adding password to .ssh/config

Solution 1:

No, There is no method to specify or provide on the command line the password in a non-interactive manner for ssh authentication using a openssh built-in mechanism. At least not one what I know of. You could hardcode your password into expect script but it is not a good solution either.

You definitely would want to use keypairs for passwordless authentication as Michael stated, in the end private key is pretty much a big password in the file.

Solution 2:

To avoid the string of comments: Yes, this is insecure (not even arguably insecure). I would strongly recommend you only do it in a lab situation on an isolated network or a similiar situation that does not involve production servers or potentientially production server without a full reset/format.

I wanted to set this up as I don't think my 2950 switch supports private/public keys and I hope at some point to get that knowledge, but I am not there yet.

Using an alias and sshpass this can be accomplished.

  1. Install sshpass
  2. Alter your .ssh/config file to include the username as listed in the question
  3. Add an alias to your terminal (I used .bashrc and would recommend against gloabl settings)
  4. Use alias to log into the target

My example alias is:

alias ssc='sshpass -pcisco ssh'

Where "cisco" is the password. Note there is no space between the -p and the password.

Usage is (referencing the question):

ssc server1

Note: This answers the question in title only for those using search engines. If you are using servers like the question example, private/public key pairs and not this answer should be used


Solution 3:

Yes, as mentioned above there's no way to save the password simply. I would recommend using ssh key for authorization.

first, generate your key :

ssh-keygen

Then copy the key around on your servers/desktops :

ssh-copy-id -i .ssh/id_rsa.pub user@ip-address:

That's all. You will never be asked for the password again.

I also recommend removing password authorization in general but that's up to you.


Solution 4:

There's no way to do this with ssh, it's as insecure as it can get.

As Danila mentioned you could use expect scripts but I wouldn't bother.

I wonder what are you trying to achieve? Do you want to hop from one server to another? In this case you want to setup and use ssh-agent on your workstation and enable agent forwarding on the target hosts; this way the credential exchange with be routed to your local agent without having to copy your private key around.


Solution 5:

I use this script from ~/.local/bin directory

#!/usr/bin/bash

ORIG_SSH=/usr/bin/ssh
HOST=$1

SSHPASS=$(grep -Pzo "Host $HOST"'\s*\n((?!Host).*\n)*#PS\s(\N+)\n' ~/.ssh/config|tail -n 2|head -n 1 | sed 's/#PS //')
if [ -n $SSHPASS ]; then
    export SSHPASS
    sshpass -e $ORIG_SSH $@
else
    $ORIG_SSH $@
fi

Which allows me to specify passphrase as #PS <password> in .ssh/config file.

But, as everybody says, it's better to use ssh-keys with ssh-agent when it's possible

Tags:

Linux

Ubuntu

Ssh