Pass password in ssh config
Is there any way to pass a password using .ssh/config? I'm trying to set up a way to login to a server under a specific user and then switch automatically to root when I connect (need to input password).
For now, I have:
Host server
HostName hostname.server.com
User not-root
Port 1234
RemoteCommand su
- I have to use these steps (user -> su)
- I have to use this key (with passphrase)
Thanks!
Solution 1:
In general most sysadmins would configure things so that their automation does not rely on passwords.
SSH
For SSH authentication the easiest is to create a key-pair where the private key is not password protected.
If you need a passphrase on the private SSH key, adding that key / passphrase to ssh-agent (or a Mac OSX keychain) is a one-off action after which so you won't need to be prompted for the passphrase anymore.
If that is not an option, use sshpass in your scripts/commands use a password/passphrase from the command line
On the server
Again the easiest/conventional solution is to prevent having to enter a password.
Your options for that depend on the level of control you have
-
set up a NOPASSWD sudo policy (ideally only for the relevant command(s)) which will allow you to execute
sudo some-command --with argsorsudo -ifor an interactive login session without entering a passphrase. -
set up the root account for direct remote ssh logins (not the best solution, but when you don't allow password auth, only key based auth...)
-
depending on the set-up simply add your account to a "sudo" , "wheel" or "admin" group and you get full admin rights
When you really want to submit a password, expect is the utility for automating that