2

It seems odd to me that an entirely separate utility is needed to specify a password on an ssh connection. Why doesn't ssh have an option to supply the password non-interactively?

The man page for sshpass says that it runs ssh in a dedicated tty (whatever that is) to fool it into thinking the password is being supplied interactively. This leads me to believe that ssh was designed to not allow non-interactive logins. Is this actually the case? If so, why?

vdbeek
  • 21
  • 1
  • 1
    SSH is **Secure** Shell Protocol. if it supports accepting passwords from command line options then the password can easily be seen by others, e.g., with commands like `ps` and so it's not **secure** any more. it's a design choice. – sexpect - Expect for Shells Jun 01 '22 at 09:53
  • "ssh was designed to not allow non-interactive logins" -- this is not true. ssh does support non-interactive logins, e.g., with public key auth. – sexpect - Expect for Shells Jun 01 '22 at 09:55
  • My thinking was that security doesn't fully explain it. For example you could have a command option to read the password from a file, similar to how you specify a private key file. I may be missing something there though. – vdbeek Jun 01 '22 at 10:10
  • it's not good practice to save passwords in files because the admins (like the *root* user) can see them. if ssh supports reading passwords from files then users may get the wrong idea that it's safe to save passwords in files. – sexpect - Expect for Shells Jun 02 '22 at 01:46

0 Answers0