Linux scp с паролем

How to pass password to scp command used in bash script? [duplicate]

I have a bash script that makes dump of DB then copies file from one server to another but it always asks for password before connection.

scp file.tar.gz root@xxx.xxx.xxx.194:/backup 

This is something I really hate about many online communities; They will tell you that you are doing something stupid and then not give you the answer.

6 Answers 6

sshpass -p 'password' scp file.tar.gz root@xxx.xxx.xxx.194:/backup 

This is not a standard part of OpenSSH, and literally none of my machines (Mac OS X 10.7, Ubuntu 12.04, FreeBSD 8, Debian 3.1) have it. It’s also the accepted answer provided on the question that this one is marked as a duplicate of.

Excellent! Security isn’t always a concern, such as during cross-platform development of a box within the firewall. On systems with apt-get, install with sudo apt-get install -y sshpass

OK, to add extra security, consider sshpass -f file_with_password . Then secure the password file’s permissions, make it work, and then read some «clever» advice about how using sshpass is bad, and authorized_keys is great. Especially, when somebody else just gives you login+pass (e.g. for SFTP), and no option to authorize your public key.

I recommend reading the password from prompt once with read -s -p «Enter ssh password : » PASSWORD_SSH; and then use that in the sshpass phrase sshpass -p $PASSWORD_SSH scp file.tar.gz root@xxx.xxx.xxx.194:/backup

Rather than using root create an account just for this job. Use public keys without a passphrase instead of passwords.

scp -i /home/backupuser/.ssh/id_rsa backupuser@xxx.xxx.xxx.194:/backup 

By using a special account for the backup on the destination system you are not exposing your root password.

+1 for referring a creation of a specific account for file uploads instead of using root. And I will also recommend using a restricted shell like rssh for this user.

+nitpick for recommending another solution to the posed problem even though it does not literally answer the question.

It’s better to set up ssh to used key-based authentication rather than trying to figure out how to send text to the login process with something like expect .

So, basically, run ssh-keygen -t dsa on the machine that will run your script. When it asks you for a passphrase, hit ENTER to accept a blank. You will get two files. If you followed the default suggestions, the files will be ~/.ssh/id_dsa and ~/.ssh/id_dsa.pub. The first one is the private key. The second one is the public key.

Copy the public key to the second server using ssh-copy-id user@server2 . This will add the public key to the authorized_keys file of the user on server2.

You should now be able to run ssh from the first machine and log in without a password.

For copying the files, scp or rsync are fine. It depends on what you’re doing. rsync will use ssh by default, so will use the key-based authentication you just set up.

Читайте также:  Linux drivers for mac

Источник

How to Pass Password to SCP Command in Linux

As you progressively graduate in your Linux operating system user experience, you are bound to either find yourself in a Linux desktop-to-server or Linux server-to-server entanglement. In most cases, these scenarios are related to prioritized OS objectives such as the transfer of useful files and directory copies.

Securely Transfer Files Using Scp Command

The simplicity of the scp command-line tool makes it possible for users to easily and remotely copy files and directories from one Linux environment to another. It could be from a desktop environment to a server environment or from a server environment to another server environment.

SCP command usage supports password encryption to protect it from leaking or being snooped during files and directories transfer. The traditional or known approach of implementing the SCP command adheres to the following syntax.

$ scp [[email protected]:]Path_to_File_to_Copy [[email protected]:]Path_to_Destination_of_Copied_File

For instance, I could successfully copy a file to one of my remote servers from my Linux desktop environment in the following manner:

The initial execution of the above demonstrated SCP command leads to the following password entry prompt:

It is only after the Linux user enters a correct user-associated password that the targeted file is copied to its specified destination.

What if there was a one-liner command where you don’t have to wait for a password entry prompt before your files and directories can be copied to their intended destination?

Install SSHPass in Linux – Add SSH Password to Command

To brainstorm the above question, we have to implement both SSHPASS and SCP tools in one command. First, let us understand what this SSHPASS tool offers.

The logic of the SCP command is to copy files and directories from a host machine to a destination machine. The SCP command; on its own, is not sufficient enough to accommodate password authentication under a one-line command usage and therefore leads to a successive password prompt for the OS user to enter the required login passcode.

When SSHPASS is implemented alongside SCP, it nullifies the need for a password prompt before a user’s files and directories can be copied.

$ sudo apt-get install sshpass [On Debian, Ubuntu and Mint] $ sudo yum install sshpass [On RHEL/CentOS/Fedora and Rocky Linux/AlmaLinux] $ sudo emerge -a sys-apps/sshpass [On Gentoo Linux] $ sudo pacman -S sshpass [On Arch Linux] $ sudo zypper install sshpass [On OpenSUSE]

How to Add Password to SCP Command in Linux

SSHPASS non-interactive password authentication use case can be implemented alongside SCP as demonstrated by the following command syntax.

$ sshpass -p "REMOTE_USER_PASSWORD" scp [email protected]_Host:/DESTINATION_PATH_TO_COPIED_FILES

For instance, I could attempt copying a file to a remote server in the following manner:

In the above case, if we wanted to copy directory files, we would use the -r option to recursively copy all the files, folders, and sub-folders within the targeted directory.

Consider the following command.

As demonstrated, SSHPASS + SCP commands will help Linux users achieve a one-liner command usage for copying system/user files & directories from one host machine to another destination machine.

The targeted storage location of the copied files and directories could be a Linux server environment or a Linux desktop environment. SSHPASS + SCP tools make file copying fast, efficient, and manageable as you do not have to wait for a password prompt before your user-initiated actions can execute.

