From the terminal I type: ssh user@ip and then it prompts for a password.
Is there a way to specify the password in the ssh command itself?
Asked
Active
Viewed 4.4k times
13
Rohit sharma
- 133
- 1
- 1
- 4
-
answer is at https://stackoverflow.com/questions/4780893/use-expect-in-a-bash-script-to-provide-a-password-to-an-ssh-command – gcb Feb 08 '23 at 21:07
3 Answers
9
Use sshpass, one of two forms:
sshpass -ffilename ssh user@ip # prefer this
sshpass -pPa5sw0rd ssh user@ip # avoid this
where your password is in the first line of the file filename or it is literally Pa5sw0rd. Notes:
- In the manual there is no space after
-por-f, but at leastsshpass1.06 in my Debian 10 allows it; yoursshpassmay or may not. - If your password contains characters your shell will interpret (like
$,'or;) then you should quote it properly in the command line (but not in the file). - Avoid
-p. Usechmod 600 filenameto make the file private (root will still be able to access it though). Read about security considerations in the manual.
Kamil Maciorowski
- 69,815
- 22
- 136
- 202
-
-
@Rohitsharma Because of what the manual states in the *security considerations* section. – Kamil Maciorowski Nov 26 '20 at 12:48
-
@Rohitsharma - presumably because you are putting your password in plain text into the command. – Duke Bouvier Nov 26 '20 at 23:34
-
-
Any solution for macOS? `sshpass` isn't part of the default OS, and doesn't seem to be available in Homebrew either. – luckman212 Jul 14 '23 at 14:49
-
@luckman212 `expect(1)`. Example with `su`: [here](https://superuser.com/a/1343270/432690). Adjust it to `ssh`. If you manage to do this, consider posting an answer here. In the answer there is no need to mention my input. – Kamil Maciorowski Jul 14 '23 at 15:00
1
The correct way to do this, is to switch from password authentication to a public/private key pair. This typically needs no reconfiguration at all and is quite easy.
Step 1: If you do not have a key, create one: ssh-keygen will do that for you
Step 2: Authorize this key on the remote host: Run ssh-copy-id user@ip once, using your password
Step 3: From now on ssh user@ip will no longer ask for your password
Eugen Rieck
- 19,950
- 5
- 51
- 46
-
Thats correct. But the servers that i am working with are currently having password based authentication. And its really irritating to type password each time they prompt – Rohit sharma Nov 26 '20 at 10:03
-
1from a security perspective this is the correct way to do it. but the OP asked "How to specify password in ssh command". – Zina Nov 26 '20 at 14:11
-
Nearly ALL servers allow key authentication **in addition to** password authentication - so you use the password authentication (via `ssh-copy-id`) to enable the key. – Eugen Rieck Nov 28 '20 at 16:07
0
Here's a solution that uses clarkwang/passh. It works on macOS (tested on 13.4.1) as well as Linux, FreeBSD, OpenWRT and some others.
Download & compile
Precompiled binaries don't exist at this time, but just a few commands get it installed:
git clone https://github.com/clarkwang/passh && cd passh
cc -o passh passh.c
cp passh /usr/local/bin
Use
passh -c1 -C -t10 -T -p hunter2 ssh -t user@host 'echo $HOSTNAME'
Options explained
-c1only make 1 attempt at password login-Cexit if password login fails-t10means timeout after 10 seconds-Texit if timeout occurs-pspecifies the password to input
Other options
expect
Here's an answer that uses expect. I prefer passh because it doesn't require a HEREDOC or separate script, and works on embedded platforms like OpenWRT that don't always ship with expect.
sshpass
sshpass was removed from Homebrew, and is a bit convoluted to install on macOS now. The passh author has also documented some details explaining why it's broken at passh/sshpass-broken.md.
luckman212
- 219
- 1
- 6