Paswordless Rsync Over SSH Without Key Authentication [Un-Safe]

bash ssh rsync

63,714

Solution 1

maybe try sshpass.

seems simple enough to use... it's available through apt as well.

I was looking for something like this before I copied my keys around, but since I've got my key everywhere I need already anyway, I haven't taken the time to try this.

Do note the disclaimer on that tutorial there regarding the visibility of your password though.

For everyone who needs to do this:

sshpass -p 'sshpassword' rsync --progress -avz -e ssh test@remhost:~/something/ ~/bak/

Solution 2

A variation on your solution which is more secure to security threats is to store your password in a file with tight permissions and use the -f flag with shpass:

sshpass -f '/home/me/.password' rsync --progress -avz -e ssh
test@remhost:~/something/ ~/bak/

The difference is that listing the running processes will not show your password in the command line, it will now only show the path to the file in which your password is.

Solution 3

I found that sshpass works, but since the termanal says SSHPASS read: Enter passphrase for key '/home/ubuntu/.ssh/id_rsa': you need to run it something like this:

sshpass -P passphrase -p 'password' rsync /path/to hostname:/destination/path -av --progress -e ssh

Where -P specifies which prompt to look for I found that out by running sshpass -v and finding out its looking for the phrase password which isn't there.

Solution 4

I can't imagine any situation where public-key authentication without passphrase wouldn't be the better solution for autmated ssh/rsync logins.

Anyway expect should be a way to achieve what you want to do. You can't pipe the password to ssh, but this is something very similar. How to do so, is answered here at stackoverflow.

View more solutions

63,714

Author by

Sorin-Mihai Oprea

Updated on September 18, 2022

Comments

Sorin-Mihai Oprea over 1 year
I want to set up an RSync job that would connect through SSH.

I have my computer ( backup@myhost ) and the remote host ( test@remhost ) and I need to backup the folder ~/something with all it's contents. The ssh user test only has READ access to all files and folders in the ~/ folder. I want to use rsync to copy the test@remhost:~/something folder to the backup@myhost:~/bak folder.

For this purpose I use the following command via BASH on Ubuntu 11.10 (Oneiric):
```
rsync -avz -e ssh test@remhost:~/something/ ~/bak/
```
After hitting enter I get this:
```
test@remhost's password:
```
I type the password and the rsync works.

I want to make the above command to automatically input the password and pass it as a parameter or to input it automatically and start the job.

I tried executing rsync -avz -e ssh test:password@remhost:~/something/ ~/bak/ but it still asks for the password and it's annoying.

I don't want to hear about any kind of keys (RSA,DSA or any other). I just want a simple command that would log me in and do the job.

EDIT: A possible scenario could be, if public key authentication is disabled and you can't change this. E.g. if you use OpenSSH, you'd need root privileges on the server in order to edit the file sshd_config and to add PubkeyAuthentication yes.

EDIT: This is what finally worked for me:
```
sshpass -p 'sshpassword' rsync --progress -avz -e ssh test@remhost:~/something/ ~/bak/
```
Please note that this method is not considered secure as it sends the password in plain text and it's vulnerable to man-in-the-middle attacks. It is advised to use the key athentication for a stronger security.
- Mike Scott over 12 years
  
  You won't get any answers if you tell people not to tell you the answer.
- LGB over 12 years
  
  This is pointless. What's the problem with the key authentication? If key based authentication is configured, then from that point you have only a simple command which does the job, automatically, exactly that you want. So I can't see what's the problem with this. Storing the password somewhere to specify it "automatically" is one of the biggest security hole I can imagine, what's the point to do that?
- Sorin-Mihai Oprea over 12 years
  
  I don't need anyone to give me lectures on security. I already know the implications. I just have to leave everything on the server as is and not change anything. For your Information I already tried that with keys and it still asks me for the password therefore your argument is invalid!
- lumbric over 12 years
  
