How to use the command 'sshpass' (with examples)

How to use the command 'sshpass' (with examples)

sshpass is a command-line utility that simplifies the process of automating SSH connections with password authentication. It eliminates the need for manual password entry by automatically providing the required credentials through various means. This can be particularly useful for automating tasks via scripts that need to access remote systems. sshpass works by creating a pseudo-terminal that feeds a predefined password into it and then directs this input towards an SSH session, making it transparent to the user while maintaining security.

Use case 1: Connect to a remote server using a password supplied on a file descriptor (in this case, stdin)

Code:

sshpass -d 0 ssh user@hostname

Motivation:

This use case is particularly useful for scripts and automation processes that require non-interactive SSH connections. By supplying the password via a file descriptor, you mitigate the exposure of passwords in your scripts, thus enhancing security. When passwords are stored in secure applications or systems, such as password vaults or environment variables, this method can streamline their inclusion in automated workflows.

Explanation:

  • sshpass: The command-line utility designed to pass passwords non-interactively into the SSH session.
  • -d 0: This option specifies that the password should be read from the file descriptor ‘0’, which is typically used for stdin.
  • ssh: The command used to establish secure shell connections to remote servers.
  • user@hostname: Specifies the username and hostname of the server you wish to connect to.

Example output:

Welcome to Ubuntu 20.04 LTS (GNU/Linux 5.4.0-42-generic x86_64)
...
user@hostname:~$

Here, once the password is successfully provided, the user is logged into the remote server and can begin executing commands.

Use case 2: Connect to a remote server with the password supplied as an option, and automatically accept unknown SSH keys

Code:

sshpass -p password ssh -o StrictHostKeyChecking=no user@hostname

Motivation:

Automating SSH connections or initial settings often involves dealing with unknown host keys. This use case is most suitable in situations where you need quick access to servers without manually verifying the identity of the host, such as in continuous integration pipelines, automated environment setups, or in scenarios where the user trusts all intermediate hosts implicitly.

Explanation:

  • sshpass: Executes and handles password passing automatically to SSH.
  • -p password: Directly specifies the password to be used for authentication.
  • ssh: The SSH client that establishes the connection.
  • -o StrictHostKeyChecking=no: SSH option to automatically accept new host keys. This option tells SSH not to prompt the user to verify the key, and can be useful in automation contexts where human intervention is impractical.
  • user@hostname: Denotes the user and the target remote server for the connection.

Example output:

Warning: Permanently added 'hostname,192.168.1.10' (ECDSA) to the list of known hosts.
Welcome to Ubuntu 20.04 LTS (GNU/Linux 5.4.0-42-generic x86_64)
...
user@hostname:~$

The connection is established with the password provided, and the server’s host key is automatically added to the known hosts list without user intervention.

Use case 3: Connect to a remote server using the first line of a file as the password, automatically accept unknown SSH keys, and launch a command

Code:

sshpass -f path/to/file ssh -o StrictHostKeyChecking=no user@hostname "command"

Motivation:

This scenario is ideal for automated scripts where multiple SSH commands need to be executed on remote servers using credentials stored securely in files. It simplifies any process requiring recurrent remote command execution while maintaining security by retrieving passwords from a file. Such an approach is beneficial in task automation, remote management, and configurations where it’s easier to keep passwords out of plain sight by storing them in protected files.

Explanation:

  • sshpass: Facilitates password provision to SSH sessions non-interactively.
  • -f path/to/file: Instructs sshpass to read the password from the first line of the specified file. The file must contain the password on the first line and is useful when passwords are stored safely in files.
  • ssh: The secure shell command utilized to connect remotely.
  • -o StrictHostKeyChecking=no: This option disables the manual key confirmation step for unknown hosts, streamlining connection in scripts.
  • user@hostname: Identifies the user and the server to connect to.
  • "command": Represents the command to be executed on the remote server upon successful connection.

Example output:

System information as of Thu Sep 9 15:09:28 UTC 2023
...
Running custom command
command_output
...
user@hostname:~$

The command is executed on the remote server right after authentication, displaying the output of the command directly in the terminal window.

Conclusion:

The sshpass utility is a powerful tool for automating SSH connections that require password authentication, making it particularly valuable in scripting and automation scenarios. The examples provided demonstrate the versatility and security-conscious nature of sshpass by offering different options for securely passing passwords, accepting unknown host keys, and running commands on remote servers.

Related Posts

Mastering Nix Flakes: Key Use Cases and Examples (with examples)

Mastering Nix Flakes: Key Use Cases and Examples (with examples)

Nix flakes represent a new paradigm in the Nix package management ecosystem, offering a more structured and reproducible way of managing packages, dependencies, and configurations.

Read More
How to use the command 'dmesg' (with examples)

How to use the command 'dmesg' (with examples)

The dmesg command is a diagnostic tool that prints messages from the kernel’s message buffer.

Read More
How to use the command 'ytfzf' (with examples)

How to use the command 'ytfzf' (with examples)

The tool ytfzf is a command-line utility designed to enhance the user’s experience when searching and downloading multimedia content from YouTube and other platforms.

Read More