125

I need to login to a user that I've created on a remote host running Ubuntu. I can't use an ssh key because the ssh login will happen from a bash script ran within a server that I won't have access to (think continuous integration server like Bamboo).

I understand this isn't an ideal practice, but I want to either set the remote host to not ask for the password or be able to login with something like ssh --passsword foobar user@host, kind of like MySQL allows you to do for logins.

I'm not finding this in man ssh and I'm open to any alternatives to getting around this issue.

Kalle Richter
  • 2,192
mmla
  • 1,377
  • http://serverfault.com/questions/241588/how-to-automate-ssh-login-with-password – Ciro Santilli OurBigBook.com Nov 30 '15 at 21:23
  • The secure way is to generate SSH key with ssh-keygen -t rsa -b 2048 and use this key to log into the remote server as alternative you can install "sshpash" and then you can ssh your machine with following command sshpass -p 'password' ssh username@servername – Vadim Sluzky Sep 08 '16 at 14:40
  • 1
    The question this is redirected to is not the same as this one. This one is asking for a way to initiate an interactive session. – Chris Quenelle Feb 21 '17 at 19:02

3 Answers3

202

On Ubuntu, install the sshpass package, then use it like this: 

sshpass -p 'YourPassword' ssh user@host

sshpass also supports passing the keyboard-interactive password from a file or an environment variable, which might be a more appropriate option in any situation where security is relevant. See man sshpass for the details.

likeitlikeit
  • 2,349
20

If your alternative is to put a password into a script or ssh command line or plain text file, then you're MUCH better off using an ssh key instead. Either way, anyone who has access to the account where the ssh client script is stored would be able to use that to get into the server, but at least in the case of an ssh key, OpenSSH supports it properly, you don't grant access by other means than ssh, it's more easily revoked if necessary, etc...

You will have to explain why you have a requirement to not use an ssh key.

Consider also using a forced command (command="..." in the .ssh/authorized_keys file) so that the client only has access to run the command they need on the server rather than a full shell.

G-Man Says 'Reinstate Monica'
  • 22,870
Celada
  • 44,132
  • 6
    The remote host is actually a VM used by other engineers with no resources worth risking other than copies of test automation code. For the sake of the discussion, let say the only access I have is to add the script file, not add ssh keys in ~/.ssh/. – mmla May 16 '12 at 00:20
  • Also worth noting, the user to be logged in is a dummy user too. – mmla May 16 '12 at 00:28
  • 7
    That's highly contrived. A somewhat less contrived scenario would be that a misguided administrator of the server disabled ssh key logins (PubkeyAuthentication no in /etc/ssh/sshd_config). In either case, the better solution is to fix the underlying problem that prevents you from doing ssh key logins. Failing that, consult the question pointed to by Gilles. – Celada May 16 '12 at 00:29
  • 3
    @MichaelM you dont have to add ssh keys in ~/.ssh/. Add the key wherever you want and use ssh -i /path/to/id_rsa – phemmer May 16 '12 at 02:27
  • 2
    Loging in to a server with a keypair is much easier to script than a password. If it is the first time you're setting up keys for use with SSH, you might want to look for a good howto. – jippie May 16 '12 at 06:58
  • 1
    @MichaelM if the only access you have is to add the script file, then you can hardcode the key in the script file: echo -----BEGIN RSA PRIVATE KEY----- > ${IDENTITY_FILE} ; echo MIIEoQIBAAKCAQEAv1tQry1qWlLn1Kp3uX2/4bT0z9Cbre/zj1fnchVinPqBHrd1 >> ${IDENTIFY_FILE} ... – emory May 18 '12 at 00:20
  • 1
    Sorry to revive this old thread, but I have a real application here, I am trying to ssh into a machine with a read only file-system (read only as it is rom) and no ramdisks. It does not have any public keys on it so am stuck... – Vality Jun 24 '14 at 14:13
  • @Vality if it is truly read-only, how did you set your password on this system in the first place? Or was the root password factory-installed and unchangeable? Sounds pretty scary. Usually these types of systems have a small read-write storage area to store configuration, etc... In any case, if that's what you have to work with, maybe you could use a long-lived session with a master socket (look up command line option -M) which you set up once manually and then your script is a slave connection piggybacked on that session. – Celada Jun 24 '14 at 18:32
  • @Celada as you say, the device has a preset root password and this cannot be changed (without perhaps physically modifying he device). (unfortunately the password is not at all strong either which concerns me also). However that looks like a really interesting idea, I had not seen that option before, I shall have a read of the man pages for it. Thanks, that is really handy. – Vality Jun 24 '14 at 19:39
  • ssh-copy-id makes this effortless. Just run ssh-copy-id username@hostname – brianpeiris Jun 02 '16 at 22:59
  • 8
    Stackexchanges answer should answer the question not argue the question is correct. I have a valid scenario for this. I need to setup my ~/.ssh/authorized_keys in 95 different boxes. I wrote a script to push my authorized_keys file automatically, but still prompts for password. Having the script to prompt for the password once in the beginning would be nicer. – L. Holanda Apr 26 '17 at 23:33
  • 2

    You will have to explain why you have a requirement to not use an ssh key.

    Sorry, I have to downvote this. If you know the answer to the question, just give the answer.

     – Sparkette Nov 13 '18 at 16:11
  • 11
    I agree with flarn2006. You cannot say "this question is dumb so here's an answer to a different question because I think it's a better question and I know the answer to it". – Nick Dec 13 '18 at 19:43
  • 1
    If a device simply does not have a supported way to set up public key auth - and those do exist - then being on the high horse and preaching public key auth really doesn't help there. Hence the upvote on the actual answer with sshpass. – Aaa Jul 24 '20 at 07:20
11

First of, like the other respondents, I recommend just using ssh keys. But I will assume that the person controlling the server is simply not going to allow you to use ssh key authentication and you must use password authentication.

You can use ControlMaster and ControlPath.

Let A be the server that you won't have access to (think continuous integration server like Bamboo) and C be the remote host running Ubuntu.

Now let B be some computer that you control. If you can not provide a suitable B computer, this answer will not work.

  1. Create a key pair and add the public part to B's authorized_keys file. Give A the private key. Now you can log into B from A without a password.
  2. On B manually ssh -M -S /tmp/controlpath C and enter your password at the prompt. After that you should be able to log into C from A without a password ssh -S /tmp/controlpath C.

In the script on A you can write ssh B ssh C dostuff.

Every time you reboot B, you will have to reestablish the connection ssh -M -S /tmp/controlpath C.

Jeff Schaller
  • 67,283
  • 35
  • 116
  • 255
emory
  • 472