Provide password to ssh command inside bash script, Without the usage of public keys and Expect
First of all: Don't put secrets in clear text unless you know why it is a safe thing to do (i.e. you have assessed what damage can be done by an attacker knowing the secret).
If you are ok with putting secrets in your script, you could ship an ssh key with it and execute in an ssh-agent
shell:
#!/usr/bin/env ssh-agent /usr/bin/env bash
KEYFILE=`mktemp`
cat << EOF > ${KEYFILE}
-----BEGIN RSA PRIVATE KEY-----
[.......]
EOF
ssh-add ${KEYFILE}
# do your ssh things here...
# Remove the key file.
rm -f ${KEYFILE}
A benefit of using ssh keys is that you can easily use forced commands to limit what the keyholder can do on the server.
A more secure approach would be to let the script run ssh-keygen -f ~/.ssh/my-script-key
to create a private key specific for this purpose, but then you would also need a routine for adding the public key to the server.
Use Expect in a Bash script to provide a password to an SSH command
Mixing Bash and Expect is not a good way to achieve the desired effect. I'd try to use only Expect:
#!/usr/bin/expect
eval spawn ssh -oStrictHostKeyChecking=no -oCheckHostIP=no usr@$myhost.example.com
# Use the correct prompt
set prompt ":|#|\\\$"
interact -o -nobuffer -re $prompt return
send "my_password\r"
interact -o -nobuffer -re $prompt return
send "my_command1\r"
interact -o -nobuffer -re $prompt return
send "my_command2\r"
interact
Sample solution for bash could be:
#!/bin/bash
/usr/bin/expect -c 'expect "\n" { eval spawn ssh -oStrictHostKeyChecking=no -oCheckHostIP=no usr@$myhost.example.com; interact }'
This will wait for Enter and then return to (for a moment) the interactive session.
Using 'expect' command to pass password to SSH running script remotely
You are doing it wrong in two means:
If you want
expect
to interact withssh
, you need to startssh
fromexpect
script and not before.If you put the script (
/path/to/script/test.sh
) tostdin
ofssh
, you can't communicate with thessh
process any more.
You should rather copy the script to remote host using scp and then run it.
Expect script might look like this:
/usr/bin/expect <<EOF
spawn ssh -p$port root@$ip
expect "password"
send "$Spass\r"
expect "$ "
send "/path/to/script/on/remote/server/test.sh\r"
expect "$ "
interact
EOF
Automate SSH without using public key authentication or expect(1)
Use sshpass
.
For example, when password is in password.txt
file:
sshpass -fpassword.txt ssh username@hostname
(taken from the answer to a similar question)
Pass a password to ssh in pure bash
Since there were no exact answers to my question, I made some investigation why my code doesn't work when there are other solutions that works, and decided to post what I found to complete the subject.
As it turns out:
"ssh uses direct TTY access to make sure that the password is indeed
issued by an interactive keyboard user." sshpass manpage
which answers the question, why the pipes don't work in this case. The obvious solution was to create conditions so that ssh
"thought" that it is run in the regular terminal and since it may be accomplished by simple posix
functions, it is beyond what simple bash
offers.
How to pass the password to su/sudo/ssh without overriding the TTY?
For sudo there is a -S option for accepting the password from standard input. Here is the man entry:
-S The -S (stdin) option causes sudo to read the password from
the standard input instead of the terminal device.
This will allow you to run a command like:
echo myPassword | sudo -S ls /tmp
As for ssh, I have made many attempts to automate/script it's usage with no success. There doesn't seem to be any build-in way to pass the password into the command without prompting. As others have mentioned, the "expect" utility seems like it is aimed at addressing this dilemma but ultimately, setting up the correct private-key authorization is the correct way to go when attempting to automate this.
Related Topics
Why Docker Has Ability to Run Different Linux Distribution
What's an Alternative for Dtrace on Linux
Portable Way to Get File Size (In Bytes) in the Shell
How to Call Matlab Functions from the Linux Command Line
When Setting Ifs to Split on Newlines, Why Is It Necessary to Include a Backspace
Remove Odd or Even Lines from a Text File
Linux Command History with Date and Time
Linux Command Line Howto Accept Pairing for Bluetooth Device Without Pin
Walking Page Tables of a Process in Linux
How to Capture All of My Compiler's Output to a File
How to Start Tomcat with Output on Console in Linux
What Is a Way to Read Man Pages in Vim Without Using Temporary Files
Parameter for Shell Scripts That Is Started with Qsub
How to Post Raw Body Data with Curl
Manage Source Under Git and Svn Simultanously - Does It Make Sense