60

Possible Duplicate:
Connect through SSH and type in password automatically, without using a public key

I have a bash script that makes dump of DB then copies file from one server to another but it always asks for password before connection.

scp file.tar.gz root@xxx.xxx.xxx.194:/backup

Is there a way to pass password directly into script ?

Community
  • 1
chubbyk
  • 863
  • 2
  • 10
  • 15
  • 2
    http://www.how2s.org/index.php/Howto_use_scp_without_password_prompt_%28batch_mode%2C_scp_-B%29 – mailq Oct 04 '11 at 20:05
  • 1
    Also, [answered on StackOverflow](http://stackoverflow.com/q/50096/7552) – glenn jackman Oct 04 '11 at 20:18
  • 1
    http://serverfault.com/questions/132405/connect-through-ssh-and-type-in-password-automatically-without-using-a-public-ke – quanta Oct 05 '11 at 02:22
  • 4
    This is something I really hate about many online communities; They will tell you that you are doing something stupid and then not give you the answer. – Lennart Rolland Sep 21 '14 at 23:33

6 Answers6

89

Use the tool sshpass

sshpass -p 'password' scp file.tar.gz root@xxx.xxx.xxx.194:/backup
GGarciaBas
  • 891
  • 6
  • 2
  • 14
    This is not a standard part of OpenSSH, and literally none of my machines (Mac OS X 10.7, Ubuntu 12.04, FreeBSD 8, Debian 3.1) have it. It's also the accepted answer provided on the question that this one is marked as a duplicate of... – voretaq7 Aug 02 '12 at 14:57
  • 6
    Excellent! Security isn't always a concern, such as during cross-platform development of a box within the firewall. On systems with apt-get, install with `sudo apt-get install -y sshpass` – Brent Faust Oct 17 '13 at 01:15
  • 6
    OK, to add extra security, consider `sshpass -f file_with_password`. Then secure the password file's permissions, make it work, and then read some "clever" advice about how using sshpass is bad, and authorized_keys is great. Especially, when somebody else just gives you login+pass (e.g. for SFTP), and no option to authorize your public key... – Tomasz Gandor Oct 21 '14 at 06:04
  • 3
    I recommend reading the password from prompt once with `read -s -p "Enter ssh password : " PASSWORD_SSH;` and then use that in the sshpass phrase `sshpass -p $PASSWORD_SSH scp file.tar.gz root@xxx.xxx.xxx.194:/backup ` – yunzen Apr 14 '15 at 07:29
45

Rather than using root create an account just for this job. Use public keys without a passphrase instead of passwords.

scp -i /home/backupuser/.ssh/id_rsa backupuser@xxx.xxx.xxx.194:/backup

By using a special account for the backup on the destination system you are not exposing your root password.

user9517
  • 114,104
  • 20
  • 206
  • 289
  • 3
    +1 for referring a creation of a specific account for file uploads instead of using root. And I will also recommend using a restricted shell like [rssh](http://www.pizzashack.org/rssh/) for this user. – noisebleed Jul 26 '12 at 12:38
  • 14
    -1 for not answering the question. – Eric Uldall Oct 18 '14 at 00:26
  • 1
    +nitpick for recommending another solution to the posed problem even though it does not literally answer the question. – Mantriur Jun 06 '16 at 20:26
4

It's better to set up ssh to used key-based authentication rather than trying to figure out how to send text to the login process with something like expect.

Take a look at:

https://help.ubuntu.com/community/SSH/OpenSSH/Keys

So, basically, run ssh-keygen -t dsa on the machine that will run your script. When it asks you for a passphrase, hit ENTER to accept a blank. You will get two files. If you followed the default suggestions, the files will be ~/.ssh/id_dsa and ~/.ssh/id_dsa.pub. The first one is the private key. The second one is the public key.

Copy the public key to the second server using ssh-copy-id user@server2. This will add the public key to the authorized_keys file of the user on server2.

You should now be able to run ssh from the first machine and log in without a password.

For copying the files, scp or rsync are fine. It depends on what you're doing. rsync will use ssh by default, so will use the key-based authentication you just set up.

cjc
  • 24,533
  • 2
  • 49
  • 69
3

scp uses SSH to tunnel to a remote server and transfer files. SSH can authenticate users with a password, an SSH key or both (recommended).

To transfer files without a password, create an SSH key for the user you're going to use (root is not recommended, use an unprivileged user instead and have a job on the target server as root to perform the privileged action).

Then you need to configure the target system's SSH daemon to accept SSH key connections (also in above link).

Bear in mind that compromised SSH keys without a password are the same as compromised passwords - anybody can get in. For real users, it's better to double the security and require the key and a password.

Andy
  • 5,190
  • 23
  • 34
3

pscp allows you to pass the password to it directly using the -pw argument. Alternately, and this is a better idea, use ssh agent and set up key based logon - this is more secure. There's a howto on setting up ssh to use key based logon here

You can use the yes command to send a yes to the program.

Community
  • 1
Journeyman Geek
  • 6,969
  • 3
  • 31
  • 49
  • this was a great fix to the problem of getting ssh keys onto 16 vms, most answer just say 'use keys' leading to having to manually login to each server to add a key when we need to set them up in large groups.Running this on bash on windows looks like `PSCP.EXE -l $username -pw $password localflie "$HOST:/tmp/remotefile"` – simbo1905 Jun 13 '19 at 13:40
2

You should not use password-less ssh-keys for security reasons.

The tool keychain can help you re-use the ssh-agent and run rsync over ssh in scripts without being prompted for passwords.

To install it on a Ubuntu machine just run the following command. 

sudo apt-get install keychain

Check out the manpage for keychain for more information on how to use it.

pkhamre
  • 5,900
  • 3
  • 15
  • 27