I (very) recently posted this question in regards to tar over ssh.
The question now has an answer, and I am now asking a different question.
I run the following command to push code from my local machine to my server where it will run.
tar -cJf - ./my_folder | ssh user#example 'tar -xJf - -C ./path-to-my_folder/'
I know that with ssh/scp I can use sshpass -p password to stop the command asking for my password each time. Note that I cannot use alternative methods of authentication.
Is it possible to combine sshpass with my above command so that I do not have to enter my password continually?
In other words how should I edit the above command to include sshpass so that I do not have to type in my password each time the above command runs?
Edit: Note the following does work
For example
sshpass -p <password> ssh ... blaa blaa
sshpass -p <password> scp ... blaa blaa
I think you can use something like this:
tar -cJf - ./my_folder | sshpass -p $remote_ssh_password ssh -o StrictHostKeyChecking=no $remote_ssh_username#$remote_web_address "tar -xJf - -C ./path-to-my_folder/"
Note: StrictHostKeyChecking=no for avoiding prompt for server's fingerprint confirmation. It could create a security issue:
"Therefore, if you want to know whether you are talking to the right server (and not some impersonator), then you "just" need to compute the server's key fingerprint (from the public key that the server just sent to you) and compare it with a "reference fingerprint"."
More info can be found on here
Related
Hi i created following script to initialize my storage box to use rsync without password later. Last year it works if i remember correct...
cat .ssh/id_rsa.pub >> .ssh/storagebox_authorized_keys
echo -e "mkdir .ssh \n chmod 700 .ssh \n put $.ssh/storagebox_authorized_keys" \
".ssh/authorized_keys \n chmod 600 .ssh/authorized_keys" | sshpass -p ${storage_password} \
sftp -P ${storage_port} -i .ssh/id_rsa ${storage_user}#${storage_address}
today I get following error:
sshpass: invalid option -- 'i'
but the parameter -i belongs to sftp and not sshpass - is there an possibility to parse the parameters in the correct way?
edit: i switched the position of
-i .ssh/id_rsa ${storage_user}#${storage_address}
and get this error
sshpass: Failed to run command: No such file or directory
edit: it seems like an sftp problem...
after discussion, updating answer to properly support automation
step 1:
create an sftp "batch file" e.g: ~/.ssh/storage-box_setup.sftp
mkdir .ssh
chmod 700 .ssh
put /path/to/authorized_keys_file ".ssh/authorized_keys
chmod 600 .ssh/authorized_keys
/path/to/authorized_keys_file is a file containing public keys of ONLY the keys that should have access to your storage box (.ssh/storagebox_authorized_keys)
step 2:
update automation script command to
sshpass -p <password> -- sftp -P <port> -b ~/.ssh/storage-box_setup.sftp user#host
the -b flag was the answer you needed.
refer: man sftp
-b batchfile
Batch mode reads a series of commands from an input batchfile instead of stdin. Since it lacks user interaction it should be used in conjunction with non-interactive authentication.
--
sshpass -p ${storage_password} -- \
sftp -P ${storage_port} -i .ssh/id_rsa \
${storage_user}#${storage_address}
the -- before sftp is a way to tell sshpass (and most other programs) to stop parsing arguments.
everything after -- is assumed as the last argument, which in the case of sshpass is the command to be executed ssh -i ~/.id_rsa ...
in case you're wondering switching the position of -i tells sshpass to execute -i as a program and hence fails with command not found
I'm an Ubuntu bash newbie. I successfully login to an sFTP server using sshpass. But once the connection is established I also need to download a directory from the server. My script cannot seem to pass the connection line though. This is what I have in my script (.sh) file:
#!/bin/bash
sshpass -p 'MY_PASSWORD' sftp -o StrictHostKeyChecking=no -o HostKeyAlgorithms=+ssh-dss MYUSER#MYSFTPSERVERADDRESS
echo "hello"
get -r Export
In the snipped above, my echo and my get are not executed. The terminal is waiting for my input with a sftp> prompt.
