2

I'm writting a shell script and I want to automate login into a remote machine using ssh-copy-id, so manually when I print :

ssh-copy-id -i /root/.ssh/id_rsa $2@$4 -p $3 | echo $1

$1 refer to password, $2 refer to username, $3 refer to port, and $4 refer to ip, It is ok with that, the problem is that I have to automate inserting password after : 

ssh-copy-id -i /root/.ssh/id_rsa $2@$4 -p $3

I add this "| printf $1", but it does not work it shows "password:" in the screen and still wait for the password .. I hope you understand me and thank you.

mosab
  • 207
  • 1
  • 4
  • 13
  • 1
    I don't see why you need to automate `ssh-copy-id` like that. `ssh-copy-id` is used to enable logging in to remote ssh server via a ssh key. That is, you execute `ssh-copy-id` _once_, and then login normally using `ssh`. – redneb Sep 01 '16 at 15:09
  • I have a lot of servers, and every week a lot of servers comes so, that's why I want to automate logging. – mosab Sep 01 '16 at 15:29
  • Try the other way around: `echo $1|ssh-copy-id -i /root/.ssh/id_rsa $2@$4 -p $3` – Leon Sep 01 '16 at 15:43
  • still not working ... – mosab Sep 01 '16 at 16:38
  • Possible duplicate of [Embedding the Password in the Bash Script](http://stackoverflow.com/questions/39242031/embedding-the-password-in-the-bash-script) – Jakuje Sep 01 '16 at 19:23
  • I don't think it's a duplicate of that. `ssh-copy-id` is used when we want to setup a key-based authentication and we haven't done that already. So the solution from that thread does not help in this case. – redneb Sep 01 '16 at 20:12

2 Answers2

3

As @Leon pointed out, you had the pipeline backwards. But even if you do it with the correct order, it will still not work because ssh-copy-id (and all other programs from openssh) do not read passwords from their stdin. The solution is to use the $SSH_ASKPASS environment variable. You can do that as follows: first, create an auxiliary script, say /var/tmp/ssh-pass.sh (actually find a better name than that), with the following contents:

#!/bin/sh                                                                    
echo "$PASS"

Then you can use the following command to accomplish what you've asked for:

PASS="$1" SSH_ASKPASS="/var/tmp/ssh-pass.sh" setsid -w ssh-copy-id -i /root/.ssh/id_rsa "$2"@"$4" -p "$3"

Explanation: we use setsid -w to disassociate the ssh-copy-id process from the currently used terminal. That forces ssh-copy-id to run the executable specified in the $SSH_ASKPASS in order to obtain the password. We have specified our own script in that variable, so ssh-copy-id will execute just that. Now the script is supposed to provide the password to ssh-copy-id by printing it to its stdout. We use the $PASS variable to the password to the script, so the script just prints that variable.

redneb
  • 21,794
  • 6
  • 42
  • 54
  • Is it possible to do this without the auxiliary script, i.e. `... SSH_ASKPASS="$(echo \"$PASS\")" set-copy-id ...`? That is to say, to make the script self-contained? – Greenonline Oct 20 '22 at 08:16
  • It doesn't look like it: openssh expects that `SSH_ASKPASS` contains the name or path of an executable file because it uses the [execlp](https://github.com/openssh/openssh-portable/blob/25c8a2bbcc10c493d27faea57c42a6bf13fa51f2/readpass.c#L80) function to run it and it doesn't give you a way to pass custom arguments to it. – redneb Oct 29 '22 at 17:42
1

2020 / Mac OS X:

Install sshpass (original answer)

brew install hudochenkov/sshpass/sshpass

Run ssh-copy-id using sshpass and with the password as an arg

sshpass -p $1 ssh-copy-id -i ~/PATH/TO/KEY $2@$4 -p $3

If you want to turn off strict host checking as well, use the -o flag, which is passed to the underlying ssh:

sshpass -p hunter2 ssh-copy-id -o StrictHostKeyChecking=no -i ~/PATH/TO/KEY $2@$4 -p $3

I tried the solution by @redneb, and installed setsid through util-linux by following this answer, but kept receiving a password denied.

I found this strategy to work for uploading my SSH key while setting up multiple raspberry pis in successino. In my script, I also run ssh-keygen -R raspberrypi.local each time too, to avoid the The ECDSA host key for raspberrypi.local has changed error.

Brian Chan
  • 160
  • 2
  • 7