Databases
StackOverflow2013
Postsdbo
POUsing a variable's value as password for scp, ssh etc. instead of prompting for user input every time
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POUsing a variable's value as password for scp, ssh etc. instead of prompting for user input every time
    primarykey
    data
    text
    <p>AFAIK, the commands <code>ssh</code> or <code>scp</code> do not have/take a password parameter. Otherwise I could keep the password in a shell variable and probably get rid of the enter password prompt. If I write an scp command in my shell script, it prompts the user to input the password. I have multiple ssh and scp commands in my script and I do not want the user to enter the password every time. I would prefer to save the password in a shell variable in the beginning (by asking password once), then use it for every ssh or scp. </p> <p>I read about "public key identification" in <a href="https://stackoverflow.com/questions/3457719/complete-password-field-scp-command-on-linux">this question</a>. Is it related to the solution I am looking for?</p> <p><strong>Update</strong><br> I read in <a href="https://stackoverflow.com/questions/3938763/how-to-use-ssh-command-in-shell-script/3938775#3938775">How to use ssh command in shell script?</a> why it is unsafe to specify passwords on the commandline. Does using <code>expect</code> also store the password and is world visible (using <code>ps aux</code>)? Is that the security issue with using <code>expect</code>?</p> <p><strong>Further Explanation</strong><br> To further make it clear, I am writing this shell script to automate code and database backup, do code upload, run necessary database queries, do all the things that are needed for a new version release of a <a href="http://en.wikipedia.org/wiki/LAMP_(software_bundle)" rel="nofollow noreferrer">LAMP project</a> from a developer system to a remote live server. My shell script will be there inside the main codebase of the project in every developer instance. </p> <p><strong>Requirement</strong> </p> <ul> <li><p>I want all developers (all may be working from different remote systems) knowing the SSH/FTP password to be able to use the shell by entering the ssh/ftp password same only at run-time once. I would prefer the password to be the ssh/ftp password</p> <p><strong>Note -</strong> I do not want other developers who don't know the SSH password to be able to use it (So I guess public key authentication will not work because it stores the passwords in the systems).</p></li> <li>I do not want any command line solution which stores the password in some log in the system and can be world visible using ps aux or something.</li> </ul> <p><strong>Opening Bounty</strong><br> From all the answers so far and my anaylsis of those solutions, it looks like other than public key authentication all others are insecure. I am not yet sure if using <code>expect</code> is insecure. I think it is otherwise the correct solution for me. In that case, I am getting command not found errors while trying to do that as already commented on one of the answers.</p> <p>From <a href="http://www.debianadmin.com/sshpass-non-interactive-ssh-password-authentication.html" rel="nofollow noreferrer">http://www.debianadmin.com/sshpass-non-interactive-ssh-password-authentication.html</a> -</p> <blockquote> <p>First and foremost, users of sshpass should realize that ssh’s insistance on only getting the password interactively is not without reason. It is close to be impossible to securely store the password, and users of sshpass should consider whether ssh’s public key authentication provides the same end-user experience, while involving less hassle and being more secure.</p> </blockquote> <p>So, is it not possible to securely run multiple ssh, scp commands by entering the ssh/ftp password (if only once at runtime? Please read my Requirement section again.</p> <p>Also, can anyone explain this -</p> <blockquote> <p>In particular, people writing programs that satisfies are meant to communicate the above points)password programatically are encouraged to use an anonymous pipe and pass the pipe’s reading end to sshpass using the -d option.</p> </blockquote> <p>Does this mean anything is possible?</p>
    singulars
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PTQuestion
    1. USCommunity
    1. USSandeepan Nath
    plurals
    1. PL
      singulars
      1. LTLinked
    2. PL
      singulars
      1. LTLinked
    3. PL
      singulars
      1. LTLinked
    1. PL
      singulars
      1. LTLinked
    2. PL
      singulars
      1. LTLinked
    1. This table or related slice is empty.
    1. PO
      singulars
      1. PTAnswer
    2. PO
      singulars
      1. PTAnswer
    3. PO
      singulars
      1. PTAnswer
    1. VO
      singulars
      1. POUsing a variable's value as password for scp, ssh etc. instead of prompting for user input every time
      1. This table or related slice is empty.
      1. VTUpMod
    2. VO
      singulars
      1. POUsing a variable's value as password for scp, ssh etc. instead of prompting for user input every time
      1. USSandeepan Nath
      1. VTBountyStart
    3. VO
      singulars
      1. POUsing a variable's value as password for scp, ssh etc. instead of prompting for user input every time
      1. This table or related slice is empty.
      1. VTDownMod
    1. COYou should use `ssh-agent` instead of this very insecure method.
      singulars
      1. POUsing a variable's value as password for scp, ssh etc. instead of prompting for user input every time
      1. USismail
    2. CO`ssh` and `scp` are external utilities, not Bash shell commands.
      singulars
      1. POUsing a variable's value as password for scp, ssh etc. instead of prompting for user input every time
      1. USDennis Williamson
    3. CO@İsmail 'cartman' Dönmez - can you please explain or send me some link to an explanation? I am a newbie in shell, so don't know how is storing in a password less secure.
      singulars
      1. POUsing a variable's value as password for scp, ssh etc. instead of prompting for user input every time
      1. USSandeepan Nath
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload