How to give password in shell script?

linux shell scripting expect
35,884

Solution 1

If you can't use ssh trust and must enter the password later on in your script, use read -s -p "Password:" USER_PASSWORD to silently read in the password. You can then export USER_PASSWORD to an expect script, avoiding it being displayed in ps:

    #!/usr/bin/expect -f
    spawn scp some.file USER@otherhost:~
    expect "assword:"
    send -- "$env(USER_PASSWORD)\r"
    expect eof

Solution 2

Short answer: DON'T

Use public key authentication for SCP and sudo with NOPASSWD directive for make install

Solution 3

I think it's a better idea to generate an authentication key, and use this key based authentication instead of writing plain text passwords into your scripts.

Solution 4

No, you won't find any method to use SSH config files or a command line option to have a password hard coded and I'm sure this is by design.

If you environment makes this difficult, perhaps it would be helpful to know that the script can specify an identity file using the -i argument so you don't have to have a whole home directory setup or anything like that. There are other options that help use the key authentication that ssh really encourages over password authentication.

If you are using this across several users who you don't want to be bothered to create keys and copy them to the server, you could script that also. It wouldn't be hard to check for an existing key and do a quick test to see if you can make a connection with it. If you can't without a password, then you'd ssh-copy-id to the server asking for the ssh password that one time and at the beginning of the script so very little lag would occur between starting and running the script and it would be only once. You could even setup a separate key for each user for just the script in their own ~/.script/key/ directory so that you would discourage users access to the SSH server.

If you want to really restrict what can be done on the remote server by that user, you could use rssh as the shell on the remote account which will limit the user access to transferring files.

Solution 5

A good way we did this in the past to provide passwords to needed scripts when using key based authentication was impossible or needed to use passwords for apps, services, mysql, whatever...we stored passwords in an encrypted file and then decrypted this file at runtime to provide the password to the scripts.

The password decryption script, let's call it, yourcreds.rb, was restricted to root use only of course and the unencrypted passwords wern't stored anywhere. So for example you could run:

root@host:~# yourcreds.rb | grep mysql | awk {'print $3'}

Which without awk would for example output the stored line: service | user | password | description | etc... mysql mysqluser password ....

With yourcreds.rb (or whatever) you can output just the password and easily incorporate this method into scripts / cron jobs in larger or more complex environments.

Also if I remember correctly we didn't have to use grep / awk or anything. We just programmed in opts parse stuff like: yourcreds.rb list mysql or yourcreds.rb -l, etc.

We used blowfish and yamls to store the encrypted passwords. I'm sure you can be creative. Just make sure it's bullet proof to anyone but root.

Share:
35,884

Related videos on Youtube

Jeegar Patel
Author by

Jeegar Patel

Written first piece of code at Age 14 in HTML & pascal Written first piece of code in c programming language at Age 18 in 2007 Professional Embedded Software engineer (Multimedia) since 2011 Worked in Gstreamer, Yocto, OpenMAX OMX-IL, H264, H265 video codec internal, ALSA framework, MKV container format internals, FFMPEG, Linux device driver development, Android porting, Android native app development (JNI interface) Linux application layer programming, Firmware development on various RTOS system like(TI's SYS/BIOS, Qualcomm Hexagon DSP, Custom RTOS on custom microprocessors)

Updated on July 05, 2022

Comments

  • Jeegar Patel
    Jeegar Patel almost 2 years

    In a shell script file I am using some commands like scp and make install which ask for my password.

    I run a shell script to compile a big project, and after some time it asks for my password for using scp. I need to wait for that process and give the password after that.

    I just want to do it all by shell script without interaction, so how can I avoid being prompted for the password here?

    • Jeegar Patel
      Jeegar Patel about 12 years
      any solution for writing plain password in shell script?
    • StingyJack
      StingyJack over 11 years
      this probably belongs on serverfault
  • j_mcnally
    j_mcnally about 12 years
    this is a duplicate of both previous answers.
  • KARASZI István
    KARASZI István about 12 years
    This was written in the same time! Thanks for downvoting!
  • saurav
    saurav over 5 years
    How to read password from some other file and pass to expect?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to return spawned process exit code in Expect script?
Convert Bash Scripts To Shell
Changing a hostname permanently in Ubuntu
"command not found" errors in expect script executed by shell script
bash script adding git credentials from bash script
expect script + how to ignore strings if not appears
Shell script to ls and execute command on ls result
How to by-pass user interactions in a script?
How can I track growing directories?
Expect script too fast: add a sleep between each line read from a file