfaced with Python/VB scripts. SecureCRT has been part of my core toolkit for a good decade, and I highly recommend it.
-
Eaten by a Grue almost 10 yearsI've had the very common experience of shared hosting environments where public key access is disabled, so even though you can add keys, they are not used. it goes against reason yes, but that's the way many hosting providers set up their servers
-
tomasz over 9 yearsThis doesn't work if the remote admin insists on disabling public key authorization...
-
Scott over 9 yearsYes, but being realistic on systems under your entire direct supervision and control is not making a compromise. Say, for example, on a vagrant virtual machine with no outside connections used solely for development purposes on a single seat.
-
cwallenpoole over 9 yearsInsisting on draconian security without cause also never ends well.
-
devth over 8 yearsSometimes it ends well.
-
eggmatters about 8 yearsIMHO, the insistence of passwords for authentication is more risk than not. I oftentimes set often used passwords for ssh as environment variables as I am loath to remember a set of arbitrary strings. By demanding users enter them is simply asking them to be poorly stored.
-
Eric Woodruff about 8 yearsThere are answers that show it is possible
-
Eric Woodruff about 8 yearsThis doesn't answer the question of how to put the password in the .ssh/config file
-
goo almost 8 yearsUnless you preface your command with a space, (
sshpass
instead ofsshpass
), you have just stored your password ("MyPa55word") in your shell's history file. -
igor over 7 years@waltinator good point
-
Arcesilas about 7 yearsI'm pretty sure I read "I don't want to use public/private key pair.", but can't figure out where.... So: "I don't want to use public/private key pair." => Ok, why don't you use a public/private key pair ?
-
Arcesilas about 7 yearsIndeed, it does not answer that question. But it solves the problem: avoid having to type passwords manually and store them in a file. Which is pretty what OP requires.
-
Toan Nguyen about 7 yearsIt will not work as expected with
-W
option. Do you have any workaround? -
Victor Pudeyev over 6 yearsIt still asks me for the password with this proxy command...
-
Darth Egregious over 6 yearsWell the question asker was fine with it being in
.ssh/config
, why not in shell history too? -
Jacob Ford over 6 yearsIt's not officially on Homebrew but you can install from a third-party repo with
brew install https://raw.githubusercontent.com/kadwanev/bigboybrew/master/Library/Formula/sshpass.rb
. More: gist.github.com/arunoda/7790979 -
Alexander Bird over 5 years
read -s password; sshpass -p "$password" ssh [email protected]
. This will prevent password from showing in history -
Paul over 5 yearsIt's great that you link to a solution - however, it's also good practice to go ahead and post the solution here. That way, if the link is ever removed (as happens on stack exchange occasionally) there is still a usable answer here.
-
web.learner over 5 years@PiotrDobrogost It's not ok to solicit downvotes on a post. If there is something wrong with this answer then post that in a polite manner.
-
goo over 5 yearsA well-timed (or repeated)
ps -lf -C sshpass
will catch the password, unlesssshpass
clears its environment. -
Martin Bramwell about 5 yearsI also find it still asks for a password. All this seems to do is move the problem from
test.com
requiring a password toHome
requiring a password. What's the point? What's the trick to get it to work? -
Andre Helberg about 5 yearsI'm genuinely curious, how is saving a password in you ssh_config, different from having a private key stored on your system? Does using a password lead to weaker encryption between the client and server?
-
ThiagoAlves about 5 years` export SSHPASS='YourPass'; sshpass -e ssh me@server`
-
mcantsin over 4 yearsthis is not a security related question. the question asked concerns automation, not security.
-
Ric0 over 4 yearsI like your solution more, but it's not working for me. $password is always empty.
-
the_meter413 about 4 yearsThis is the only valid answer to the OP's question: "can I put a password in the config file?" While all the other answers a helpful, they do not directly answer the OP's question.
-
Misty over 3 years@Nmath Oh thanks a lot for your helpful instruction! I'll pay attention to this issue in the future :)
-
Jivan Pal over 2 years@AndreHelberg, if the private key is unencrypted, then it's equally insecure. However, if your SSH key requires a passphrase to unlock, meaning it is stored encrypted on disk, then this is not the case. Using
UseKeychain yes
in your SSH config, in conjunction with a native keychain manager (e.g. macOS Keychain Access, GNOME keyring/libsecret) means that, if you're logged in to your local machine, the encrypted key will be automatically decrypted without prompting you for the key's passphrase, but the key still remains encrypted on disk.