Execute bash script on remote server non-interactively
Execute bash script on remote server non-interactively
I have a bash script that accepts exactly 3 arguments and I have created a web interface in PHP to run this script on a remote server. The user just enters username host and password of the remote server.
I found this command to execute bash script on remote server:
ssh root@host 'bash -s' < script.sh
But this command prompts for a password and also doesn't use any arguments. But I need something that can be run non-interactively.
Something like:
ssh root@host -password="password" 'bash -s' < script.sh
to setup ssh key I have to login to remote server manually. thats what i don't want
– Amarjit Singh
Sep 10 '18 at 11:50
@AmarjitSingh: You don't need to log in manually to set up ssh keys -- just use
ssh-copy-id. Or am I misunderstanding something?– Daniel Pryden
Sep 10 '18 at 17:16
ssh-copy-id
@DanielPryden ssh-copy-id command also prompts for the password. But I need a command that is non-interactive.
– Amarjit Singh
Sep 10 '18 at 19:15
@AmarjitSingh: So you have two servers, and you don't have interactive access to either, but you can run arbitrary shell commands on the first server that contain the root password for the second server in plain text? If you don't have shell access, that implies that this is someone else's server -- do you really want to put the password to another machine in plain text there?
– Daniel Pryden
Sep 10 '18 at 20:50
1 Answer
1
Make sure that you have read security considerations
Install sshpass it's a tool for non-interactive ssh password authentication.
sshpass
sudo apt install sshpass
You can use it like:
sshpass -p 'password' ssh user@server/IP
Then use it like this to run your script with its arguments:
sshpass -p 'password' ssh user@server "bash -s" < ./script.sh arg1 arg2
If it didn't work then what I suggest is to use scp and move your script to remote server, then run your command and remove the script:
scp
sshpass -p 'password' scp script.sh user@server:/tmp/script.sh
sshpass -p 'password' ssh user@server /tmp/script.sh arg1 ar2 arg3
sshpass -p 'password' ssh user@server rm /tmp/script.sh
Security considerations [man sshpass]
First and foremost, users of sshpass should realize that ssh's
insistance on only getting the password interactively is not without
reason. It is close to impossible to securely store the password, and
users of sshpass should consider whether ssh's public key
authentication provides the same end-user experience, while involving
less hassle and being more secure.
The -p option should be considered the least secure of all of
sshpass's options. All system users can see the password in the
command line with a simple "ps" command. Sshpass makes a minimal
attempt to hide the password, but such attempts are doomed to create
race conditions without actually solving the problem. Users of sshpass
are encouraged to use one of the other password passing techniques,
which are all more secure.
In particular, people writing programs that are meant to communicate
the password programatically are encouraged to use an anonymous pipe
and pass the pipe's reading end to sshpass using the -d option.
The password can be read from a file:
sshpass -f /path/to/passwordfile ..., reference: askubuntu.com/a/982438/566421– pa4080
Sep 10 '18 at 12:10
sshpass -f /path/to/passwordfile ...
Yeah, there are other ways too (like using
-e to read from $SSHPASS) I didn't add them to keep the answer clean. man sshpass– Ravexina
Sep 10 '18 at 12:10
-e
$SSHPASS
@Ravexina your solution only works with the known hosts. what about the new hosts that are not added to the list of known hosts.
– Amarjit Singh
Sep 10 '18 at 19:12
@AmarjitSingh that's another question. Anyway you can use
-o StrictHostKeyChecking=no option ;)– Ravexina
Sep 10 '18 at 19:41
-o StrictHostKeyChecking=no
I feel like this answer is incomplete without a mention of the (very serious) drawbacks mentioned under Security Considerations in the
sshpass manpage.– Daniel Pryden
Sep 10 '18 at 20:51
sshpass
Thanks for contributing an answer to Ask Ubuntu!
But avoid …
To learn more, see our tips on writing great answers.
Required, but never shown
Required, but never shown
By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.
set up ssh keys for passwordless login: askubuntu.com/questions/46930/… If that's not an option, use sshpass
– ignite
Sep 10 '18 at 11:49