Difference between revisions of "Secure Shell - auto login ssh"

From Free Knowledge Base- The DUCK Project: information for everyone
Jump to: navigation, search
m (public key authentication)
m
 
Line 1: Line 1:
The OpenSSH ssh utility doesn't accept a password on the command line or on its standard input.  The nanny mentality whereby the developer protects us from ourselves by preventing us from doing something that compromises security, even though the result may be worse.
+
There is a key authentication system that can be used with OpenSSH.  The OpenSSH ssh utility doesn't accept a password on the command line or on its standard input, except for prompting the user for password requiring manual interactionBy using the key authentication system you will not be prompted for a password.
  
 
OPTIONS FOR SSH AUTOMATED
 
OPTIONS FOR SSH AUTOMATED

Latest revision as of 18:58, 24 July 2020

There is a key authentication system that can be used with OpenSSH. The OpenSSH ssh utility doesn't accept a password on the command line or on its standard input, except for prompting the user for password requiring manual interaction. By using the key authentication system you will not be prompted for a password.

OPTIONS FOR SSH AUTOMATED

  1. Use an SSH key for authentication, instead of a password.
  2. Use sshpass, expect, or a similar tool to automate responding to the password prompt.
  3. Use the SSH_ASKPASS feature to get ssh to get the password by running another program.
  4. Use the insecure host-based authentication, sometimes common on private networks.
  5. Use a custom or modified ssh client adapted from source code, or one that allows for stored password.

sshpass

Install the sshpass utility so that you can automate ssh login including password.

apt install sshpass

Now you can automate the login process

sshpass -p "mysecretpass" ssh -o StrictHostKeyChecking=no nicolep@192.168.100.10

Custom port example:

sshpass -p "mysecretpass" ssh -o StrictHostKeyChecking=no nicolep@192.168.100.10:9600

public key authentication

BEFORE MAKING NEW KEY PAIRS: Try to Find an Existing Secure Shell Key Pair. See if you already have a .ssh under your home directory. If you already have a key pair then you should not need to make a new key pair.

In the source host run this only once:

ssh-keygen -t rsa 

Now you've generated the public key. It needs to be copied onto the remote host.

ssh-copy-id -i ~/.ssh/id_rsa.pub nicolep@192.168.100.10

add identities to the ssh-agent – the authentication agent on the local host.

ssh-add

now press ENTER to every field

ssh-copy-id nicolep@192.168.100.10

expect

Example script

#!/usr/bin/expect

set timeout 15

set cmd [lrange $argv 1 end]
set password [lindex $argv 0]

eval spawn $cmd
expect "assword:"
send "$password\r";
interact

Another example

#!/usr/bin/expect -f
#  ./ssh.exp password 192.168.100.10 id
set pass [lrange $argv 0 0]
set server [lrange $argv 1 1]
set name [lrange $argv 2 2]

spawn ssh $name@$server
match_max 100000
expect "*?assword:*"
send -- "$pass\r"
send -- "\r"
interact

And finally, a more elaborate example can be found here: