How to pass the password to su/sudo/ssh without overriding the TTY?

linux ssh passwords sudo su

362,148

Solution 1

For sudo there is a -S option for accepting the password from standard input. Here is the man entry:

    -S          The -S (stdin) option causes sudo to read the password from
                the standard input instead of the terminal device.

This will allow you to run a command like:

echo myPassword | sudo -S ls /tmp

As for ssh, I have made many attempts to automate/script it's usage with no success. There doesn't seem to be any build-in way to pass the password into the command without prompting. As others have mentioned, the "expect" utility seems like it is aimed at addressing this dilemma but ultimately, setting up the correct private-key authorization is the correct way to go when attempting to automate this.

Solution 2

I wrote some Applescript which prompts for a password via a dialog box and then builds a custom bash command, like this:

echo <password> | sudo -S <command>

I'm not sure if this helps.

It'd be nice if sudo accepted a pre-encrypted password, so I could encrypt it within my script and not worry about echoing clear text passwords around. However this works for me and my situation.

Solution 3

For ssh you can use sshpass: sshpass -p yourpassphrase ssh user@host.

You just need to download sshpass first :)

$ apt-get install sshpass
$ sshpass -p 'password' ssh username@server

Solution 4

For sudo you can do this too:

sudo -S <<< "password" command

Solution 5

I've got:

ssh user@host bash -c "echo mypass | sudo -S mycommand"

Works for me.

View more solutions

362,148

n-alexander

Updated on December 19, 2021

Comments

n-alexander over 2 years

I'm writing a C Shell program that will be doing su or sudo or ssh. They all want their passwords in console input (the TTY) rather than stdin or the command line.

Does anybody know a solution?

Setting up password-less sudo is not an option.

expect could be an option, but it's not present on my stripped-down system.
- Ciro Santilli OurBigBook.com over 8 years
  
  SSH: serverfault.com/questions/241588/…
- Eugen Konkov about 5 years
  
  krazyworks.com/automating-ssh-and-sudo-with-expect
aus almost 12 years

This will actually work for su as well. su does not have a -S (stdin) option.
user1158559 over 11 years

Luckily, Ruby has a built-in SSH client which allows you to specify the password. You could try ruby -e "require 'net/ssh' ; Net::SSH.start('example.com', 'test_user', :password => 'secret') do |ssh| puts 'Logged in successfully' ; while cmd=gets ; puts ssh.exec!(cmd) ; end end"
thelogix over 9 years

Its not. "su: must be run from a terminal" is the answer to this.
Matt over 9 years

I hate to be a party pooper here, but doing this can make your password show up in a process list. I was trying to determine a better way and came across this article and was surprised no one had pointed it out. Great solution, but beware of the risks.
AKS over 9 years

Didn't work for me. still ssh prompts for the password.
klh over 9 years

About ssh, have you tried passing password in connection string? like nonroot:[email protected]? Of course things are much easier if you use key auth and key manager.
E_Ri over 9 years

Excellent, finally something I can use! Thanks. I use this within a bash script that starts an ssh session and passes sudo commands to the client. My script has lines the resolve to: ssh -t username@hostname bash -c "sudo echo fartjuice"
Michael Pankov over 8 years

Is it possible to avoid sleeping and use something more reliable instead?
CAB about 8 years

Avoid password showing up in process list or log files by putting it in a file and using cat; 'cat pw | sudo -S <command>, and later rm pw.
CAB about 8 years

Another way would be to use netcat and deliver the password over a socket - nc -l 12345 | sudo -S <command>. On the sending side; echo myPassord | nc <target> 12345. This just moves the password handling problem, but presumably to a master console where you have more options.
Abhishek Yadav almost 8 years

This solution is working for Linux only, any suggestion to use same with Unix.
Ed Bishop over 7 years

ssh -t -t [email protected] << EOF echo SOMEPASSWORD | sudo -S do something sudo do something else exit EOF
Hangchen Yu about 7 years

This is the only one works for me in Fedora. People downvote answers just because they don't work in their situation?
notme1560 about 7 years

"su: must be run from a terminal" (RPi1B, Raspbian)
Jack about 6 years

If you can login as user with ssh key, for sudo access is fine: ssh -t user@host "echo mypassword | sudo -S sudocommand"
Radon8472 almost 6 years

Looks nice, but how can I enable the expect command on a maschine without root permissions ?
StarCrashr over 5 years

@Radon8472 An executable may be added to ~/bin if you don't have permissions to install it. If your system does not automatically add ~/bin to your PATH, you may do so manually with export PATH="$PATH:~/bin" or add that command to your profile to do it automatically. If you don't want to change your PATH, you may instead execute the command using its absolute path: ~/bin/expect [arguments] Be sure to remember to set its executable bit: chmod +x ~/bin/expect
moutonjr over 4 years

Unfortunately this doesn't in recent versions of su, which reads password from stdio instead.