Using a variable’s value as password for scp, ssh etc. instead of prompting for user input every time

by

Indeed, you’ll definitely want to look into setting up ssh keys, over saving a password in a bash script. If the key is passwordless, then no user input will be required to ssh/scp. You just set it up to use the key on both ends and voila, secured communication.

However, I’ll get downvoted to hell if I don’t say this. Many consider passwordless ssh keys to be a Bad Idea(TM). If anybody gets their hands on the keys, the have full access. This means that you are relying on other security measures such as file permissions to keep your password safe.

Also, look into ssh-agent. It allows you to set it up so that you have a password protected ssh-key, but you only need to type it in once and it will manage the password for the key for you and use it when necessary. On my linux box at home, I have ssh-agent set up to run in my .xinitrc file so that it prompts me once and then starts X. YMMV.

UPDATE:
With regards to your requirements, password protected public key authentication + ssh-agent still seems to fit. Only the developers privy to the SSH/FTP password could start up ssh-agent, type in the password and ssh-agent would manage the passwords for the public keys for the rest of the session, never requiring interaction again.

Of course, how it stores it is another matter entirely. IANASE, but for more information on security concerns of using ssh-agent, I found symantec’s article to be pretty informative: http://www.symantec.com/connect/articles/ssh-and-ssh-agent

“The ssh-agent creates a unix domain
socket, and then listens for
connections from /usr/bin/ssh on this
socket. It relies on simple unix
permissions to prevent access to this
socket, which means that any keys you
put into your agent are available to
anyone who can connect to this socket.
[ie. root]” …

“however, [..] they are only usable
while the agent is running — root
could use your agent to authenticate
to your accounts on other systems, but
it doesn’t provide direct access to
the keys themselves. This means that
the keys can’t be taken off the
machine and used from other locations
indefinitely.”

Hopefully you’re not in a situation where you’re trying to use an untrusted root‘s system.

More Related Contents:

  1. Expansion of variables inside single quotes in a command in Bash
  2. Pass commands as input to another command (su, ssh, sh, etc)
  3. While loop stops reading after the first line in Bash
  4. How to check if a variable is set in Bash
  5. How to store standard error in a variable
  6. How to run the sftp command with a password from Bash script?
  7. What is the difference between ${var}, “$var”, and “${var}” in the Bash shell?
  8. What is the exact meaning of IFS=$’\n’?
  9. How to split one string into multiple variables in bash shell? [duplicate]
  10. What does 2>&1 mean here?
  11. How to reload .bashrc settings without logging out and back in again?
  12. How do I iterate over a range of numbers defined by variables in Bash?
  13. When do we need curly braces around shell variables?
  14. Bash command line and input limit
  15. How to assign the output of a Bash command to a variable? [duplicate]
  16. What is the meaning of the ${0##…} syntax with variable, braces and hash character in bash?
  17. Using the RUN instruction in a Dockerfile with ‘source’ does not work
  18. Why start a shell command with a backslash?
  19. Is there a TRY CATCH command in Bash
  20. Parsing variables from config file in Bash
  21. Bash variables with spaces
  22. How does bash tab completion work?
  23. Is mixing getopts with positional parameters possible?
  24. Running a Bash script over ssh
  25. How to resolve symbolic links in a shell script
  26. How to check if running as root in a bash script
  27. Print a file’s last modified date in Bash
  28. Expand variables in sed
  29. How to escape the single quote character in an ssh / remote bash command?
  30. Using groovy, how do you pipe multiple shell commands?

Leave a Comment