0

I'm figuring out how to best create a bash script that accepts username, password and host as input and can then use ssh/rsync/scp to connect. It seems that these programs only accept password that is given by the user via prompt.

Note: I am well familiar with SSH keys - my use case is a situation where one wants to programmatically place an SSH key to a server where a key does not exist.

My current solution is to use expect to answer the password prompt with the correct password (and provide all other information as parameters).

See https://gist.github.com/elnygren/965a6db4f3fd8e242e90

meuh
  • 11,500
  • 2
  • 29
  • 45
elnygren
  • 5,000
  • 4
  • 20
  • 31
  • 1
    You may also be interesed in `ssh-copy-id [user@]machine` which copies ssh keys (and yes, it prompts you for a password). – meuh Jul 15 '15 at 11:35
  • 1
    @meuh to amplify your comment, you only need to run `ssh-copy-id` once for each target machine. So although it prompts for a password, you can do them all in one shot and then not have to worry about them again. – msw Jul 15 '15 at 12:22
  • these are good points; however my use case is in an automation script where a lot of servers are created and I receive the root password for each server during creation (in API response). The password is different for every server. Using ssh-copy-id in the expect script might be interesting though... – elnygren Jul 15 '15 at 13:54

2 Answers2

1

If you do not mind your password being visible to other users you could use sshpass as suggested in this answer:

sshpass -p<password> ssh <arguments>
Community
  • 1
  • 1
tomsv
  • 7,207
  • 6
  • 55
  • 88
  • sshpass was something I considered; however, it does not ship with most systems and would be an extra dependency for my users to install. It seems to suit the job well though and most package managers have it. Interestingly, Homebrew (OSX) decided to leave it out due to security implications. – elnygren Jul 15 '15 at 13:56
  • It does have security implications such as making the password visible to other users on the machine. macports for OS X nevertheless has sshpass. – tomsv Jul 15 '15 at 14:08
1

The best solution for jobs like these (connecting anything over SSH, be it ssh itself, scp or rsync) is to use keys for authentification.

Then you can add your key to the auth manager (or just leave it without passphrase, but then be careful!) and use it to connect to the host.

glglgl
  • 89,107
  • 13
  • 149
  • 217
  • You are correct obviously correct. However, what if a server does not have any public keys in place ? I'm working on an automation script that creates new servers and receives root password from an API upon creation. – elnygren Jul 15 '15 at 13:59
  • Sure, if keys are present it would be best to use those. But I do not understand how the OP can solve "my use case is a situation where one wants to programmatically place an SSH key to a server where a key does not exist" by assuming those keys are already present. – tomsv Jul 15 '15 at 14:11
  • @tomsv I really should become accustomed to reading the question completely before answering... – glglgl Jul 15 '15 at 14:24