How can I automate SSH login to Linux servers with password provided in the terminal or file?. If you have Linux servers which accept password authentication for ssh you can actually automate login so you’re not prompted for password when logging in to the system. The configuration to enable SSH password authentication in a Linux server is:
If you change sshd configuration file service restart is required.
### CentOS / Fedora ### $ sudo systemctl restart sshd ### Ubuntu / Debian ### $ sudo systemctl restart ssh
I’ve configured my SSH client as below to disable StrictHostKeyChecking and set other settings.
$ vim ~/.ssh/config Host * UserKnownHostsFile /dev/null StrictHostKeyChecking no IdentitiesOnly yes ConnectTimeout 0 ServerAliveInterval 300
Install sshpass utility
To pass user password in the console we need to install sshpass utility which enables you to manage SSH connections in scripts. This utility is designed to run SSH using the keyboard-interactive password authentication mode, but in a non-interactive way.
To install sshpass run the following commands:
### CentOS / Fedora ### $ sudo yum install sshpass ### Debian / Ubuntu ### $ sudo apt update $ sudo apt-get install sshpass
Automate SSH Password Login with sshpass
Once the utility is installed you can use it to automate ssh login in your scripts. The command usage help page is as shown below.
$ sshpass --help sshpass: invalid option -- '-' Usage: sshpass [-f|-d|-p|-e] [-hV] command parameters -f filename Take password to use from file -d number Use number as file descriptor for getting password -p password Provide password as argument (security unwise) -e Password is passed as env-var "SSHPASS" With no parameters - password will be taken from stdin -P prompt Which string should sshpass search for to detect a password prompt -v Be verbose about what you're doing -h Show help (this screen) -V Print version information At most one of -f, -d, -p or -e should be used
See this simple usage example:
$ sshpass -p your_ssh_user_password ssh [email protected]_or_ip
If I’m logging in to the server with IP address 172.20.21.200 as jmutai user with password [email protected] I’ll run:
$ sshpass -p '[email protected]' ssh [email protected]
Providing SSH Password in file
You can also use password saved in file with the -f command option. See below example.
$ echo '[email protected]' >ssh_pass_file $ chmod 0400 ssh_pass_file $ sshpass -f ssh_pass_file ssh [email protected]
Automate copying of SSH keys to multiple servers
If you have multiple servers and would like to automate copying of SSH public keys to the servers, first create a file with all remote servers.
$ vim /tmp/servers 172.20.21.200 172.20.21.201 172.20.21.202 172.20.21.203 172.20.21.204
The use while loop to copy SSH keys:
cat /tmp/servers | while read line; do sshpass -p 'SSH_USER_PASSWORD' ssh-copy-id <USERNAME>@$line; done
cat /tmp/servers | while read line; do sshpass -p '[email protected]' ssh-copy-id [email protected]$line; done
You should now be able to login to server without being asked for a password:
$ ssh [email protected] Warning: Permanently added '172.20.21.201' (ECDSA) to the list of known hosts. We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things: #1) Respect the privacy of others. #2) Think before you type. #3) With great power comes great responsibility. [[email protected]~]$
Using sshpass with rsync
This is an example on how to automate rsync operations using sshpass:
SSHPASS='[email protected]' rsync --rsh="sshpass -e ssh -l username" /mydir/ host.example.com:/mydir/
The above uses the -e option, which passes the password to the environment variable SSHPASS. The -f switch can be used like this:
rsync --rsh="sshpass -f ssh_pass_file ssh -l username" /mydir/ host.example.com:/mydir/
Using sshpass with scp
This is another example on copying files to remote server with SSH password.
scp -r /mydir --rsh="sshpass -f ssh_pass_file ssh -l username" host.example.com:/mydir
As shown in this article sshpass is a nice tool that sysadmins can use to automate ssh related operations from command line and in administrative scripts. Please note the most secure form of SSH authentication is public-key authentication and not password authentication.