This question already has answers here:
Passing arguments to an interactive program non-interactively
(5 answers)
How do I specify a password to 'psql' non-interactively?
(11 answers)
Closed 5 months ago.
I have a bash script that runs a few psql commands. Every time a command is ran it prompts for user password. I'd like to make the script input the password automatically so I'd only need to run the script and not need to input anything.
I am aware that I can do this for psql
PGPASSWORD=root psql -h localhost -d $db_name -U root -c
but I'd like to know how to automate input in general/
You can export the PGPASSWORD as below:
export PGPASSWORD=root
psql -h localhost -d $db_name -U root -c
This question already has answers here:
How to run the sftp command with a password from Bash script?
(12 answers)
Closed 2 years ago.
I want to input the password to sftp using heredoc:
sftp root#example.com <<EOF
password
EOF
But it does not work. sftp still asks me to type password. I know I can use sshpass to input the password, but why cannot I just use the heredoc to input the password. I think heredoc will be read as the standard input for sftp. Am I misunderstanding something?
sftp will read the password from /dev/tty or some other program when running under graphical environment. When you run sftp from the terminal, stdin is /dev/tty. The heredoc replaces stdin, but sftp will always read /dev/tty for password.
I suggest to use sshpass:
SSHPASS='password' sshpass -e sftp root#example.com
From man sshpass:
-e: The password is taken from the environment variable "SSHPASS".
This question already has answers here:
How to use SSH to run a local shell script on a remote machine?
(22 answers)
Closed 5 years ago.
I try to run a local script on multiple remote servers as root. I don't have su to root on those but just can run root commands using sudo. So far I tried:
for host in $(cat hosts_list); do ssh -tt $host "echo mypassword | sudo bash -s" < ./myscript.sh
And in myscript.sh there is something like:
echo "test test123" >> /etc/tests
exit 0
But it looks like not working and won't change the file. What is the proper way to run this script as root and without typing password separately for each host?
Ok, then why do you "echo mypassword" ?
Can't you add your SSH account to the sudoers file with NOPASSWD ?
From man sudoers:
authenticate If set, users must authenticate themselves via a password (or other means
of authentication) before they may run commands. This default may be
overridden via the PASSWD and NOPASSWD tags. This flag is on by default.
This question already has answers here:
SSH in shell script with password
(3 answers)
Closed 9 years ago.
I am trying to execute a script which is present in another unix machine from my unix box using below command:
HOST=myhostname
USER=myuser
ssh -o StrictHostKeyChecking=no -l $USER $HOST "/tmp/myscript.sh"
But the command prompts me to enter the password, but I don't want the command to prompt for password, instead of that I want to pass the password as parameter for my command. But I am not able to find an option to pass the password as parameter to SSH command.
Please help me on how to send password as part of command, instead of the command to prompt it. I am using BASH shell script.
Use EXPECT
Save this as mylogin.exp (or some other name you like), and change the names and password:
#!/usr/bin/expect -f
spawn ssh myname#some_server.com
expect {
password: {send "mypassword\n"}
}
interact
Then just run the command:
./mylogin.exp
That will just get you logged in. If you want to run a command instead, you can just put that at the end of the ssh command.
In my shell script I am running a command which is asking me for input.
How can I give the command the input it needs automatically?
For example:
$cat test.sh
ssh-copy-id tester#10.1.2.3
When running test.sh:
First, it will ask:
Are you sure you want to continue connecting (yes/no)?
Then, it will ask me to input the password:
tester#10.1.2.3's password:
Is there a way to input this automatically?
For simple input, like two prompts and two corresponding fixed responses, you could also use a "here document", the syntax of which looks like this:
test.sh <<!
y
pasword
!
The << prefixes a pattern, in this case '!'. Everything up to a line beginning with that pattern is interpreted as standard input. This approach is similar to the suggestion to pipe a multi-line echo into ssh, except that it saves the fork/exec of the echo command and I find it a bit more readable. The other advantage is that it uses built-in shell functionality so it doesn't depend on expect.
For general command-line automation, Expect is the classic tool. Or try pexpect if you're more comfortable with Python.
Here's a similar question that suggests using Expect: Use expect in bash script to provide password to SSH command
There definitely is... Use the spawn, expect, and send commands:
spawn test.sh
expect "Are you sure you want to continue connecting (yes/no)?"
send "yes"
There are more examples all over Stack Overflow, see:
Help with Expect within a bash script
You may need to install these commands first, depending on your system.
Also you can pipe the answers to the script:
printf "y\npassword\n" | sh test.sh
where \n is escape-sequence
ssh-key with passphrase, with keychain
keychain is a small utility which manages ssh-agent on your behalf and allows the ssh-agent to remain running when the login session ends. On subsequent logins, keychain will connect to the existing ssh-agent instance. In practice, this means that the passphrase must be be entered only during the first login after a reboot. On subsequent logins, the unencrypted key from the existing ssh-agent instance is used. This can also be useful for allowing passwordless RSA/DSA authentication in cron jobs without passwordless ssh-keys.
To enable keychain, install it and add something like the following to ~/.bash_profile:
eval keychain --agents ssh --eval id_rsa
From a security point of view, ssh-ident and keychain are worse than ssh-agent instances limited to the lifetime of a particular session, but they offer a high level of convenience. To improve the security of keychain, some people add the --clear option to their ~/.bash_profile keychain invocation. By doing this passphrases must be re-entered on login as above, but cron jobs will still have access to the unencrypted keys after the user logs out. The keychain wiki page has more information and examples.
Got this info from;
https://unix.stackexchange.com/questions/90853/how-can-i-run-ssh-add-automatically-without-password-prompt
Hope this helps
I have personally been able to automatically enter my passphrase upon terminal launch by doing this: (you can, of course, modify the script and fit it to your needs)
edit the bashrc file to add this script;
Check if the SSH agent is awake
if [ -z "$SSH_AUTH_SOCK" ] ; then
exec ssh-agent bash -c "ssh-add ; $0"
echo "The SSH agent was awakened"
exit
fi
Above line will start the expect script upon terminal launch.
./ssh.exp
here's the content of this expect script
#!/usr/bin/expect
set timeout 20
set passphrase "test"
spawn "./keyadding.sh"
expect "Enter passphrase for /the/path/of/yourkey_id_rsa:"
send "$passphrase\r";
interact
Here's the content of my keyadding.sh script (you must put both scripts in your home folder, usually /home/user)
#!/bin/bash
ssh-add /the/path/of/yourkey_id_rsa
exit 0
I would HIGHLY suggest encrypting the password on the .exp script as well as renaming this .exp file to something like term_boot.exp or whatever else for security purposes. Don't forget to create the files directly from the terminal using nano or vim (ex: nano ~/.bashrc | nano term_boot.exp) and also a chmod +x script.sh to make it executable. A chmod +r term_boot.exp would be also useful but you'll have to add sudo before ./ssh.exp in your bashrc file. So you'll have to enter your sudo password each time you launch your terminal. For me, it's more convenient than the passphrase cause I remember my admin (sudo) password by the hearth.
Also, here's another way to do it I think;
https://www.cyberciti.biz/faq/noninteractive-shell-script-ssh-password-provider/
Will certainly change my method for this one when I'll have the time.
You can write the expect script as follow:
$ vi login.exp
#!/usr/bin/expect -f
spawn ssh username#machine.IP
expect "*assword: "
send -- "PASSWORD\r"
interact
And run it as:
$ expect login.exp