35

I tried writing a shell script which can do automatic login into a ssh server using password which is mentioned in the script. I have written the following code:

set timeout 30
/usr/bin/ssh -p 8484 [email protected]
expect 
{
   "[email protected]'s password" 
   {
      send "password\r" 
   }
}

This code is not running properly, still it is asking for the password. Can somebody please help me in solving this

3

12 Answers 12

47

I once wrote an expect script to log in to a ssh server (like your case) and my script was something like this:

#!/usr/bin/expect

spawn ssh [email protected]
expect "password"
send "MyPassword\r"
interact

I think maybe the interact is missing in your script.

6
  • this is absolutely working fine for me and i am stuck in this place, the interact provides interactive terminal with prompt, but i am trying to automate further more steps like do cd and ls and read the contents of the file as well. Is it possible to do after interact? Please reply Commented Aug 1, 2018 at 14:57
  • @Hansie you can send an ls command after the login. For example after sending password, do an expect with the command prompt text (to make sure you are logged in), then send "ls\r". All of these goes before interact. Commented Aug 3, 2018 at 0:09
  • the question was slightly incorrect and i am sorry after doing ls and read contents, i am able to print the same. But how to get that out of ssh session into a variable to access from local machine. ref: stackoverflow.com/questions/32341234/expect-script-return-value. But output is not working for me. My question posted: stackoverflow.com/questions/51628465/…. I need file_list after exit to access from local command prompt Commented Aug 3, 2018 at 6:02
  • send "MyPassword\r" is not working @saeedn Commented Jan 24, 2021 at 4:09
  • this is not working for me on ubuntu Commented Jan 26, 2021 at 7:50
37

You're going about it the wrong way. What you want to do is generate a passwordless ssh-key pair and then (as long as the server supports RSA key authentication) you can get in without having to type a password for all. This is a security risk if your private key is stored somewhere that it could be stolen.

Follow these steps:

  1. mkdir -p ~/.ssh
  2. cd ~/.ssh
  3. ssh-keygen -type dsa -i mysshkeys
  4. Press Return when prompted for passphrase
  5. Press Return a second time to confirm.

There will now be two files in your ~/.ssh directory, mysshkey.pub and mysshkey. mysshkey.pub is your public key, this one is safe to put on remote servers. mysshkey is your private passwordless key, it is not safe to put on remote servers (or somewhere someone else could get a copy).

On the server you wish to SSH into:

  1. Login to the remote server
  2. mkdir -p ~/.ssh
  3. Copy and paste the contents of mysshkey.pub into ~/.ssh/authorized_keys
  4. Make sure that ~/.ssh/authorized_keys is chmod'd to 600

Now, to put it into action on your local machine you run the following command:

ssh -i ~/.ssh/mysshkey <remote_server_ip>

And you will be logged in without being prompted for a password.

This is a much preferable method of managing automated logins as you don't end up hard-coding your password multiple places that need to be updated if you ever change it.

8
  • 3
    I would use RSA keys rather than DSA. But other than that, full agree. Commented Feb 7, 2012 at 9:03
  • 18
    sometimes you cannot add keys to the remote host, eg network appliances. Commented Apr 13, 2016 at 5:07
  • 1
    I tried this. ssh is still asking for a password. Do you specifically have to give an IP address? I tried it with both <user>@<domain-name> and just the domain name. Commented Jun 20, 2017 at 14:39
  • This command said too many arguments? (for step 3) Commented Aug 8, 2017 at 2:59
  • I had to change to ssh-keygen -t dsa and manually enter file location instead. Commented Aug 8, 2017 at 3:10
22

On Debian-based distributions, the sshpass package provides an easier way of doing what you want. The package is available for many other popular distributions. You need to set it up first:

echo 'YourPassword' > passwordFile.txt
chmod 600 passwordFile.txt

Then invoke the SSH command from a script like this:

sshpass -f /path/to/passwordFile.txt /usr/bin/ssh -p 8484 [email protected]

This provides more flexibility, such as if you're using a different locale or need to change the password, than solutions using expect.

9

you can use this:

sshpass -p 'yourpassword'  ssh user@ip
8

First install the sshPass sudo apt-get install sshpass

Then create an alias in .bashrc file as

alias sshLogin='sshpass -p <your ssh password> ssh username@remote_host'

Now reload your changed .bashrc file by source ~/.bashrc

You are now done.

Now you can run the ssh using the above created alias sshLogin in terminal.

