SSH is the most trusted open-source network protocol and is used to connect to remote servers to run commands and programs. We often need to pass the password into the command for an automated shell script. TTY is a command that allows us to interact with the system by passing the data in the console input instead of the stdin. Linux offers multiple ways to pass the password into the console input for different commands without overriding the TTY.
In this tutorial, we’ll explore various ways to pass the password on Linux systems.
2. Pass Password to the sudo Command
Here, we’ll learn to pass the password to the sudo command without prompting us to input the password. The -S (stdin) option of the sudo command allows reading the password from standard input instead of a terminal device.
Now, let’s take a look at how we can use sudo with -S:
$ echo "password" | sudo -S ls -la /root/docker-test apache-tomcat fedora jenkinsDir loadtest new test v2 wget
In this example, the echo command prints the password to the terminal, and then it pipes it to sudo via the | operator. The -S option tells sudo to read the password from standard input. We shouldn’t use this method since running the ps command will allow other users to see our password.
To secure the password, we can also store it in a file and then provide it to the sudo command:
$ cat password.txt | sudo -S ls -la /root/docker-test apache-tomcat fedora jenkinsDir loadtest new test v2 wget
We can rewrite this command using the <<< operator to do the same thing:
$ sudo -S <<< "password" ls /root/docker-test apache-tomcat fedora jenkinsDir loadtest new test v2 wget
The <<< operator allows us to pass a string to a command’s standard input. In this case, the password is passed to sudo as standard input, and sudo reads it as the password. Here, in all the cases, we could pass the password to the sudo command.
3. Pass Password to the SSH Utility
To connect to a server remotely, we must set up an SSH connection. In general, SSH provides two different types of authentication: Password authentication and Public-key authentication. Public-key authentication provides the highest degree of security, and it’s also relatively easy and widespread.
We can access a remote machine in Linux by using password authentication in two ways. The first way is to supply the password through standard input, and the second way is to pass the password directly via console input.
3.1. Pass Password Using sshpass
The sshpass utility makes it easier for administrators to manage SSH connections in scripts. By default, sshpass is not pre-installed in the Linux system. But we can easily install it using the package manager:
$ yum install sshpass
Now that the sshpass command is successfully installed, let’s now directly pass the password to the sshpass command:
$ sshpass -p "password" ssh [email protected]
In addition, we can also pass the password to the sshpass through a file:
$ echo 'password' > passwordFile $ chmod 0400 passwordFile $ sshpass -f passwordFile ssh ssh [email protected]
By running chmod 0400 passwordFile before running the sshpass command, we’re ensuring that the passwordFile is only readable by the owner, which is a security measure to prevent other users on the system from being able to read the password. When using this approach, it’s recommended to store the password in a file and then pass it to the sshpass command.
3.2. Using Passphrase-less SSH Key
In this section, we’ll learn to set up password-less communication with the machine using the passphrase-less SSH key.
In general, we can use sshpass for password-less communication, but the ssh-keygen command is best suited for dealing with several remote servers.
To connect to the server without using any password, we first need to generate a public/private key pair:
$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/root/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /root/.ssh/id_rsa. Your public key has been saved in /root/.ssh/id_rsa.pub. The key fingerprint is: SHA256:rsJ2/OBaP+javygqFFiLct9AolesTZ9b/Q3M5/mrp3s [email protected] The key's randomart image is: +---[RSA 2048]----+ | . | | o = | |.+ O . . . o | |=.= o o . . + . | |.o.. o oS . = . | | . . o. . + | |. . .o.. . | |. =++=. E.| | ..ooB*o=o +*..| +----[SHA256]-----+
Now, let’s upload our newly generated public key to the host machine:
$ ssh-copy-id [email protected]
Finally, let’s log in to the machine without using any password:
$ ssh [email protected]
In this case, with the help of the above commands, we can log in successfully.
3.3. Pass Password Using expect Command
Linux’s expect command allows us to automate interactions with scripts and programs. We can send any type of response to the script when it waits for text input.
Let’s look at an example of using the expect command to connect with a remote server:
$ expect -c 'spawn ssh [email protected] ; expect "password:"; send "actualpassword\r"; interact' spawn ssh [email protected] [email protected]'s password: Activate the web console with: systemctl enable --now cockpit.socket Last login: Sun Mar 20 07:04:00 2022 from 220.127.116.11
Here, the expect command helped us to log in successfully to the remote server. The spawn command starts the script, whereas the expect command waits for output from the program. The send command sends a reply to the program, and finally, the interact command allows us to interact with the program.
In this article, we’ve learned to access several different commands to pass the password without overriding the TTY.
First, we explored the sudo command without the password, and later, we used different utilities of ssh to communicate with the remote servers.