Execute bash script on remote server non-interactively

command-line server bash scripts ssh

10,666

Make sure that you have read security considerations

Install sshpass it's a tool for non-interactive ssh password authentication.

sudo apt install sshpass

You can use it like:

sshpass -p 'password' ssh user@server/IP

Then use it like this to run your script with its arguments:

sshpass -p 'password' ssh user@server "bash -s" < ./script.sh arg1 arg2

If it didn't work then what I suggest is to use scp and move your script to remote server, then run your command and remove the script:

sshpass -p 'password' scp script.sh user@server:/tmp/script.sh
sshpass -p 'password' ssh user@server /tmp/script.sh arg1 ar2 arg3
sshpass -p 'password' ssh user@server rm /tmp/script.sh

Security considerations [man sshpass]

First and foremost, users of sshpass should realize that ssh's insistance on only getting the password interactively is not without reason. It is close to impossible to securely store the password, and users of sshpass should consider whether ssh's public key authentication provides the same end-user experience, while involving less hassle and being more secure.

The -p option should be considered the least secure of all of sshpass's options. All system users can see the password in the command line with a simple "ps" command. Sshpass makes a minimal attempt to hide the password, but such attempts are doomed to create race conditions without actually solving the problem. Users of sshpass are encouraged to use one of the other password passing techniques, which are all more secure.

In particular, people writing programs that are meant to communicate the password programatically are encouraged to use an anonymous pipe and pass the pipe's reading end to sshpass using the -d option.

10,666

Author by

Amarjit Singh

Passionate PHP Developer and Sci-Fi Enthusiast.

Updated on September 18, 2022

Comments

Amarjit Singh over 1 year
I have a bash script that accepts exactly 3 arguments and I have created a web interface in PHP to run this script on a remote server. The user just enters username host and password of the remote server.

I found this command to execute bash script on remote server:
```
ssh root@host 'bash -s' < script.sh
```
But this command prompts for a password and also doesn't use any arguments. But I need something that can be run non-interactively.

Something like:
```
ssh root@host -password="password" 'bash -s' < script.sh
```
- ignite over 5 years
  
  set up ssh keys for passwordless login: askubuntu.com/questions/46930/… If that's not an option, use sshpass
- Amarjit Singh over 5 years
  
  to setup ssh key I have to login to remote server manually. thats what i don't want
- Daniel Pryden over 5 years
  
  @AmarjitSingh: You don't need to log in manually to set up ssh keys -- just use ssh-copy-id. Or am I misunderstanding something?
- Amarjit Singh over 5 years
  
  @DanielPryden ssh-copy-id command also prompts for the password. But I need a command that is non-interactive.
- Daniel Pryden over 5 years
  
  @AmarjitSingh: So you have two servers, and you don't have interactive access to either, but you can run arbitrary shell commands on the first server that contain the root password for the second server in plain text? If you don't have shell access, that implies that this is someone else's server -- do you really want to put the password to another machine in plain text there?
- Amarjit Singh over 5 years
  
  @DanielPryden the first server that executes the script on another server is owned by me I have a web application that takes credentials from user and perform some operations on remote servers. The remote server belongs to the user of the web application.
pa4080 over 5 years

The password can be read from a file: sshpass -f /path/to/passwordfile ..., reference: askubuntu.com/a/982438/566421
Ravexina over 5 years

Yeah, there are other ways too (like using -e to read from $SSHPASS) I didn't add them to keep the answer clean. man sshpass
Amarjit Singh over 5 years

@Ravexina your solution only works with the known hosts. what about the new hosts that are not added to the list of known hosts.
Ravexina over 5 years

@AmarjitSingh that's another question. Anyway you can use -o StrictHostKeyChecking=no option ;)
Daniel Pryden over 5 years

I feel like this answer is incomplete without a mention of the (very serious) drawbacks mentioned under Security Considerations in the sshpass manpage.
Ravexina over 5 years

@DanielPryden You are right I will edit it really soon... however I consider that anyone who want to do it does know what's going on ;)
Amarjit Singh over 5 years

@Ravexina thanks for your great answer :). But I am getting invalid option -o while using -o StrictHostKeyChecking=no option. can you update your answer to explain how to use that option with sshpass.
Ravexina over 5 years

@AmarjitSingh Read this Q/A: askubuntu.com/a/87452/264781 :)
Ravexina over 5 years

@AmarjitSingh I can't test it right now but this might work: sshpass -p 'password' -- ssh user@server -o StrictHostKeyChecking=no rm /tmp/script.sh