I'm writing a C Shell program that will be doing su or sudo or ssh. They all want their passwords in console input (the TTY) rather than stdin or the command line.
Does anybody know a solution?
Setting up password-less sudo is not an option.
expect could be an option, but it's not present on my stripped-down system.
Hardcoding a password in an expect script is the same as having a passwordless sudo, actually worse, since sudo at least logs its commands.
USE:
echo password | sudo command
Example:
echo password | sudo apt-get update; whoami
Hope It Helps..
su -c "Command" < "Password"
Hope it is helpful.
Take a look at expect linux utility.
It allows you to send output to stdio based on simple pattern matching on stdin.
Maybe you can use an expect command?:
expect -c 'spawn ssh [email protected];expect password;send "your-password\n";interact
That command gives the password automatically.
When there's no better choice (as suggested by others), then man socat can help:
(sleep 5; echo PASSWORD; sleep 5; echo ls; sleep 1) |
socat - EXEC:'ssh -l user server',pty,setsid,ctty
EXEC’utes an ssh session to server. Uses a pty for communication
between socat and ssh, makes it ssh’s controlling tty (ctty),
and makes this pty the owner of a new process group (setsid), so
ssh accepts the password from socat.
All of the pty,setsid,ctty complexity is necessary and, while you might not need to sleep as long, you will need to sleep. The echo=0 option is worth a look too, as is passing the remote command on ssh's command line.
I wrote some Applescript which prompts for a password via a dialog box and then builds a custom bash command, like this:
echo <password> | sudo -S <command>
I'm not sure if this helps.
It'd be nice if sudo accepted a pre-encrypted password, so I could encrypt it within my script and not worry about echoing clear text passwords around. However this works for me and my situation.
I've got:
ssh user@host bash -c "echo mypass | sudo -S mycommand"
Works for me.
You can provide password as parameter to expect script.
echo <password> | su -c <command> <user>
This is working.
The usual solution to this problem is setuiding a helper app that performs the task requiring superuser access: http://en.wikipedia.org/wiki/Setuid
Sudo is not meant to be used offline.
Later edit: SSH can be used with private-public key authentication. If the private key does not have a passphrase, ssh can be used without prompting for a password.
I had the same problem. dialog script to create directory on remote pc. dialog with ssh is easy. I use sshpass (previously installed).
dialog --inputbox "Enter IP" 8 78 2> /tmp/ip
IP=$(cat /tmp/ip)
dialog --inputbox "Please enter username" 8 78 2> /tmp/user
US=$(cat /tmp/user)
dialog --passwordbox "enter password for \"$US\" 8 78 2> /tmp/pass
PASSWORD = $(cat /tmp/pass)
sshpass -p "$PASSWORD" ssh $US@$IP mkdir -p /home/$US/TARGET-FOLDER
rm /tmp/ip
rm /tmp/user
rm /tmp/pass
greetings from germany
titus
Set SSH up for Public Key Authentication, with no pasphrase on the Key. Loads of guides on the net. You won't need a password to login then. You can then limit connections for a key based on client hostname. Provides reasonable security and is great for automated logins.
a better sshpass alternative is: passh
https://github.com/clarkwang/passh
Login to a remote server
$ passh -p password ssh user@host
Run a command on remote server
$ passh -p password ssh user@host date
other methods to pass the password
-p The password (Default: `password')
-p env: Read password from env var
-p file: Read password from file
here I explained why it is better than sshpass, and other solutions.
I wrote some Applescript which prompts for a password via a dialog box and then builds a custom bash command, like this:
echo <password> | sudo -S <command>
I'm not sure if this helps.
It'd be nice if sudo accepted a pre-encrypted password, so I could encrypt it within my script and not worry about echoing clear text passwords around. However this works for me and my situation.
For sudo you can do this too:
sudo -S <<< "password" command
Maybe you can use an expect command?:
expect -c 'spawn ssh [email protected];expect password;send "your-password\n";interact
That command gives the password automatically.
a better sshpass alternative is: passh
https://github.com/clarkwang/passh
Login to a remote server
$ passh -p password ssh user@host
Run a command on remote server
$ passh -p password ssh user@host date
other methods to pass the password
-p The password (Default: `password')
-p env: Read password from env var
-p file: Read password from file
here I explained why it is better than sshpass, and other solutions.
USE:
echo password | sudo command
Example:
echo password | sudo apt-get update; whoami
Hope It Helps..
I've got:
ssh user@host bash -c "echo mypass | sudo -S mycommand"
Works for me.
For sudo you can do this too:
sudo -S <<< "password" command
For ssh you can use sshpass: sshpass -p yourpassphrase ssh user@host.
You just need to download sshpass first :)
$ apt-get install sshpass
$ sshpass -p 'password' ssh username@server
The usual solution to this problem is setuiding a helper app that performs the task requiring superuser access: http://en.wikipedia.org/wiki/Setuid
Sudo is not meant to be used offline.
Later edit: SSH can be used with private-public key authentication. If the private key does not have a passphrase, ssh can be used without prompting for a password.
Take a look at expect linux utility.
