Home Secure Shell (SSH) How To Use sshpass For Non-interactive SSH login In Scripts In Linux And FreeBSD

How To Use sshpass For Non-interactive SSH login In Scripts In Linux And FreeBSD

SSH Password automation with sshpass in shell scripts in Linux and Unix

By sk
1.6k views

In this guide, we will learn what is sshpass utility, how to install sshpass in Linux and FreeBSD systems, and how to use sshpass for non-interactive SSH login in shell scripts in Linux and Unix.

Introduction

As a Linux system administrator, you may need to access remote machines and transfer files between them several times a day. One way to access a remote system is ssh. The two most commonly used SSH authentication methods are password-based method and key-based authentication method.

In password-based authentication method, the users have to manually enter the password each time while authenticating to a remote system. This method is bit tedious and also it is not suitable for automating tasks via scripts. Because, the user still have to manually enter the password every time. So if you want to implement password-based SSH authentication in scripts, you may want to try the sshpass commandline utility.

What is sshpass?

The sshpass utility is designed for running ssh using the keyboard-interactive password authentication mode, but in non-interactive way. To put this in simple terms - sshpass offers non-interactive way to authenticate a SSH session.

SSH uses direct TTY access to make sure that the password is indeed issued by an interactive keyboard user. Sshpass runs ssh in a dedicated tty, fooling it into thinking it is getting the password from an interactive user.

Install sshpass in Linux

The sshpass utility is available in the default repositories of many Linux distributions. For instance, you can use the following command to install sshpass in Arch Linux and its variants such as EndeavourOS, and Manjaro Linux:

$ sudo pacman -S sshpass

Install sshpass in Debian, Ubuntu and its derivatives:

$ sudo apt install sshpass

Install sshpass in Fedora, RHEL, CentOS, AlmaLinux and Rocky Linux:

$ sudo dnf install sshpass

Install sshpass in openSUSE:

$ sudo zypper install sshpass

To Install sshpass in FreeBSD, run the following commands root user:

# cd /usr/ports/security/sshpass/ && make install clean
# pkg install sshpass

A word of caution: All of these methods are highly insecure. All system users can see the password in the commands by simply issuing the ps command. It is NOT RECOMMENDED to use these methods in production. It is better to use key-based SSH authentication instead.

Use sshpass for Non-interactive SSH login

Let us a few examples to understand how we can use sshpass for non-interactive SSH login i.e. without typing the SSH password.

Example 1 - Log in to remote systems via ssh using sshpass

The sshpass can accept password as an argument, or read the password via an environment variable, or read the password from a text file.

Let us see examples for each method.

Provide Password as an argument

To provide password as an argument, use the -p option like below.

$ sshpass -p <remote-password> ssh remoteuser@ip-address

Example:

$ sshpass -p almalinux ssh ostechnix@192.168.1.20

Here,

  • -p almalinux - Provides the password (i.e ubuntu) for the remote system.
  • ostechnix@192.168.1.20 - Remote username and IP address.

Sample output:

Last login: Tue Oct 11 12:33:20 2022 from 192.168.1.101
[ostechnix@Almalinux8CT ~]$ 
Use sshpass for Non-interactive SSH login
Use sshpass for Non-interactive SSH login

You can also execute commands on the remote system without actually logging in it as well.

$ sshpass -p almalinux ssh ostechnix@192.168.1.20 uname -a

Read the following guide to know more on how to run commands on a remote Linux system via SSH.

Provide Password as an Environment variable

In this method, we declare an environment variable called SSHPASS with the remote system's password as its value. This is little bit better than directly providing password as an argument.

First, use the export command to save the password in an environment variable called SSHPASS like below:

$ export SSHPASS=almalinux

And then we provide the password with -e flag like below:

$ sshpass -e ssh ostechnix@192.168.1.20

You can also combine both commands and run them as a single command like below.

$ SSHPASS=almalinux sshpass -e ssh ostechnix@192.168.1.20

This method also exposes the password to the history file and all the users can view it using history command. To protect users from viewing the password, simply clear the bash history.

Read Password from a text file

Append the password in a text file called mypassword.txt with echo command:

$ echo "almalinux" > mypassword.txt

Secure the password file using chmod command:

$ chmod 0400 mypassword.txt

Now, pass the password file to sshpass with -f flag like below:

$ sshpass -f mypassword.txt ssh ostechnix@192.168.1.20

Encrypt Password file using gpg

In the previous example, we saved the password in a plaintext file called "mysshpassword.txt" and pass it using -f flag. We can also encrypt the plaintext password file with gpg.

