How to Automate SSH Login If You Should Use a Password

While it’s not ideal for security, you can automate SSH password authentication in bash scripts using the sshpass utility.

Before we begin using automated passwords for SSH is considered bad practice for a reason.

In almost all cases, it’s better to use an SSH key, which I will show below. However, passwords do have the benefit of being easier to manage, remember, and distribute to team members.

Those are all simultaneously downsides for security, but that’s a tradeoff you may choose to make.

Using SSHPass

The regular ssh command does not have a --password flag to allow you to automate this easily. You will have to install a tool called sshpass to handle this explicitly. You can download it from most Linux package managers; for Debian based systems like Ubuntu, that would be:

sudo apt-get install sshpass

If you’re using sshpass from inside a script file, you can pass it in directly with the -p flag, followed by your standard SSH command:

sshpass -p 'password' ssh user@remote_ip

However, this is not good practice for a few reasons:

1. If used outside of a script file, it exposes the plaintext password to Linux command history and other systems. Other Linux users may be able to see it.
2. It may be unclear that there is a password buried in this script file, potentially leading to bad file permissions exposing it.
3. It may be accidentally tracked in version control, and doesn’t allow changing of the password used on the clients.

Because of this, you should store the password in a file instead. Make sure to set the permissions on it to ensure it’s not accessible by other users.

echo "password" > password_file

chmod 600 password_file

Then, pass this to sshpass with -f:

sshpass -f password_file ssh user@remote_ip

Setting Up SSH Keys Instead

SSH keys are preferred for most systems. They’re much longer, as well as harder to accidentally leak, making them ideal for security.

They also encourage identity based authentication, since SSH keys are usually tied to the machine they’re created on.

SSH stores your public key in ~/.ssh/id_rsa.pub, which it uses for all requests. It’s easy to generate a new key file:

ssh-keygen

You need to add this to the ~/.ssh/authorized_keys file on the server you want to connect to. There’s a built in SSH command that can do this easily for you:

ssh-copy-id -i ~/.ssh/id_rsa.pub user@host

Once that’s done, you won’t be asked for a password anymore. You can copy this key to other machines, but usually it’s fine to just add multiple keys.

Alternative Methods For Reference

Using PSSH and PSCP

We also have a very handy tool written in python i.e. PSSH and PSCP where you can connect to multiple hosts by just entering the password once on the terminal. You can also setup password less login using private public key pair and then use the public key to connect to remote server without any password.

PSSH is part of EPEL repository which we had already installed in our previous section so we will just install PSSH.

dnf -y install pssh

Next we will generate a password less private public key pair

ssh-keygen -t rsa -P ""

We have to now create an ssh agent and bind it to the private key which PSSH will use:

eval `ssh-agent` ssh-add /root/.ssh/id_rsa

Now we can use PSSH to connect to remote server without worrying about password:

pssh -i -H "remote_ip_address" -l root -x "-o StrictHostKeyChecking=no -o GSSAPIAuthentication=no -o PreferredAuthentications=publickey -o PubkeyAuthentication=yes" hostname

Here I have used multiple SSH options to only use PubKeyAuthentication and disable other type of authentication methods.

I hope you were able to Login SSH using the above described methods successfully.