Читайте также:  Linux libglib 2 0 so 0

You should however be cautious with the use of SSHPASS on a network jammed with too many users as a malicious user could easily hijack your user password.

Источник

Using scp with Passwords [duplicate]

Can I input the password as a parameter to SCP rather than be prompted for it? How can I save password,when copy a file using SCP? This question is similar, but answers deal with doing away with SSH password completely.

Server Fault might be a better forum to ask this question. You can have a look at this question. Anyway, having a password to ssh and, even worse storing it somewhere, is a very bad practice and may bring you much more trouble than the one you have now, i.e. typing each time your password.

Why can you not use ssh keys? They are a far more secure way to do this. Problem with passwords as arguments is they are visible to everyone else on your local machine (via the process list) as well as being written plain text your your shells history.

2 Answers 2

There are several options:

sshpass -p 'password' scp filename user@host: 

sshpass — noninteractive ssh password provider

sshpass is a utility designed for running ssh using the mode referred to as «keyboard-interactive» password authentication, but in non-interactive mode.

ssh uses direct TTY access to make sure that the password is indeed issued by an interactive keyboard user. Sshpass runs ssh in a dedicated tty, fooling it into thinking it is getting the password from an interactive user.

The command to run is specified after sshpass’ own options. Typically it will be «ssh» with arguments, but it can just as well be any other command. The password prompt used by ssh is, however, currently hardcoded into sshpass.

write a script which will inject the password once it will identify the ssh password prompt

IMHO — This is the most secure way, and it doesn’t require using passwords.

Using public/private key in order to perform ssh or scp operation without having to enter a password.

Источник

Send password when using scp to copy files from one server to another [duplicate]

using scp to copy files from 1 unix server to another regularly and performing certain actions. to do this quickly I wish to use a unix script which does the scp and inputs the password required to complete the scp. I have tried the expect command to send the password throught the unix command line however unable to achieve this so far. sample commands

scp ./abc.txt hostname/abc.txt expect "*password:*" send "mypassword\r" 
couldn't read file "password: ": no such file or directory myscript.sh[5]: send: not found [No such file or directory] 

6 Answers 6

Just pass with sshpass -p «your password» at the beginning of your scp command

sshpass -p "your password" scp ./abc.txt hostname/abc.txt 

Don’t use or install sshpass because it makes it too easy for novice SSH users to ruin SSH’s security.

Worked for me, just needed to install sshpass -> sudo apt install sshpass on ubuntu and the command as said above.

You should use better authentication with open keys. In these case you need no password and no expect.

If you want it with expect , use this script (see answer Automate scp file transfer using a shell script ):

#!/usr/bin/expect -f # connect via scp spawn scp "user@example.com:/home/santhosh/file.dmp" /u01/dumps/file.dmp ####################### expect < -re ".*es.*o.*" < exp_send "yes\r" exp_continue >-re ".*sword.*" < exp_send "PASSWORD\r" >> interact 

Also, you can use pexpect (python module):

def doScp(user,password, host, path, files): fNames = ' '.join(files) print fNames child = pexpect.spawn('scp %s %s@%s:%s' % (fNames, user, host,path)) print 'scp %s %s@%s:%s' % (fNames, user, host,path) i = child.expect(['assword:', r"yes/no"], timeout=30) if i == 0: child.sendline(password) elif i == 1: child.sendline("yes") child.expect("assword:", timeout=30) child.sendline(password) data = child.read() print data child.close() 

One of the ways to get around login issues with ssh , scp , and sftp (all use the same protocol and sshd server) is to create public/private key pairings.

Читайте также:  Ldap directory server linux

Some servers may disallow this, but most sites don’t. These directions are for Unix/Linux/Mac. As always, Windows is a wee bit different although the cygwin environment on Windows does follow these steps.

  • On your machine, create your public/private key using ssh-keygen . This can vary from system to system, but the program should lead you through this.
  • When ssh-keygen is finished, you will have a $HOME/.ssh directory on your machine. This directory will contain a public key and a private key. There will be two more files that are generated as you go along. One is known_hosts which contains the fingerprints of all known hosts you’ve logged into. The second will be called either authorized_keys or authorized_keys2 depending upon your implementation.
  • If it’s not there already, log into the remote host, and run ssh-keygen there too. This will generate a $HOME/.ssh directory there as well as a private/public key pair. Don’t do this if the $HOME/.ssh directory already exists and has a public and private key file. You don’t want to regenerate it.
  • On the remote server in the $HOME/.ssh directory, create a file called authorized_keys . In this file, put your public key. This public key is found on your $HOME/.ssh directory on your local machine. It will end with *.pub . Paste the contents of that into authorized_keys . If authorized_keys already exists, paste your public key in the next line.

Now, when you log in using ssh , or you use scp or sftp , you will not be required to enter a password. By the way, the user IDs on the two machines do not have to agree. I’ve logged into many remote servers as a different user and setup my public key in authorized_keys and have no problems logging directly into that user.

Doing Private Public Key Authentication on Windows

If you use Windows, you will need something that can do ssh . Most people I know use PuTTY which can generate public/private keys, and do the key pairing when you login remotely. I can’t remember all of the steps, but you generate two files (one contains the public key, one contains the private key), and configure PuTTY to use both of those when logging into a remote site. If that remote site is Linux/Unix/Mac, you can copy your public key and put it into the authorized_keys file.

If you can use SSH Public/Private keys, you can eliminate the need for passwords in your scripts. Otherwise, you will have to use something like Expect or Perl with Net::SSH which can watch the remote host and enter the password when prompted.

Источник

Оцените статью
Adblock
detector