Tell me please. There is a script for auto-heating to the server. there is a type command

ssh $SSH_HOST

Next, you need to enter a password and continue reading the script and execution of commands.

How can I submit the password in the script and be automatically substituted? Thank!

  • 2
    You can do it, but is not it easier to put the public key? - zb '
  • @ennet, look toward expect . Or, search the network utility sshpass (or write an analogue for yourself). In any case, it is necessary to communicate with ssh through a pseudo-terminal (it does not understand other interfaces). - avp

3 answers 3

it's bad to be like this :)

 ssh-keygen -b 2048 -t rsa cp ~/.ssh/id_rsa.pub ~/.ssh/authorized_keys ssh-copy-id <user>@<hostname> ssh <user>@<hostname>

upd: yes, cp optional, and even not needed on the source host :) sorry :)

  • Only here after that it will always be possible to go from this machine to the hostname without a password (of course, to the user and from the same local account). This is not always good. - avp
  • eg? Normally for deployment, a separate user is made who has only certain rights, a separate user is also on the source host, you can not set a password for him, then you will not be able to login to it, i.e. no root user will be able to go under it (su <user> does not roll already) ... completely securitiously and safely. Or do you want to say that entering a password in the shell is better? ;) - thunder
  • @thunder, you have everything in theory (as it should be). - And in practice, usually everyone makes a root and from under the root. On a heap of remote machines at once (even if there is no direct rutovnogo call on the network for them). And then they forget to change passwords or wipe something .... And the machine with which they put is available with a root approach to many physically different employees. And the open root password in the script is also very bad. - avp
  • @avp well, it works for me in practice, so I’m sharing how to do it :) I will not insist, but I try to send it in the right direction. on my external servers, the root password was drunk right after adding my working user, login under root was also drunk, only key authorization was enabled, everything that shouldn't look out was closed ... and banning by IP for a day ... without this, brute forcers were constantly breaking, now there is almost no ... very rarely anyone walks ... - thunder
  • one
    By the way, I’m not saying that the password of 99% will be displayed in the system logs :) but also bash history logs ... - thunder

sshpass here

Well, or expect (brutal crutch).

But it is more correct (as it seems to me) after all through the key.

    You can run the script with a parameter (password) like this - sh run.sh pass

    And inside get it -

     PASS=$1 echo PASS

    $ 1 is the first input argument for the script, you can also pass several arguments using $ 1 $ 2 $ 3 ...

    • ssh, this password will not be transmitted, either with a key — which is correct, or if it’s not at all possible, then expect, and was there some other way (can putty use it under linux?), but I don’t remember. - zb '
    • oily ssh user:password@hostname ? and not, so, too, not a ride :) - thunder
    • you need to install a third-party sshpass utility, then you will be able to: sshpass -p <password> ssh user@hostname - thunder
    • Well, about expect, read and watch examples [here] [1] [1]: en.wikipedia.org/wiki/Expect - thunder