HPE Community
Operating System - HP-UX
1756121 Members
3005 Online
108841 Solutions
New Discussion юеВ

providing password in script

 
sen_ux
Valued Contributor

тАО11-28-2008 09:28 PM

тАО11-28-2008 09:28 PM

providing password in script

Hi All,

I need to ssh and scp to multiple servers.
How can I do this using a script.Password should be provided in the script, so that ssh/scp should not ask passwd for each server.

( Some way other than exchanging ssh key )

Thanks
sen
0 Kudos
Reply
8 REPLIES 8
Dennis Handly
Acclaimed Contributor

тАО11-28-2008 10:07 PM

тАО11-28-2008 10:07 PM

Re: providing password in script

Ideally, the whole purpose of ssh and scp is so you don't have to enter the password.
0 Kudos
Reply
Victor Fridyev
Honored Contributor

тАО11-29-2008 12:00 AM

тАО11-29-2008 12:00 AM

Re: providing password in script

Do you want to insert user/password into a script ? IMHO, it's a bad idea.
Can you please explain why you don't want to use the standard SSH free password approach ?

Best
Entities are not to be multiplied beyond necessity - RTFM
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

тАО11-29-2008 05:41 AM

тАО11-29-2008 05:41 AM

Re: providing password in script

Hi Sen:

You can and should avoid passwords in scripts if you are automating Secure Shell functions like 'scp', 'sftp', etc.

Setup and use public keys among your servers.

These two links should provide you the information you need to easily do this:

http://sial.org/howto/openssh/publickey-auth/

http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1254688&admit=109447626+1227965745456+28353475

The 'known_hosts' file contains the public host keys for all known hosts. The per-user version is maintained automatically. Thus, whenever you connect from an unknown host, its key is added to the per-user file if you choose to acknowledge the fingerprint. If you don't, the connection can still be made, but you will be prompted the next time as if you had never connected.

The manpages for 'sshd' and 'ssh' offer more information.

Regards!

...JRF...
0 Kudos
Reply
OldSchool
Honored Contributor

тАО11-29-2008 07:46 AM

тАО11-29-2008 07:46 AM

Re: providing password in script

as noted, this is a *bad* idea. usual practice would be the key exchange to allow passwordless login.

As far as I know, the only workable alternative would be to use "expect" to script the connection.
0 Kudos
Reply
Bill Hassell
Honored Contributor

тАО11-29-2008 03:48 PM

тАО11-29-2008 03:48 PM

Re: providing password in script

> ( Some way other than exchanging ssh key )

ssh and scp are encrypted communications protocols, commonly used to enhance security. By trying to put a password into a script, you have placed a security vulnerability into your environment, thus making ssh/scp much less secure. Setting up a public key is a commonly accepted method to run remote commands and copy files in a secure manner. Like any networking solution, the local user as well as the remote user should be evaluated as to allowed permissions. root-to-root should be evaluated. user-to-user makes more sense and for ssh commands, running sudo at the remote site is preferred over root access.


Bill Hassell, sysadmin
0 Kudos
Reply
rmueller58
Valued Contributor

тАО01-26-2009 06:58 AM

тАО01-26-2009 06:58 AM

Re: providing password in script

sen,

JRF has the answer,

You can use SCP or SFTP in batch mode but you need to define trusts between the two boxes in question.

Follow the links in his posts to define the key exchange, and then within your script you can use the
scp -B sourceuser@:/path/filename.ext /destination/filename
0 Kudos
Reply
Autocross.US
Trusted Contributor

тАО01-26-2009 07:24 AM

тАО01-26-2009 07:24 AM

Re: providing password in script

As stated above, using passwords in a script is a bad idea. The ssh/scp tools don't have command line options for passwords for this reason.

If you want to do this, you will need to use a tool like expect:

http://expect.nist.gov/

(Google ssh/scp expect for some sample scripts)

You can also check out the Perl Net::SSH module:
http://search.cpan.org/dist/Net-SSH-Perl/lib/Net/SSH/Perl.pm

There are also modules for Python and TCL that do this. Check around on google for samples.

key-based authentication is the way to go though. It doesn't require any add-on tools and is secure.
I drive way too fast to worry about calories.
0 Kudos
Reply
Nick Bishop (Kiwi)
Frequent Advisor

тАО01-26-2009 09:32 PM

тАО01-26-2009 09:32 PM

Re: providing password in script

Like the others, I would use a public key.

To avoid problems with the private key requiring a pass-phrase, one should generate a second private/public pair without a pass-phrase, and at the remote end, you restrict that public key to doing the specific command(s) that you wish.

In a similar vein to the others, I suggest you read, read, read (or man, man, man), but hopefully I've suggested an approach and that you'll know what to look for when reading.

Anyone wanna suggest how to restrict a public key to scp only AND restrict it to a particular directory tree (so someone can't pick it up and mess around with the .profile, or to grab sensitive information)?

Nick.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.