First of all, sorry, the title is a mouthful.
Tell me, what can sshpass do. When we directly use ssh to connect to the remote host in the terminal command line, by default, a password will be prompted. As you can see, this step is actually done interactively under the terminal - the terminal prompts the user to manually enter the password.
Automated ssh remote connections in scripts are not possible due to the need for human involvement.
There are three ways I know of for ssh connection in automated scripts:
1. Establish mutual trust between two machines by means of ssh-key
2. With the help of the sshpass tool, provide the password as a parameter
3. With expect,
This article only describes the 2nd way to provide the password in the script .
sshpass is a tool that can do one thing: after the password of the remote host is provided as a parameter to sshpass, the ssh connection is performed without the need for interactive manual input of the password.
The usage is very simple:
$ sshpass -p password ssh username@host
However, in actual use, it is found that when connecting to a certain host for the first time, there is no response to the above sshpass command. Remove the sshpass part and use ssh alone to connect to the host, and found the pattern.
$ ssh [email protected]
The authenticity of host '10.xxx (10.xxx)' can't be established.
RSA key fingerprint is a4:eb:8c:7d:2a:ef:d6:1c:a3:0c :e8:e5:00:d2:eb:60.
Are you sure you want to continue connecting (yes/no)?
That is: ssh is used in combination with sshpass. When connecting to a host for the first time, the above line prompt is swallowed up.
If you are sure that the host you are connecting to for the first time is secure, you can add options to ssh under the sshpass command: -o StrictHostKeychecking=no The
complete command is as follows:
$ sshpass -p password ssh -o StrictHostKeychecking=no username@host
In addition, since scp uses the ssh method Copy files between remote hosts, so sshpass can also work with scp.
An example of scp + sshpass is as follows:
$ sshpass -p password scp -o StrictHostKeychecking=no -r username@host:~/test ~
--------------
Funny thing: When installing sshpass
via brew install under Mac OS X, I encountered the following:
$ brew install sshpass
Error: No available formula for sshpass
We won't add sshpass because it makes it too easy for novice SSH users to
ruin SSH's security.
It seems that sshpass is not safe. Therefore, it is recommended to use it only on the intranet in the actual production environment.