It allows you to send output to stdio based on simple pattern matching on stdin.
ssh -t -t [email protected] << EOF
echo SOMEPASSWORD | sudo -S do something
sudo do something else
exit
EOF
Building on @Jahid's answer, this worked for me on macOS 10.13:
ssh <remote_username>@<remote_server> sudo -S <<< <remote_password> cat /etc/sudoers
This can be done by setting up public/private keys on the target hosts you will be connecting to. The first step would be to generate an ssh key for the user running the script on the local host, by executing:
ssh-keygen
Enter file in which to save the key (/home/myuser/.ssh/id_rsa): <Hit enter for default>
Overwrite (y/n)? y
Then enter a blank password. After that, copy your ssh key onto the target host which you will be connecting to.
ssh-copy-id <remote_user>@<other_host>
remote_user@other_host's password: <Enter remote user's password here>
After registering the ssh keys, you would be able to perform a silent ssh remote_user@other_host from you local host.
Hardcoding a password in an expect script is the same as having a passwordless sudo, actually worse, since sudo at least logs its commands.
su -c "Command" < "Password"
Hope it is helpful.
Take a look at expect linux utility.
It allows you to send output to stdio based on simple pattern matching on stdin.
You can provide password as parameter to expect script.
Set SSH up for Public Key Authentication, with no pasphrase on the Key. Loads of guides on the net. You won't need a password to login then. You can then limit connections for a key based on client hostname. Provides reasonable security and is great for automated logins.
Hardcoding a password in an expect script is the same as having a passwordless sudo, actually worse, since sudo at least logs its commands.
When there's no better choice (as suggested by others), then man socat can help:
(sleep 5; echo PASSWORD; sleep 5; echo ls; sleep 1) |
socat - EXEC:'ssh -l user server',pty,setsid,ctty
EXEC’utes an ssh session to server. Uses a pty for communication
between socat and ssh, makes it ssh’s controlling tty (ctty),
and makes this pty the owner of a new process group (setsid), so
ssh accepts the password from socat.
All of the pty,setsid,ctty complexity is necessary and, while you might not need to sleep as long, you will need to sleep. The echo=0 option is worth a look too, as is passing the remote command on ssh's command line.
I wrote some Applescript which prompts for a password via a dialog box and then builds a custom bash command, like this:
echo <password> | sudo -S <command>
I'm not sure if this helps.
It'd be nice if sudo accepted a pre-encrypted password, so I could encrypt it within my script and not worry about echoing clear text passwords around. However this works for me and my situation.
Hardcoding a password in an expect script is the same as having a passwordless sudo, actually worse, since sudo at least logs its commands.
One way would be to use read -s option .. this way the password characters are not echoed back to the screen. I wrote a small script for some use cases and you can see it in my blog: http://www.datauniv.com/blogs/2013/02/21/a-quick-little-expect-script/
For ssh you can use sshpass: sshpass -p yourpassphrase ssh user@host.
You just need to download sshpass first :)
$ apt-get install sshpass
$ sshpass -p 'password' ssh username@server
The usual solution to this problem is setuiding a helper app that performs the task requiring superuser access: http://en.wikipedia.org/wiki/Setuid
Sudo is not meant to be used offline.
Later edit: SSH can be used with private-public key authentication. If the private key does not have a passphrase, ssh can be used without prompting for a password.
You can provide password as parameter to expect script.
Take a look at expect linux utility.
It allows you to send output to stdio based on simple pattern matching on stdin.
The usual solution to this problem is setuiding a helper app that performs the task requiring superuser access: http://en.wikipedia.org/wiki/Setuid
Sudo is not meant to be used offline.
Later edit: SSH can be used with private-public key authentication. If the private key does not have a passphrase, ssh can be used without prompting for a password.
One way would be to use read -s option .. this way the password characters are not echoed back to the screen. I wrote a small script for some use cases and you can see it in my blog: http://www.datauniv.com/blogs/2013/02/21/a-quick-little-expect-script/
This can be done by setting up public/private keys on the target hosts you will be connecting to. The first step would be to generate an ssh key for the user running the script on the local host, by executing:
ssh-keygen
Enter file in which to save the key (/home/myuser/.ssh/id_rsa): <Hit enter for default>
Overwrite (y/n)? y
Then enter a blank password. After that, copy your ssh key onto the target host which you will be connecting to.
ssh-copy-id <remote_user>@<other_host>
remote_user@other_host's password: <Enter remote user's password here>
After registering the ssh keys, you would be able to perform a silent ssh remote_user@other_host from you local host.
You can provide password as parameter to expect script.
Set SSH up for Public Key Authentication, with no pasphrase on the Key. Loads of guides on the net. You won't need a password to login then. You can then limit connections for a key based on client hostname. Provides reasonable security and is great for automated logins.
ssh -t -t [email protected] << EOF
echo SOMEPASSWORD | sudo -S do something
sudo do something else
exit
EOF
echo <password> | su -c <command> <user>
This is working.
I had the same problem. dialog script to create directory on remote pc. dialog with ssh is easy. I use sshpass (previously installed).
dialog --inputbox "Enter IP" 8 78 2> /tmp/ip
IP=$(cat /tmp/ip)
dialog --inputbox "Please enter username" 8 78 2> /tmp/user
US=$(cat /tmp/user)
dialog --passwordbox "enter password for \"$US\" 8 78 2> /tmp/pass
PASSWORD = $(cat /tmp/pass)
sshpass -p "$PASSWORD" ssh $US@$IP mkdir -p /home/$US/TARGET-FOLDER
rm /tmp/ip
rm /tmp/user
rm /tmp/pass
greetings from germany
titus
Building on @Jahid's answer, this worked for me on macOS 10.13:
ssh <remote_username>@<remote_server> sudo -S <<< <remote_password> cat /etc/sudoers
Source: Stackoverflow.com