  If you have a correct set up with public key authentication without pass phrase, it won't ask for a password. But you are right, public key authentication has to be activated on the server in order to use it (and you need to have root privileges on the server).
- Sorin-Mihai Oprea over 12 years
  
  I have root access on both systems. Presumably you must not change anything on the remote server. There must be a way to address the password as a parameter!
- lumbric over 12 years
  
  No, for good reasons there is no such parameter by default. Look at Migs' answer if you want such a parameter.
- LGB over 12 years
  
  @Sorin Mihai Oprea: Well, if it does not work for you, it's bad? Interesting. For your information: as an internet system engineer working at an ISP we use key based authentication with ssh on more than 100 servers. It works for us, interesting. Don't call something bad just because you don't understand how it works and how it must be configured. If you are right, it would not work for anyone which would attract some attention as a major ssh server implementation bug :) So my agrument is not invalid, just you can't configure it well for some reason. It's not the same, sorry.
- LGB over 12 years
  
  And another thing: if it does not work for you (the key based authentication) you should ask about that: how it must be configured what can be the problem, etc. As it works for many people (including me/us), there should be some problem with your system/configuration which can/should be fixed, if you want. The key here: you don't want to fix it, you want to blame it. Then it's impossible to help if you refuse it. And btw, sorry, I don't want to be personal, it's your choice what you want to use, so forgive me if my comment(s) seems to be offensive, sorry about that. I wanted to help.
- Sorin-Mihai Oprea over 12 years
  
  @LGB: Thank you for your suggestion. I understand that the key based authentication is a lot safer than plain-text password parameterizing (I'm not that stupid) but I wanted to find an easier solution to my problem. The bad thing I referred to is that key authentication takes too long to configure on the remote host. In my case It still asks for the password after I pushed the public key to .ssh/authorized_keys on the remote server and I even restarted the ssh service (and yes I passed my private key as a parameter to rsync) and it still does not work for me!
- jrg over 12 years
  
  @SorinMihaiOprea Then it sounds like you're having some issues with your ssh server.
- Sorin-Mihai Oprea over 12 years
  
  @LGB: Of course it's my choice of what to use and I don't take it personally man. That's why I thought that there should be a way to pass it as a parameter! You have nothing to be sorry about (your comments are not offensive) and I have nothing to forgive! Thank you for your help. It's basically the SSH devs fault for not giving it more flexibility! Let's presume that I don't care about security and just want to do a simple backup copy that would not involve any change to the remote host! I wonder why we are forced to do something when we (presumably) don't need them.
- Sorin-Mihai Oprea over 12 years
  
  @jrg: There is no issue on the ssh server. I have all the access needed but my boss said I am not to make any modification! What would you do in my case? Kick your bosses ass or what? I tried to explain the key login to him, he accepted then added the key and after that seeing that it didn't work he said I should (as in must) pass it as a parameter!
- lumbric over 12 years
  
  @SorinMihaiOprea I would still invest some time finding the problem with the Pubkey method. E.g. try grep Pub /etc/ssh/sshd_config on the server, does this return PubkeyAuthentication yes? (I suppose you use OpenSSH) Or even more helpful might be to run ssh -v user@server!
- jrg over 12 years
  
  @SorinMihaiOprea Tell your boss how insecure it is. Security trumps all else in most industries, and this is one of the simplest things you can implement. (my two cents, I'll just leave it at this)
Sorin-Mihai Oprea over 12 years

Thank you for the suggestion but I actually found sshpass a lot more simpler!
Migs over 12 years

You are most welcome. While I agree with the rest of the folks here that public-key-authentication is the best solution for this matter, sometimes alternative methods are needed, so long as we're aware of the trade-offs when using alternatives.
Sorin-Mihai Oprea over 12 years

Indeed ... but that's why it's called open source right? Multiple flavors ... same result!
Viet Nguyen almost 6 years

This answer better than the accepted answer.
Theodore Howell about 5 years

THANK YOU for not just saying passwords are bad dont use them, some of us on OLDDDD legacy equipment just need these to get by until the new equipment arrives :)