SSH login with clear text password as a parameter?
Solution 1
On Ubuntu, install the sshpass
package, then use it like this:
sshpass -p 'YourPassword' ssh user@host
sshpass
also supports passing the keyboard-interactive password from a file or an environment variable, which might be a more appropriate option in any situation where security is relevant. See man sshpass
for the details.
Solution 2
If your alternative is to put a password into a script or ssh
command line or plain text file, then you're MUCH better off using an ssh
key instead. Either way, anyone who has access to the account where the ssh
client script is stored would be able to use that to get into the server, but at least in the case of an ssh
key, OpenSSH supports it properly, you don't grant access by other means than ssh
, it's more easily revoked if necessary, etc...
You will have to explain why you have a requirement to not use an ssh key.
Consider also using a forced command (command="..."
in the .ssh/authorized_keys
file) so that the client only has access to run the command they need on the server rather than a full shell.
Solution 3
First of, like the other respondents, I recommend just using ssh keys. But I will assume that the person controlling the server is simply not going to allow you to use ssh key authentication and you must use password authentication.
You can use ControlMaster and ControlPath.
Let A be the server that you won't have access to (think continuous integration server like Bamboo) and C be the remote host running Ubuntu.
Now let B be some computer that you control. If you can not provide a suitable B computer, this answer will not work.
- Create a key pair and add the public part to B's authorized_keys file. Give A the private key. Now you can log into B from A without a password.
- On B manually
ssh -M -S /tmp/controlpath C
and enter your password at the prompt. After that you should be able to log into C from A without a passwordssh -S /tmp/controlpath C
.
In the script on A you can write ssh B ssh C dostuff
.
Every time you reboot B, you will have to reestablish the connection ssh -M -S /tmp/controlpath C
.
Related videos on Youtube
mmla
Updated on September 18, 2022Comments
-
mmla over 1 year
I need to login to a user that I've created on a remote host running Ubuntu. I can't use an
ssh
key because the ssh login will happen from a bash script ran within a server that I won't have access to (think continuous integration server like Bamboo).I understand this isn't an ideal practice, but I want to either set the remote host to not ask for the password or be able to login with something like
ssh --passsword foobar user@host
, kind of like MySQL allows you to do for logins.I'm not finding this in
man ssh
and I'm open to any alternatives to getting around this issue.-
Ciro Santilli Путлер Капут 六四事 over 8 years
-
Vadim Sluzky over 7 yearsThe secure way is to generate SSH key with ssh-keygen -t rsa -b 2048 and use this key to log into the remote server as alternative you can install "sshpash" and then you can ssh your machine with following command sshpass -p 'password' ssh username@servername
-
AhmadKarim about 7 yearsThe question this is redirected to is not the same as this one. This one is asking for a way to initiate an interactive session.
-
-
mmla almost 12 yearsThe remote host is actually a VM used by other engineers with no resources worth risking other than copies of test automation code. For the sake of the discussion, let say the only access I have is to add the script file, not add ssh keys in
~/.ssh/
. -
Celada almost 12 yearsThat's highly contrived. A somewhat less contrived scenario would be that a misguided administrator of the server disabled ssh key logins (
PubkeyAuthentication no
in/etc/ssh/sshd_config
). In either case, the better solution is to fix the underlying problem that prevents you from doing ssh key logins. Failing that, consult the question pointed to by Gilles. -
phemmer almost 12 years@MichaelM you dont have to add ssh keys in
~/.ssh/
. Add the key wherever you want and usessh -i /path/to/id_rsa
-
jippie almost 12 yearsLoging in to a server with a keypair is much easier to script than a password. If it is the first time you're setting up keys for use with SSH, you might want to look for a good howto.
-
emory almost 12 years@MichaelM if the only access you have is to add the script file, then you can hardcode the key in the script file:
echo -----BEGIN RSA PRIVATE KEY----- > ${IDENTITY_FILE} ; echo MIIEoQIBAAKCAQEAv1tQry1qWlLn1Kp3uX2/4bT0z9Cbre/zj1fnchVinPqBHrd1 >> ${IDENTIFY_FILE} ...
-
Michael Sondergaard about 11 yearsAlthought is not recommended and not a good practice this is exactly the answer to the question. Consider using keys as stated above. But if there's a major tech issue this is the solution asked
-
Henley about 10 yearsI only upvote the answer. Not "rational why don't you do it this way instead" answers. Just the answer. hence, I upvoted you :)
-
Vality almost 10 yearsSorry to revive this old thread, but I have a real application here, I am trying to ssh into a machine with a read only file-system (read only as it is rom) and no ramdisks. It does not have any public keys on it so am stuck...
-
Celada almost 10 years@Vality if it is truly read-only, how did you set your password on this system in the first place? Or was the root password factory-installed and unchangeable? Sounds pretty scary. Usually these types of systems have a small read-write storage area to store configuration, etc... In any case, if that's what you have to work with, maybe you could use a long-lived session with a master socket (look up command line option
-M
) which you set up once manually and then your script is a slave connection piggybacked on that session. -
Vality almost 10 years@Celada as you say, the device has a preset root password and this cannot be changed (without perhaps physically modifying he device). (unfortunately the password is not at all strong either which concerns me also). However that looks like a really interesting idea, I had not seen that option before, I shall have a read of the man pages for it. Thanks, that is really handy.
-
wchargin over 9 yearsAlso note that other users on your machine will probably be able to see your password by running
w
. -
user2936306 over 9 years@WChargin For a more detailed explanation of how to "secure" the password from process listings by other users, have a look at this similar question.
-
Andrew Wolfe about 9 yearsI don't completely hate sshpass, in fact I'm using it on a temporary basis. However using '-p' is unnecessary and undesirable. Set the variable SSHPASS first and then do sshpass -e ssh <ssh-args>.
-
Saral Garg over 8 yearsHow about CentOS - which doesn't have sshpass?
-
brianpeiris almost 8 yearsssh-copy-id makes this effortless. Just run
ssh-copy-id username@hostname
-
Vicky Dev over 7 yearsHow to install
sshpass
in Ubuntu 14.04, by default package not found byapt-get
, so how to do it ? -
user2936306 over 7 years@VickyDev The
sshpass
package is part of theuniverse
repository. Once enabled, you can install it normally usingapt
. -
Shicheng Guo about 7 yearsNot works if there are special character in the passwd, such "/","\", "?" and so on.
-
user2936306 about 7 years@ShichengGuo try using the
-f filename
switch, which allows you to store the password in a file. See man sshpass for details. -
L. Holanda about 7 yearsStackexchanges answer should answer the question not argue the question is correct. I have a valid scenario for this. I need to setup my
~/.ssh/authorized_keys
in 95 different boxes. I wrote a script to push my authorized_keys file automatically, but still prompts for password. Having the script to prompt for the password once in the beginning would be nicer. -
flarn2006 over 5 years> You will have to explain why you have a requirement to not use an ssh key. Sorry, I have to downvote this. If you know the answer to the question, just give the answer.
-
Nick over 5 yearsI agree with flarn2006. You cannot say "this question is dumb so here's an answer to a different question because I think it's a better question and I know the answer to it".
-
Aaa almost 4 yearsIf a device simply does not have a supported way to set up public key auth - and those do exist - then being on the high horse and preaching public key auth really doesn't help there. Hence the upvote on the actual answer with sshpass.
-
Fabian Röling over 3 yearsThis answer also works on Manjaro (Arch-based).