You would be better served using scp instead of sftp and sharing keys instead of putting the password in a script if you're able, but if you must use sftp for some reason, it can take its commands from a heredoc like:
sshpass -p 'MY_PASS' sftp -o StrictHostKeyChecking=no -o HostKeyAlgorithms=+ssh-dss MYUSER#MYSFTPSERVERADDRESS <<EOF
get -r Export
EOF
note that echo isn't a valid sftp command.
You can put whatever commands you want sftp to execute before the EOF and it will do them each in turn.
If all you want is to get that directory it's probably still simpler to use scp if you can:
sshpass -p 'MY_PASSWORD' scp -o StrictHostKeyChecking=no -o HostKeyAlgorithms=+ssh-dss -r MYUSER#MYSFTPSERVERADDRESS:Export .
I'm writting a shell script and I want to automate login into a remote machine using ssh-copy-id, so manually when I print :
ssh-copy-id -i /root/.ssh/id_rsa $2#$4 -p $3 | echo $1
$1 refer to password,
$2 refer to username,
$3 refer to port, and
$4 refer to ip,
It is ok with that, the problem is that I have to automate inserting password after :
ssh-copy-id -i /root/.ssh/id_rsa $2#$4 -p $3
I add this "| printf $1", but it does not work it shows "password:" in the screen and still wait for the password ..
I hope you understand me and thank you.
As #Leon pointed out, you had the pipeline backwards. But even if you do it with the correct order, it will still not work because ssh-copy-id (and all other programs from openssh) do not read passwords from their stdin. The solution is to use the $SSH_ASKPASS environment variable. You can do that as follows: first, create an auxiliary script, say /var/tmp/ssh-pass.sh (actually find a better name than that), with the following contents:
#!/bin/sh
echo "$PASS"
Then you can use the following command to accomplish what you've asked for:
PASS="$1" SSH_ASKPASS="/var/tmp/ssh-pass.sh" setsid -w ssh-copy-id -i /root/.ssh/id_rsa "$2"#"$4" -p "$3"
Explanation: we use setsid -w to disassociate the ssh-copy-id process from the currently used terminal. That forces ssh-copy-id to run the executable specified in the $SSH_ASKPASS in order to obtain the password. We have specified our own script in that variable, so ssh-copy-id will execute just that. Now the script is supposed to provide the password to ssh-copy-id by printing it to its stdout. We use the $PASS variable to the password to the script, so the script just prints that variable.
2020 / Mac OS X:
Install sshpass (original answer)
brew install hudochenkov/sshpass/sshpass
Run ssh-copy-id using sshpass and with the password as an arg
sshpass -p $1 ssh-copy-id -i ~/PATH/TO/KEY $2#$4 -p $3
If you want to turn off strict host checking as well, use the -o flag, which is passed to the underlying ssh:
sshpass -p hunter2 ssh-copy-id -o StrictHostKeyChecking=no -i ~/PATH/TO/KEY $2#$4 -p $3
I tried the solution by #redneb, and installed setsid through util-linux by following this answer, but kept receiving a password denied.
I found this strategy to work for uploading my SSH key while setting up multiple raspberry pis in successino. In my script, I also run ssh-keygen -R raspberrypi.local each time too, to avoid the The ECDSA host key for raspberrypi.local has changed error.
I have been trying to automatically enter a ssh connection using a script. This previous SOF post has helped me so far. Using one connection works (the first ssh statement). However, I want to create another ssh connection once connected, which I thought could look like this:
#! /bin/bash
# My ssh script
sshpass -p "MY_PASSWORD1" ssh -o StrictHostKeyChecking=no *my_hostname_1*
sshpass -p "MY_PASSWORD2" ssh -o StrictHostKeyChecking=no *my_hostname_2*
When running the script, I get only connected to the my_hostname_1 and the second ssh command is not run until I exit the first ssh connection.