4

All what you need it to create a hashed key and save it on your PC

Just type

ssh-keygen -t rsa -b 4096 # just press Enter till the end

then enter

ssh-copy-id <user>@<server>

then login normally using

ssh <user>@<server>

Now you don't need a password

Note: Saving your password in a plain text is dangerous

This method is creating a hashed value of your password using RSA with public key of length 4096 which is very secure.

2
  • 1
    This appears to be a repeat of this answer. Commented Jun 16, 2018 at 22:40
  • 1
    #roaima Yes, but it algo suggests the incredibly useful ssh-copy-id command, which nobody else mentioned. I'm upvoting it for that. Commented Jun 1, 2019 at 10:47
2

As already described in other answers, I also use sshpass but I combine it with the read command to store my password in an temporary environment variable. This way my password is never written anywhere in clear. Here is the one line command I use:

read -s PASS; sshpass -p $PASS ssh <user>@<host adress>

After that you have to enter your password (nothing appears on the screen) and then pressing enter will open the connection.

1

I recently did this, this may help you:

sshpass -p 'password' username@ipaddress

if this doesn't work then you'll have to generate keys in the other machine you want to connect with

ssh-keygen

it will generate private and public keys and ask you for a location, leave at empty it will save the keys in .ssh folder by default it will ask you for passphrase, you can also leave it empty the go in .ssh folder and change the public key name to 'authorized_keys'

cd .ssh/
mv id_rsa.pub authorized_keys
useradd -d /home/username username

this will add user to list now go to home directory and give permission and restart sshd services

chmod 700 /home/username/.ssh
chmod 644 /home/username/.ssh/authorized_keys
chown root:root /home/dozee
sudo service sshd restart

now you will have to move the private key to the system at that location from where you are going to run the ssh command, then you can connect with

sshpass -p 'password' ssh -i id_rsa username@ip

if even that doesn't work then go in /etc/ssh open sshd_config with vim editor check if the pubkeyAuthenticatoin is turned to yes or not, if not change it to yes , restart the sshd services and then try it, it will definitely work.

1

First argument is hostname and second is password.

     #!/usr/bin/expect
     set pass [lindex $argv 1]
     set host [lindex $argv 0]
     spawn ssh -t root@$host echo Hello
     expect "*assword: "
     send "$pass\n";
     interact

Execution:

./script.expect hostname "my!password?"
0

SSH Passwordless Login Using SSH Keygen in 5 Easy Steps:

Environment setup: enter image description here

Step 1: Authentication SSH-Kegen Keys on – (192.168.0.12)
First login into server 192.168.0.12 with a user and generate a pair of public keys using following command.

enter image description here

Step 2: Create .ssh Directory on – 192.168.0.11
Use SSH from server 192.168.0.12 to connect server 192.168.0.11 to create .ssh directory under it, using following command.

enter image description here

Step 3: Upload Generated Public Keys to – 192.168.0.11
Use SSH from server 192.168.0.12 and upload new generated public key (id_rsa.pub) on server 192.168.0.11 under user's .ssh directory as a file name authorized_keys.

enter image description here

Step 4: Set Permissions on – 192.168.0.11
Due to different SSH versions on servers, we need to set permissions on .ssh directory and authorized_keys file.

enter image description here

Step 5: Login from 192.168.0.12 to 192.168.0.11 Server without Password
From now onwards we can log into 192.168.0.11 as sheena user from server 192.168.0.12 as tecmint user without password.

enter image description here

2
  • 1
    Thanks... this worked for me, except at step 4 I got a dramatic "warning": "UNPROTECTED PRIVATE KEY FILE! ... .../.ssh/id_rsa' are too open. ... private key will be ignored... bad permissions". I did chmod 700 id_rsa in directory .ssh in the local (client, i.e. 192.168.0.12 in your example) server: problem solved Commented Apr 21, 2018 at 8:14
  • 4
    Please don't post pictures of text. Commented Jun 16, 2018 at 22:39
0

Just use the appropriate option

ssh -o PreferredAuthentications=password [email protected]

You can also go the other way around and simply forbid using keys.

ssh -o PubkeyAuthentication=no [email protected]
0

Purely bash answer

#!/bin/bash

[[ $1 =~ 'password:' ]] && cat || SSH_ASKPASS="$0" DISPLAY=nothing:0 exec setsid "$@"

Save it as pass, do a chmod +x pass and then use it like this:

echo mypass | pass ssh user@host ...

If its first argument contains password: then it passes its input to its output (cat) otherwise it launches whatever was presented after setting itself as the SSH_ASKPASS program.

When ssh encounters both SSH_ASKPASS AND DISPLAY set, it will launch the program referred to by SSH_ASKPASS, passing it the prompt user@host's password:

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.