Append the password in a text file called mysshpassword with echo command:

$ echo "almalinux" > ~/.mysshpassword

Did you notice that I put a dot before mysshpassword? It means I've hidden the password file in my $HOME directory.

Encrypt the password file using gpg command:

$ gpg -c ~/.mysshpassword

You will be asked to enter a passphrase in a new pop-up box. Type the passphrase twice and click OK to close the box.

Remove the plaintext password file:

$ rm ~/.mysshpassword

Now, you can run the commands on remote machine using the following command:

$ gpg -d -q ~/.mysshpassword.gpg | sshpass ssh ostechnix@192.168.1.20 uname -a

Please note that the above command will not ssh into the remote system. It only executes the "uname -a" command in the remote system.

Example 2 - Transfer files using Rsync with sshpass

To transfer a file from the local system to a remote system using Rsync over SSH, run:

$ rsync ~/file.txt --rsh="sshpass -p almalinux ssh -l ostechnix" 192.168.1.20:/home/ostechnix/

You can also use the -e option as shown in Example 1 section to transfer files in a marginally less exposed way.

$ export SSHPASS=almalinux
$ rsync ~/file.txt --rsh="sshpass -e ssh -l ostechnix" 192.168.1.20:/home/ostechnix/

Example 3 - Copy files using scp with sshpass

We can use sshpass along with scp command to copy files between local and remote systems in non-interactive mode.

$ scp ~/file.txt --rsh="sshpass -p almalinux ssh -l ostechnix" 192.168.1.20:/home/ostechnix/

Example 4 - SSH Password automation with sshpass in shell scripts

In the previous sections, we discussed how to login to a remote via SSH in a non-interactive way using sshpass. Now let us see how to use sshpass to manage SSH connections in shell scripts.

Create a new script called diskusage_sript.sh with the following contents in it.

#!/usr/bin/env bash

#-------------------------------------------------------
#Author: Ostechnix
#Purpose: Report file system disk space usage of remote systems 
#-------------------------------------------------------
SSHPASS=almalinux sshpass -e ssh ostechnix@192.168.1.20 'df -h'

Execute the script using command:

$ sh diskusage_sript.sh 

Sample output:

Filesystem      Size  Used Avail Use% Mounted on
/dev/loop0       20G  1.4G   18G   8% /
none            492K  4.0K  488K   1% /dev
udev             16G     0   16G   0% /dev/tty
tmpfs            16G     0   16G   0% /dev/shm
tmpfs            16G  8.6M   16G   1% /run
tmpfs           3.1G     0  3.1G   0% /run/user/1000
Use sshpass in shell scripts
Use sshpass in shell scripts

if you don't want to put the password in plaintext script, you can simply encrypt the password file using gpg as shown in Example 1 section and replace the last line in the script with the following line.

gpg -d -q ~/.mysshpassword.gpg | sshpass ssh ostechnix@192.168.1.20 'df -h'

After modifying the line, the actual script should look like below:

#!/usr/bin/env bash

#-------------------------------------------------------
#Author: Ostechnix
#Purpose: Report file system disk space usage of remote systems 
#-------------------------------------------------------
gpg -d -q ~/.mysshpassword.gpg | sshpass ssh ostechnix@192.168.1.20 'df -h'

For more details on sshpass usage, refer the manual page.

$ man sshpass

Conclusion

In this guide, we learned what sshpass is, how to install sshpass in various Linux and FreeBSD systems, how to use sshpass for non-interactive SSH login, and finally how to perform SSH password automation in shell scripts with the help of sshpass utility in Linux and FreeBSD systems.

Please note that sshpass is not a replacement for SSH key-based authentication method. You can use sshpass wherever you need to implement password-based authentication in an non-interactive mode.

As I already warned, using sshpass in a shared system is NOT recommended. Because, the password is recorded in the shell's history and all system users can view by simply viewing the bash history file .

If you're the only one who uses the system, then it is not a big deal. You can use sshpass to implement automated password-based SSH authentication.

Reference:

You May Also Like

Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. By using this site, we will assume that you're OK with it. Accept Read More