6

I have a bash script that accepts exactly 3 arguments and I have created a web interface in PHP to run this script on a remote server. The user just enters username host and password of the remote server.

I found this command to execute bash script on remote server:

ssh root@host 'bash -s' < script.sh

But this command prompts for a password and also doesn't use any arguments. But I need something that can be run non-interactively.

Something like:

ssh root@host -password="password" 'bash -s' < script.sh
Zanna
  • 70,465
Amarjit Singh
  • 261
  • 3
    set up ssh keys for passwordless login: https://askubuntu.com/questions/46930/how-can-i-set-up-password-less-ssh-login If that's not an option, use sshpass – ignite Sep 10 '18 at 11:49
  • to setup ssh key I have to login to remote server manually. thats what i don't want – Amarjit Singh Sep 10 '18 at 11:50
  • @AmarjitSingh: You don't need to log in manually to set up ssh keys -- just use ssh-copy-id. Or am I misunderstanding something? – Daniel Pryden Sep 10 '18 at 17:16
  • @DanielPryden ssh-copy-id command also prompts for the password. But I need a command that is non-interactive. – Amarjit Singh Sep 10 '18 at 19:15
  • @AmarjitSingh: So you have two servers, and you don't have interactive access to either, but you can run arbitrary shell commands on the first server that contain the root password for the second server in plain text? If you don't have shell access, that implies that this is someone else's server -- do you really want to put the password to another machine in plain text there? – Daniel Pryden Sep 10 '18 at 20:50
  • @DanielPryden the first server that executes the script on another server is owned by me I have a web application that takes credentials from user and perform some operations on remote servers. The remote server belongs to the user of the web application. – Amarjit Singh Sep 11 '18 at 04:11

1 Answers1

4

Make sure that you have read security considerations

Install sshpass it's a tool for non-interactive ssh password authentication.

sudo apt install sshpass

You can use it like:

sshpass -p 'password' ssh user@server/IP

Then use it like this to run your script with its arguments:

sshpass -p 'password' ssh user@server "bash -s" < ./script.sh arg1 arg2

If it didn't work then what I suggest is to use scp and move your script to remote server, then run your command and remove the script:

sshpass -p 'password' scp script.sh user@server:/tmp/script.sh
sshpass -p 'password' ssh user@server /tmp/script.sh arg1 ar2 arg3
sshpass -p 'password' ssh user@server rm /tmp/script.sh

Security considerations [man sshpass]

First and foremost, users of sshpass should realize that ssh's insistance on only getting the password interactively is not without reason. It is close to impossible to securely store the password, and users of sshpass should consider whether ssh's public key authentication provides the same end-user experience, while involving less hassle and being more secure.

The -p option should be considered the least secure of all of sshpass's options. All system users can see the password in the command line with a simple "ps" command. Sshpass makes a minimal attempt to hide the password, but such attempts are doomed to create race conditions without actually solving the problem. Users of sshpass are encouraged to use one of the other password passing techniques, which are all more secure.

In particular, people writing programs that are meant to communicate the password programatically are encouraged to use an anonymous pipe and pass the pipe's reading end to sshpass using the -d option.

Ravexina
  • 55,668
  • 25
  • 164
  • 183
  • The password can be read from a file: sshpass -f /path/to/passwordfile ..., reference: https://askubuntu.com/a/982438/566421 – pa4080 Sep 10 '18 at 12:10
  • Yeah, there are other ways too (like using -e to read from $SSHPASS) I didn't add them to keep the answer clean. man sshpass – Ravexina Sep 10 '18 at 12:10
  • @Ravexina your solution only works with the known hosts. what about the new hosts that are not added to the list of known hosts. – Amarjit Singh Sep 10 '18 at 19:12
  • @AmarjitSingh that's another question. Anyway you can use -o StrictHostKeyChecking=no option ;) – Ravexina Sep 10 '18 at 19:41
  • I feel like this answer is incomplete without a mention of the (very serious) drawbacks mentioned under Security Considerations in the sshpass manpage. – Daniel Pryden Sep 10 '18 at 20:51
  • @DanielPryden You are right I will edit it really soon... however I consider that anyone who want to do it does know what's going on ;) – Ravexina Sep 10 '18 at 20:53
  • @Ravexina thanks for your great answer :). But I am getting invalid option -o while using -o StrictHostKeyChecking=no option. can you update your answer to explain how to use that option with sshpass. – Amarjit Singh Sep 11 '18 at 05:13
  • @AmarjitSingh Read this Q/A: https://askubuntu.com/a/87452/264781 :) – Ravexina Sep 11 '18 at 08:52
  • @AmarjitSingh I can't test it right now but this might work: sshpass -p 'password' -- ssh user@server -o StrictHostKeyChecking=no rm /tmp/script.sh – Ravexina Sep 11 '18 at 08:56