How can I automate SSH login to Linux servers with password provided in the terminal or file?. If you have Linux servers which accept password authentication for ssh you can actually automate login so you’re not prompted for password when logging in to the system. The configuration to enable SSH password authentication in a Linux server is:
PasswordAuthentication yesIf you change sshd configuration file service restart is required.
### CentOS / Fedora ###
$ sudo systemctl restart sshd
### Ubuntu / Debian ###
$ sudo systemctl restart sshI’ve configured my SSH client as below to disable StrictHostKeyChecking and set other settings.
$ vim ~/.ssh/config
Host *
UserKnownHostsFile /dev/null
StrictHostKeyChecking no
IdentitiesOnly yes
ConnectTimeout 0
ServerAliveInterval 300Install sshpass utility
To pass user password in the console we need to install sshpass utility which enables you to manage SSH connections in scripts. This utility is designed to run SSH using the keyboard-interactive password authentication mode, but in a non-interactive way.
To install sshpass run the following commands:
### CentOS / Fedora ###
sudo yum install sshpass
### Debian / Ubuntu ###
sudo apt update
sudo apt install sshpassAutomate SSH Password Login with sshpass
Once the utility is installed you can use it to automate ssh login in your scripts. The command usage help page is as shown below.
$ sshpass --help
sshpass: invalid option -- '-'
Usage: sshpass [-f|-d|-p|-e] [-hV] command parameters
-f filename Take password to use from file
-d number Use number as file descriptor for getting password
-p password Provide password as argument (security unwise)
-e Password is passed as env-var "SSHPASS"
With no parameters - password will be taken from stdin
-P prompt Which string should sshpass search for to detect a password prompt
-v Be verbose about what you're doing
-h Show help (this screen)
-V Print version information
At most one of -f, -d, -p or -e should be usedSee this simple usage example:
sshpass -p your_ssh_user_password ssh username@hostname_or_ipIf I’m logging in to the server with IP address 192.168.1.180 as cloudspinx user with password MyStrongSSHP@ssword I’ll run:
sshpass -p 'MyStrongSSHP@ssword' ssh [email protected]Providing SSH Password in file
You can also use password saved in file with the -f command option. See below example.
echo 'MyStrongSSHP@ssword' >ssh_pass_file
chmod 0400 ssh_pass_file
sshpass -f ssh_pass_file ssh [email protected]Automate copying of SSH keys to multiple servers
If you have multiple servers and would like to automate copying of SSH public keys to the servers, first create a file with all remote servers.
$ vim /tmp/servers
192.168.1.180
192.168.1.182
192.168.1.183
192.168.1.190
192.168.1.191The use while loop to copy SSH keys:
cat /tmp/servers | while read line; do
sshpass -p 'SSH_USER_PASSWORD' ssh-copy-id <USERNAME>@$line;
doneExample:
cat /tmp/servers | while read line; do
sshpass -p 'MySSHP@ssword' ssh-copy-id cloudspinx@$line;
doneYou should now be able to login to server without being asked for a password:
$ ssh [email protected]
Warning: Permanently added '172.20.21.201' (ECDSA) to the list of known hosts.
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[cloudspinx@rocky9~]$ Using sshpass with rsync
This is an example on how to automate rsync operations using sshpass:
SSHPASS='MySSHP@ssword' rsync --rsh="sshpass -e ssh -l username" /mydir/ host.example.com:/mydir/The above uses the -e option, which passes the password to the environment variable SSHPASS. The -f switch can be used like this:
rsync --rsh="sshpass -f ssh_pass_file ssh -l username" /mydir/ host.example.com:/mydir/Using sshpass with scp
This is another example on copying files to remote server with SSH password.
scp -r /mydir --rsh="sshpass -f ssh_pass_file ssh -l username" host.example.com:/mydirConclusion
As shown in this article sshpass is a nice tool that sysadmins can use to automate ssh related operations from command line and in administrative scripts. Please note the most secure form of SSH authentication is public-key authentication and not password authentication.
