[Awesome Remote] sshpass: Run SSH using the keyboard-interactive password authentication mode

sshpass

The sshpass utility is designed to run SSH using the keyboard-interactive password authentication mode, but in a non-interactive way.

SSH uses direct TTY access to ensure that the password is indeed issued by an interactive keyboard user. sshpass runs SSH in a dedicated TTY, fooling SSH into thinking it is getting the password from an interactive user.

Installation

1
2
3
4
5
6
7
8
9
10
# CentOS, 
$ suod yum install -y sshpass

# macOS
$ brew install hudochenkov/sshpass/sshpass

Or
# $ brew install https://raw.githubusercontent.com/kadwanev/bigboybrew/master/Library/Formula/sshpass.rb

# $ brew install http://git.io/sshpass.rb

Usages

Synopsis

1
sshpass [-ffilename|-dnum|-ppassword|-e] [options] command arguments

Options

1
2
3
4
5
6
7
8
9
10
11
-  -ppassword
The password is given on the command line.

- -ffilename
The password is the first line of the file filename.

- -dnumber
number is a file descriptor inherited by sshpass from the runner. The password is read from the open file descriptor.

- -e
The password is taken from the environment variable "SSHPASS".

SSH

Use sshpass with ssh:

Use the -p option

1
$ sshpass -p "<Your Password>" ssh [email protected]

Use the -e option

1
2
3
$ export SSHPASS="<Your Password>"

$ sshpass -e ssh -Y [email protected]

Use the -f option

1
2
3
4
5
$ echo "<Your Password>" > ./pass_file

$ chmod 0400 ./pass_file

$ sshpass -f ./pass_file ssh [email protected]

Rsync

Use sshpass with rsync:

Uses the -e option, which passes the password to the environment variable SSHPASS

1
$ SSHPASS='<Your Password>' rsync --rsh="sshpass -e ssh -l username" /custom/ host.example.com:/opt/custom/ 

We can use the -f switch like this:

1
$ rsync --rsh="sshpass -f pass_file ssh -l username" /custom/ host.example.com:/opt/custom/

Scp

Use sshpass with scp:

1
$ scp -r /var/www/html/example.com --rsh="sshpass -f pass_file ssh -l user" host.example.com:/var/www/html

GPG

You can also use sshpass with a GPG-encrypted file. When the -f switch is used, the reference file is in plaintext. Let’s see how we can encrypt a file with GPG and use it.

First, create a file as follows:

1
$ echo '<Your Password>' > .sshpasswd

Next, encrypt the file using the gpg command:

1
$ gpg -c .sshpasswd

Remove the file which contains the plaintext:

1
$ rm .sshpasswd

Finally, use it as follows:

1
$ gpg -d -q .sshpassword.gpg > pass_file; sshpass -f pass_file ssh [email protected]

FAQs

We won’t add sshpass because it makes it too easy for novice SSH users to ruin SSH’s security on macOS with brew

1
2
3
4
5
6
$ brew install sshpass
...
Warning: No available formula or cask with the name "sshpass".
...
We won't add sshpass because it makes it too easy for novice SSH users to
ruin SSH's security.

Install from the unofficial package.

1
2
3
4
5
6
7
# macOS
$ brew install hudochenkov/sshpass/sshpass

Or
# $ brew install https://raw.githubusercontent.com/kadwanev/bigboybrew/master/Library/Formula/sshpass.rb

# $ brew install http://git.io/sshpass.rb

Non-checksummed download of sshpass formula file from an arbitrary URL is unsupported!

1
2
$ brew install https://raw.githubusercontent.com/kadwanev/bigboybrew/master/Library/Formula/sshpass.rb
`brew extract` or `brew create` and `brew tap-new` to create a formula file in a tap on GitHub instead.: Invalid usage: Non-checksummed download of sshpass formula file from an arbitrary URL is unsupported! (UsageError)

Try to download and brew install it.

1
2
3
$ wget https://raw.githubusercontent.com/kadwanev/bigboybrew/master/Library/Formula/sshpass.rb

$ brew install sshpass.rb

References

[1] sshpass(1) - Linux man page - https://linux.die.net/man/1/sshpass

[2] SSH password automation in Linux with sshpass | Enable Sysadmin - https://www.redhat.com/sysadmin/ssh-automation-sshpass

[3] Avoid typing ssh passwords with sshpass on macOS | Bits and Dragons - https://bitsanddragons.wordpress.com/2021/05/27/avoid-typing-ssh-passwords-with-sshpass-on-macos/

[4] How to install sshpass on mac? | Newbedev - https://newbedev.com/how-to-install-sshpass-on-mac

[5] Ansible: To use the ‘ssh’ connection type with passwords, you must install the sshpass program - bidhankhatri.com.np - https://bidhankhatri.com.np/automation/ansible-ssh-connection-type-with-passwords-error/