automate sshpass when server is asking a "yes/no" question

ssh server sshpass

I have this small script for connecting to new machines I don't have ssh-key to:

function my_ssh () {
    ip=$1
    optional_cmd=$2

    ssh -o "BatchMode yes" user_name@$ip exit > /dev/null 2>&1

    if [ $? -gt 0 ]; then
        echo "1st time connection - adding key to authorized keys list"
        sshpass -p "secret_password" ssh-copy-id user_name@$ip
    fi

    echo $optional_cmd
    ssh -X user_name@$ip $optional_cmd
}

This works weel for servers that either have my ssh-key, or only ask for a password in order to use ssh-copy-id. However, some servers require a "yes/no" after the following question:

The authenticity of host 'A.B.C.D ()' can't be established. ECDSA key fingerprint is SHA256:****. Are you sure you want to continue connecting (yes/no)?

How can I add a "yes" string echoed into the server question stdin and then use the sshpass?

ps, I went over the sshpass code from github but it doesn't seem sshpass is designed for something like this. I think I can modify it to suite my needs, but I prefer using a normal Linux mechanism if possible


To answer the OP's question about entering "yes" on the ECDSA key fingerprint prompt, and I would only advise this for localhost SSHds - never in anything more than an experimental docker container setup, you can do the following:

sshpass -p 'password' ssh \
  -o StrictHostKeyChecking=no \
  [email protected] -p 2222 'whoami'

A use case? You could have a nobody user that is the only user who is allowed to password-SSH into a machine (all other users are set to require keys). You could then just get some system info you need, say, as you experiment with orchestration.

sshpass -p 'meminfo' ssh \
  -o StrictHostKeyChecking=no \
  [email protected] -p 2222 "egrep 'Mem|Cache|Swap' /proc/meminfo"

The result would be something like this.

Warning: Permanently added '[127.0.0.1]:2222' (ECDSA) to the list of known hosts.
SSHPASS searching for password prompt using match "assword"
[email protected]'s password: 
SSHPASS detected prompt. Sending password.
SSHPASS read: 

MemTotal:       16369628 kB
MemFree:          683412 kB
MemAvailable:    8847748 kB
Cached:          6544572 kB
SwapCached:          460 kB
SwapTotal:       2097148 kB
SwapFree:        2071928 kB

Then you can nmap a cluster or Pis (or docker containers) on your LAN and then automate checking how they are doing without adding NodeJS or Python or a health API service.

If you're finished experimenting and want to clean up those rubber-stamped ECDSA fingerprints, you can run:

ssh-keygen -f "~/.ssh/known_hosts" -R "[127.0.0.1]:2222"

Warning: I must remind everyone that even the above with a nobody user can be dangerous if they find some privileged command that has the suid bit set - nobodys could still run as root!

Related

How to change isolinux boot splash
How to help newbies... wizards and executables [closed]
How does apt-get autoremove work when given a package as an argument?
Distance of ellipse to the origin
Can the difference of 2 undefined limits be defined?
Should the notation $\int_{0}^{x} f(x) dx$ be frowned upon?
Pattern to last three digits of power of $3$?
Proving the inequality $e^{-2x}\leq 1-x$
Solve equations $\sqrt{t +9} - \sqrt{t} = 1$
Solving an infinite product of consecutive square roots
Is it legitimate to specify a statement as a Theorem if it is proved using numerical methods (since it can't be proved analytically)?
Small Representations of $2016$