I've tried using an if statement like this:
if [ "$HOSTNAME" = my_host_name_1 ]; then
sshpass -p "MY_PASSWORD2" ssh -o StrictHostKeyChecking=no *my_hostname_2*
fi
but I can't get any commands to be read until I exit the first connection.
Here is a ProxyCommand example as suggested by #lihao:
#!/bin/bash
sshpass -p "MY_PASSWORD2" ssh -o StrictHostKeyChecking=no \
-o ProxyCommand='sshpass -p "MY_PASSWORD1" ssh m_hostname_1 netcat -w 1 %h %p' \
my_hostname_2
You are proxying through the first host to get to the second. This assumes you have netcat installed on my_hostname_2. If not, you'll need to install it.
You can also set this up in your ~/.ssh/config file so you don't need the proxy stuff on the command line:
Host my_hostname_1
HostName my_hostname_1
Host my_hostname_2
HostName my_hostname_2
ProxyCommand ssh my_hostname_1 netcat -w 1 %h %p
However, this is a little trickier with the password handling. While you could put the sshpass here, it's not a great idea to have passwords in plain text. Using key based authentication might be better.
A Bash script is a sequence of commands.
echo moo
echo bar
will run echo moo and wait for it to complete, then run the next command.
You can run a remote command like this:
ssh remote echo moo
which will connect to remote, run the command, and exit. If there are additional commands in the script file after this, the shell which is executing these commands will continue with the next one, obviously on the host where you started the script.
To connect to one host from another, you could in principle do
ssh host1 ssh host2
but the proxy command suggested by #zerodiff improves on several aspects of the experience.
I am trying to run a sshpass command inside a bash script but it isn't working.
If I run the same command from the terminal it works fine but running it in a bash script it doesn't.
#! /bin/bash
sshpass -p 'password' ssh user#host command
I am aware of the security issues but its not important now.
Can someone help? Am I missing something.
Thanks
Try the "-o StrictHostKeyChecking=no" option to ssh("-o" being the flag that tells ssh that your are going to use an option). This accepts any incoming RSA key from your ssh connection, even if the key is not in the "known host" list.
sshpass -p 'password' ssh -o StrictHostKeyChecking=no user#host 'command'
Do which sshpass in your command line to get the absolute path to sshpass and replace it in the bash script.
You should also probably do the same with the command you are trying to run.
The problem might be that it is not finding it.
1 - You can script sshpass's ssh command like this:
#!/bin/bash
export SSHPASS=password
sshpass -e ssh -oBatchMode=no user#host
2 - You can script sshpass's sftp commandlike this:
#!/bin/bash
export SSHPASS=password
sshpass -e sftp -oBatchMode=no -b - user#host << !
put someFile
get anotherFile
bye
!
I didn't understand how the accepted answer answers the actual question of how to run any commands on the server after sshpass is given from within the bash script file. For that reason, I'm providing an answer.
After your provided script commands, execute additional commands like below:
sshpass -p 'password' ssh user#host "ls; whois google.com;" #or whichever commands you would like to use, for multiple commands provide a semicolon ; after the command
In your script:
#! /bin/bash
sshpass -p 'password' ssh user#host "ls; whois google.com;"
This worked for me:
#!/bin/bash
#Variables
FILELOCAL=/var/www/folder/$(date +'%Y%m%d_%H-%M-%S').csv
SFTPHOSTNAME="myHost.com"
SFTPUSERNAME="myUser"
SFTPPASSWORD="myPass"
FOLDER="myFolderIfNeeded"
FILEREMOTE="fileNameRemote"
#SFTP CONNECTION
sshpass -p $SFTPPASSWORD sftp $SFTPUSERNAME#$SFTPHOSTNAME << !
cd $FOLDER
get $FILEREMOTE $FILELOCAL
ls
bye
!
Probably you have to install sshpass:
sudo apt-get install sshpass