How to pass the password to su/sudo/ssh without overriding the TTY?
Solution 1
For sudo there is a -S option for accepting the password from standard input. Here is the man entry:
-S The -S (stdin) option causes sudo to read the password from
the standard input instead of the terminal device.
This will allow you to run a command like:
echo myPassword | sudo -S ls /tmp
As for ssh, I have made many attempts to automate/script it's usage with no success. There doesn't seem to be any build-in way to pass the password into the command without prompting. As others have mentioned, the "expect" utility seems like it is aimed at addressing this dilemma but ultimately, setting up the correct private-key authorization is the correct way to go when attempting to automate this.
Solution 2
I wrote some Applescript which prompts for a password via a dialog box and then builds a custom bash command, like this:
echo <password> | sudo -S <command>
I'm not sure if this helps.
It'd be nice if sudo accepted a pre-encrypted password, so I could encrypt it within my script and not worry about echoing clear text passwords around. However this works for me and my situation.
Solution 3
For ssh
you can use sshpass
: sshpass -p yourpassphrase ssh user@host
.
You just need to download sshpass first :)
$ apt-get install sshpass
$ sshpass -p 'password' ssh username@server
Solution 4
For sudo you can do this too:
sudo -S <<< "password" command
Solution 5
I've got:
ssh user@host bash -c "echo mypass | sudo -S mycommand"
Works for me.
Related videos on Youtube
n-alexander
Updated on December 19, 2021Comments
-
n-alexander over 2 years
I'm writing a C Shell program that will be doing
su
orsudo
orssh
. They all want their passwords in console input (the TTY) rather than stdin or the command line.Does anybody know a solution?
Setting up password-less
sudo
is not an option.expect could be an option, but it's not present on my stripped-down system.
-
Ciro Santilli OurBigBook.com over 8 years
-
Eugen Konkov about 5 years
-
-
aus almost 12 yearsThis will actually work for
su
as well.su
does not have a -S (stdin) option. -
user1158559 over 11 yearsLuckily, Ruby has a built-in SSH client which allows you to specify the password. You could try ruby -e "require 'net/ssh' ; Net::SSH.start('example.com', 'test_user', :password => 'secret') do |ssh| puts 'Logged in successfully' ; while cmd=gets ; puts ssh.exec!(cmd) ; end end"
-
thelogix over 9 yearsIts not. "su: must be run from a terminal" is the answer to this.
-
Matt over 9 yearsI hate to be a party pooper here, but doing this can make your password show up in a process list. I was trying to determine a better way and came across this article and was surprised no one had pointed it out. Great solution, but beware of the risks.
-
AKS over 9 yearsDidn't work for me. still ssh prompts for the password.
-
klh over 9 yearsAbout ssh, have you tried passing password in connection string? like
nonroot:[email protected]
? Of course things are much easier if you use key auth and key manager. -
E_Ri over 9 yearsExcellent, finally something I can use! Thanks. I use this within a bash script that starts an ssh session and passes sudo commands to the client. My script has lines the resolve to: ssh -t username@hostname bash -c "sudo echo fartjuice"
-
Michael Pankov over 8 yearsIs it possible to avoid sleeping and use something more reliable instead?
-
CAB about 8 yearsAvoid password showing up in process list or log files by putting it in a file and using cat;
'cat pw | sudo -S <command>
, and laterrm pw
. -
CAB about 8 yearsAnother way would be to use netcat and deliver the password over a socket -
nc -l 12345 | sudo -S <command>
. On the sending side;echo myPassord | nc <target> 12345
. This just moves the password handling problem, but presumably to a master console where you have more options. -
Abhishek Yadav almost 8 yearsThis solution is working for Linux only, any suggestion to use same with Unix.
-
Ed Bishop over 7 years
ssh -t -t [email protected] << EOF
echo SOMEPASSWORD | sudo -S do something
sudo do something else
exit
EOF
-
Hangchen Yu about 7 yearsThis is the only one works for me in Fedora. People downvote answers just because they don't work in their situation?
-
notme1560 about 7 years"su: must be run from a terminal" (RPi1B, Raspbian)
-
Jack about 6 yearsIf you can login as user with ssh key, for sudo access is fine: ssh -t user@host "echo mypassword | sudo -S sudocommand"
-
Radon8472 almost 6 yearsLooks nice, but how can I enable the expect command on a maschine without root permissions ?
-
StarCrashr over 5 years@Radon8472 An executable may be added to ~/bin if you don't have permissions to install it. If your system does not automatically add ~/bin to your PATH, you may do so manually with export PATH="$PATH:~/bin" or add that command to your profile to do it automatically. If you don't want to change your PATH, you may instead execute the command using its absolute path: ~/bin/expect [arguments] Be sure to remember to set its executable bit: chmod +x ~/bin/expect
-
moutonjr over 4 yearsUnfortunately this doesn't in recent versions of
su
, which reads password from stdio instead.