Difference between revisions of "Secure Shell - auto login ssh"
m (→public key authentication) |
m |
||
Line 1: | Line 1: | ||
− | The OpenSSH ssh utility doesn't accept a password on the command line or on its standard input. | + | There is a key authentication system that can be used with OpenSSH. The OpenSSH ssh utility doesn't accept a password on the command line or on its standard input, except for prompting the user for password requiring manual interaction. By using the key authentication system you will not be prompted for a password. |
OPTIONS FOR SSH AUTOMATED | OPTIONS FOR SSH AUTOMATED |
Latest revision as of 18:58, 24 July 2020
There is a key authentication system that can be used with OpenSSH. The OpenSSH ssh utility doesn't accept a password on the command line or on its standard input, except for prompting the user for password requiring manual interaction. By using the key authentication system you will not be prompted for a password.
OPTIONS FOR SSH AUTOMATED
- Use an SSH key for authentication, instead of a password.
- Use sshpass, expect, or a similar tool to automate responding to the password prompt.
- Use the SSH_ASKPASS feature to get ssh to get the password by running another program.
- Use the insecure host-based authentication, sometimes common on private networks.
- Use a custom or modified ssh client adapted from source code, or one that allows for stored password.
sshpass
Install the sshpass utility so that you can automate ssh login including password.
apt install sshpass
Now you can automate the login process
sshpass -p "mysecretpass" ssh -o StrictHostKeyChecking=no nicolep@192.168.100.10
Custom port example:
sshpass -p "mysecretpass" ssh -o StrictHostKeyChecking=no nicolep@192.168.100.10:9600
public key authentication
BEFORE MAKING NEW KEY PAIRS: Try to Find an Existing Secure Shell Key Pair. See if you already have a .ssh under your home directory. If you already have a key pair then you should not need to make a new key pair.
In the source host run this only once:
ssh-keygen -t rsa
Now you've generated the public key. It needs to be copied onto the remote host.
ssh-copy-id -i ~/.ssh/id_rsa.pub nicolep@192.168.100.10
add identities to the ssh-agent – the authentication agent on the local host.
ssh-add
now press ENTER to every field
ssh-copy-id nicolep@192.168.100.10
expect
Example script
#!/usr/bin/expect set timeout 15 set cmd [lrange $argv 1 end] set password [lindex $argv 0] eval spawn $cmd expect "assword:" send "$password\r"; interact
Another example
#!/usr/bin/expect -f # ./ssh.exp password 192.168.100.10 id set pass [lrange $argv 0 0] set server [lrange $argv 1 1] set name [lrange $argv 2 2] spawn ssh $name@$server match_max 100000 expect "*?assword:*" send -- "$pass\r" send -- "\r" interact
And finally, a more elaborate example can be found here: