0

I (very) recently posted this question in regards to tar over ssh.

The question now has an answer, and I am now asking a different question.

I run the following command to push code from my local machine to my server where it will run.

tar -cJf - ./my_folder | ssh user@example 'tar -xJf - -C ./path-to-my_folder/'

I know that with ssh/scp I can use sshpass -p password to stop the command asking for my password each time. Note that I cannot use alternative methods of authentication.

Is it possible to combine sshpass with my above command so that I do not have to enter my password continually?

In other words how should I edit the above command to include sshpass so that I do not have to type in my password each time the above command runs?

Edit: Note the following does work

For example

sshpass -p <password> ssh ... blaa blaa
sshpass -p <password> scp ... blaa blaa
Community
  • 1
  • 1
FreelanceConsultant
  • 13,167
  • 27
  • 115
  • 225
  • Have you looked at the following post on askubuntu, http://askubuntu.com/questions/282319/how-to-use-sshpass? – mattias Jul 08 '16 at 22:14
  • @mattias I had not seen it but it doesn't seem to be relevant? – FreelanceConsultant Jul 08 '16 at 22:19
  • Maybe I misunderstood your question then. You are aware of how to use sshpass, so what is the problem? – mattias Jul 08 '16 at 22:24
  • @mattias I don't understand how to use it in this context. – FreelanceConsultant Jul 08 '16 at 22:24
  • ie; How do I combine `sshpass` with piping a tar contents over `ssh`. – FreelanceConsultant Jul 08 '16 at 22:24
  • 1
    What do you mean, "I cannot use alternative methods of authentication"? Unless the remote server actively *prevents* authentication via any means other than a password (which seems like a very dumb idea), you can always set up public key authentication for the account. – chepner Jul 08 '16 at 22:33
  • Are you *really* running a command with the remote user's password as a command-line argument? You do know that means everyone logged onto the machine only has to run the `ps` command to see that password? – Andrew Henle Jul 08 '16 at 22:36
  • @chepner I don't know what this poster's issue is, but I work with a client running IBM Complete FTP, and all my attempts to use PK authentication failed, so we're using sshpass. – Barmar Jul 08 '16 at 22:37
  • @chepner Yep. Public/private RSA keys are banned – FreelanceConsultant Jul 08 '16 at 22:53
  • @AndrewHenle Thanks for letting me know about this rather unfortunate security flaw – FreelanceConsultant Jul 08 '16 at 22:53
  • @chepner - you wouldn't believe it. Where I work, they dislike public key authentication. Their argument is that public key can be stolen remotely whereas passwords can only be stolen when someone's standing behind you. – alvits Jul 08 '16 at 23:04
  • @alvits Or if someone types in top, ps, ... do they not think of these things? To me it wasn't obvious that ps/top could be used to steal your password but it is surely obvious that not allowing authentication by RSA is a stupid thing to do. – FreelanceConsultant Jul 08 '16 at 23:04

1 Answers1

0

I think you can use something like this:

tar -cJf - ./my_folder | sshpass -p $remote_ssh_password ssh -o StrictHostKeyChecking=no $remote_ssh_username@$remote_web_address "tar -xJf - -C ./path-to-my_folder/"

Note: StrictHostKeyChecking=no for avoiding prompt for server's fingerprint confirmation. It could create a security issue:

"Therefore, if you want to know whether you are talking to the right server (and not some impersonator), then you "just" need to compute the server's key fingerprint (from the public key that the server just sent to you) and compare it with a "reference fingerprint"."

More info can be found on here

Community
  • 1
  • 1
mirza
  • 5,685
  • 10
  • 43
  • 73
  • But why the strict host key checking thing? – FreelanceConsultant Jul 08 '16 at 22:56
  • 2
    @user3728501 - `StrictHostKeyChecking=no` will not ask to accept the host key if itsn't in `known_hosts` yet. Without it, the script will pause and ask for acceptance which `sshpass` could misinterpret. – alvits Jul 08 '16 at 23:00
  • @user3728501 you are welcome. alvits already replied about why stricthostkeychecking. please don't forget to accept answer if it's works. – mirza Jul 08 '16 at 23:03
  • Don't do that removing Host Key Checking. This is the only thing that protects you against MiTM. Verify the key by hand and it will work the same way even with host key checking and you will be safe (better than sorry). – Jakuje Jul 10 '16 at 13:33
  • @Jakuje this is for avoiding prompt. exactly what he asked. If you are going to evaluate this for security why not using rsa ? no need for downvote. – mirza Jul 10 '16 at 15:38
  • At least a note about the security would not hurt. This is how people learn things wrong. In some cases, the use is acceptable, but not in all of them. – Jakuje Jul 10 '16 at 15:54
  • @user3728501 if the answer worked for you. you may consider accepting the answer. Here is the detailed info why and how http://meta.stackexchange.com/a/5235/178726 – mirza Jul 12 '16 at 13:30