7

My usecase is that i need to copy my ssh key for authorized access onto a remote machine. I need to be able to call a script that copies over my ssh key to the remote machine without needing my input. Currently it prompts for a password and also a yes to the RSA fingerprint. I need it to be able to automatically add my hosts to each other via an IP range

Aamir Mushtaq
  • 175
  • 1
  • 1
  • 5

3 Answers3

14

I believe you can use sshpass.

  • Ubuntu/Debian: apt-get install sshpass
  • Fedora/CentOS: yum install sshpass

For example:

sshpass -p "PASSWORD" ssh-copy-id -o StrictHostKeyChecking=no USERNAME@IP

Slizzered
  • 1,366
  • 9
  • 20
Rob Calistri
  • 334
  • 2
  • 6
  • 1
    I suggest not to store the password in the script directly, as the script might remain on the machine with the hardcoded password. This would increase the security problem further. Passing it as an input argument might be preferable – Slizzered Apr 30 '15 at 17:34
  • 2
    I would agree with Slizzered on storing it on the server. It should be an argument to the script. That being said, if you pass in as an argument, you still have the issue of that password being in the background processes while the script executes. Regardless, if you bypass the ssh protections using things like 'sshpass' there are always security implications! – Rob Calistri Apr 30 '15 at 17:38
2

For ssh password prompt, try to use ansible/ansible-playbook -k/--ask-pass. It will call sshpass(FYI, maybe OSX don't ship with sshpass by default).

For host key checking, add

[defaults]
host_key_checking = False

in ~/.ansible.cfg or /etc/ansible/ansible.cfg.

Or export ANSIBLE_HOST_KEY_CHECKING=False just like this manual says.

For ssh keys deploy, use authorized_keys module in ansible playbook. It's easier for user to keep the scripts idempotency.

jasonz
  • 228
  • 1
  • 6
0

If you're ok with inputting the password once, the following script will copy your ssh key to a large number of hosts (listed in hosts.txt) very fast without having to put your password on the command line:

# sudo yum install moreutils sshpass openssh-clients
echo 'Input Password:';
read -s SSHPASS;
export SSHPASS;
parallel -i -j 25 sshpass -e ssh-copy-id '-o ConnectTimeout=10 -o StrictHostKeyChecking=no {}' -- `cat hosts.txt`;
export SSHPASS=''
Adam C.
  • 1