22 Dec 2009

ssh keyboard-interactive with no subsequent questions

Some scripts which bootstrap clients into my network need to do many subsequent ssh requests to servers to determine its state and change server values (dns, dhcp, accounts, etc). It can be cumbersome to enter the admin's ssh password again and again, sshpass to the rescue (bash example):

#!/bin/bash
# ask for root password, use it for any further ssh connection
remoteuser='adm' # could be root|admin|sysadmin|etc.
stty -echo
read -p 'Password for '$remoteuser': ' pw
echo
stty echo
export SSHPASS="$pw" # export, so subcommands can use it
unset pw
alias ssh='sshpass -e ssh'

ssh $remoteuser@someserver  'ls -la /tmp' # no password asked if it matches
ssh $remoteuser@otherserver 'ls -la /tmp' # no password asked if it matches

When the script ends the variable «$SSHPASS» will be destroyed. It makes sense to have user and passwords stored locally (ie. ldap/kerberos/nis/etc.).