sshpass: An Excellent Tool for Non-Interactive SSH Login – Never Use on Production Server

In most cases, Linux system administrators login to remote Linux servers using SSH either by supplying a password, or passwordless SSH login, or keybased SSH authentication.

What if you want to supply a password along with username to SSH prompt itself? this is where sshpass comes to rescue.

sshpass is a simple and lightweight command line tool that enables us to provide password (non-interactive password authentication) to the command prompt itself, so that automated shell scripts can be executed to take backups via cron scheduler.

ssh uses straight TTY access to make sure that the password is actually supplied by an interactive keyboard user. Sshpass runs ssh in a devoted tty, mislead it into believing that it is receiving the password from an interactive user.

Important: Using sshpass considered to be least secure, as it reveals the password to all system users on the command line with simple “ps” command. I highly recommend using SSH Passwordless authentication.

Install sshpass on Linux Systems

In RedHat/CentOS based systems, first you need to enable Epel repository on your system to install it using yum command as shown.

# yum install sshpass
# dnf install sshpass    [On Fedora 22+ versions]

On Debian/Ubuntu and its derivatives, you can install it using apt-get command as shown.

$ sudo apt-get install sshpass

Alternatively, you can install from source to have latest version of sshpass, first download the source code and then extract contents of the tar file and install it like so:

$ wget http://sourceforge.net/projects/sshpass/files/latest/download -O sshpass.tar.gz
$ tar -xvf sshpass.tar.gz
$ cd sshpass-1.06
$ ./configure
# sudo make install 

How to Use sshpass in Linux

sshpass is used together with ssh, you can view all the sshpass usage options with full descriptions by issuing the command below:

$ sshpass -h
sshpass Help
Usage: sshpass [-f|-d|-p|-e] [-hV] command parameters
   -f filename   Take password to use from file
   -d number     Use number as file descriptor for getting password
   -p password   Provide password as argument (security unwise)
   -e            Password is passed as env-var "SSHPASS"
   With no parameters - password will be taken from stdin

   -h            Show help (this screen)
   -V            Print version information
At most one of -f, -d, -p or -e should be used

As I mentioned before, sshpass is more reliable and useful for scripting purposes, consider the example commands below.

Login to remote Linux ssh server (10.42.0.1) with the username and password and check the file-system disk usage of remote system as shown.

$ sshpass -p 'my_pass_here' ssh [email protected] 'df -h' 

Important: Here, the password is provided on the command line which is practically unsecure and using this option is not recommended.

sshpass - Linux Remote Login via SSH

sshpass – Linux Remote Login via SSH

However, to prevent showing password on the screen, you can use the -e flag and enter the password as a value of the SSHPASS environment variable as below:

$ export SSHPASS='my_pass_here'
$ echo $SSHPASS
$ sshpass -e ssh [email protected] 'df -h' 
sshpass - Hide Password in Prompt

sshpass – Hide Password in Prompt

Note: In the example above, SSHPASS environment variable is for temporary purpose only and will be removed during reboot.

To permanently set the SSHPASS environment variable, open the /etc/profile file and type the export statement at the beginning of the file:

export SSHPASS='my_pass_here'

Save the file and exit, then run the command below to effect the changes:

$ source /etc/profile 

On the other hand, you can also use the -f flag and put the password in a file. This way, you can read the password from the file as follows:

$ sshpass -f password_filename ssh [email protected] 'df -h'
sshpass - Supply Password File to Login

sshpass – Supply Password File to Login

You can also use sshpass to transfer files using scp or backup/sync files over rsync using SSH as shown:

------- Transfer Files Using SCP ------- 
$ scp -r /var/www/html/example.com --rsh="sshpass -p 'my_pass_here' ssh -l aaronkilik" 10.42.0.1:/var/www/html

------- Backup or Sync Files Using Rsync -------
$ rsync --rsh="sshpass -p 'my_pass_here' ssh -l aaronkilik" 10.42.0.1:/data/backup/ /backup/

For more usage, I suggest you to read through the sshpass man page, type:

$ man sshpass

In this article, we explained sshpass a simple tool that enables non-interactive password authentication. Although, this tools may be helpful, it is highly recommended to use ssh’s more secure public key authentication mechanism.

Please, do leave a question or comment via the feedback section below for any further discussions.

Best Affordable Linux and WordPress Services For Your Business
Outsource Your Linux and WordPress Project and Get it Promptly Completed Remotely and Delivered Online.

If You Appreciate What We Do Here On TecMint, You Should Consider:

  1. Stay Connected to: Twitter | Facebook | Google Plus
  2. Subscribe to our email updates: Sign Up Now
  3. Get your own self-hosted blog with a Free Domain at ($3.45/month).
  4. Become a Supporter - Make a contribution via PayPal
  5. Support us by purchasing our premium books in PDF format.
  6. Support us by taking our online Linux courses

We are thankful for your never ending support.

Aaron Kili

Aaron Kili is a Linux and F.O.S.S enthusiast, an upcoming Linux SysAdmin, web developer, and currently a content creator for TecMint who loves working with computers and strongly believes in sharing knowledge.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

8 Responses

  1. Rahul says:

    Can I put multiple passwords in file

  2. Kedar Acharekar says:

    How to use passphrase in sshpass?

  3. Iulian Murgulet says:

    Hello,

    From what I see the most secure use case for sshpass is to supply a file password (-f option) with chmod 400 passwd_file and a proper owner. And if you want to be more secure, maybe you can use a openvpn tunnel for the remote host and some iptables rules to restrict the ip source of the sshpass host.

    Anyway, you need to use the right tool for your landscape and sometimes functionality is more important than security ; )

  4. Ismail says:

    open source IT inventory software need to have for 60-100 users machine.For both software and Hardware IT assets.

Got something to say? Join the discussion.

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.