How to SSH in one line

Question

How would I connect to another computer through SSH in one line? If I were to do ssh host@IP, it would require me to enter the password in the second line. I was thinking that I could do something like this: ssh host@IP | echo password, but that puts the password in before asking for the password.

Answer 1

You should be using SSH keys to authenticate with rather than putting your password on the command line as it's extremely insecure.

The way this works is once you have your SSH keys set up, all you have to do is issue the command:

ssh user@host

and without typing another thing, you will be automatically logged in.

---

Copy SSH Public Key to Mac/FreeBSD/Linux from macOS

This assumes you have access to the remote server via password based authentication (typing in a password), and that you have already generated your private/public keypair (if not, see below). In the following example, we are using RSA. To start with let's copy the key over (be aware that the "home" directory differs between macOS, Linux, BSD, etc.):

Using SCP:

scp ~/.ssh/id_rsa.pub username@hostname:/Users/username/.ssh/

Or simply cat-ing the file to authorized_keys (I prefer this method):

cat id_rsa.pub | ssh username@hostname ' cat >>.ssh/authorized_keys'

(Your key name may differ)  If the .ssh directory does not exist on the remote server you will need to login and create it.

Now the key has been copied from the mac to the remote server. Set correct permissions for the SSH Public Key on the remote server:

chmod 600  ~/.ssh/id_rsa.pub

Next add the key to the SSH authorized_keys file, if the file does not exist create it.

If the file authorized_keys already exists in ~/.ssh the use the following command:

cat id_rsa.pub >> authorized_keys

If the file does not exist enter the following commands:

cat id_rsa.pub > authorized_keys

chmod 600 authorized_keys
chown user:group authorized_keys

### Generate SSH Public/Private key on macOS

Open up the Terminal by going to Applications -> Utilities -> Terminal

In the terminal, use the following command to start the key generation

ssh-keygen -t rsa -b 4096

^{I specified the -b 4096 option to make the key with the strong 4kb encryption rather than the default 2kb} Next you will be prompted to provide the location where you want to create the private key file:

Enter file in which to save the key (/Users/username/.ssh/id_rsa):

Leave this empty to create the key in the default location, which is /Users/username/.ssh/id_rsa. The public key file will be created in the very same location, and with the same name, but with the .PUB extension.

After you will be prompted to choose a passphrase. This is the password optional to use the private key.

Enter passphrase (empty for no passphrase):

Your SSH key is generated.

Now, keep in mind, if you put in a passphrase you will be required to enter it each time you connect. The utility ssh-agent will keep the passphrase in memory alleviating the need to manually enter it every time you connect while you are in the same session. For more details see man ssh-agent

---

Update: Use ed25519 keys instead of RSA

The existing answer uses the older RSA encryption. It’s much more preferred to use the newer ed2559 cryptographic key as it’s much more secure than RSA. Additionally, I create keys for each of my account per device - one for each account on my Mac, another for my iPad, etc. This allows me to delete individual keys should one become compromised without having to change all the keys on every device.

ssh-keygen -f ~/.ssh/myipad_ed25519 -t ed25519

Answer 2

There are several possibilities. Your example will obviously not work, but you can achieve something similar using sshpass utility:

sshpass -p password ssh host@IP

Note, this is not recommended because the password will be visible for other processes or in the shell history.

A much better way to do the same is to set up the passwordless authentication using SSH keys. In short:

ssh-keygen -t rsa -f ~/.ssh/id_rsa
ssh-copy-id IP

Answer 3

I have spent a long time looking for the answer to this too. Despite it being insecure and all these people telling you to use RSA keys (which IS a more secure and reliable idea), it is quite possible.

Use a program called expect for this. Expect will watch stdout (and I think stderr if configured correctly) for you, waiting for certain messages and responding to them with output. Expect itself is actually a scripting language, and when I was doing this same thing, I had a very hard time getting my own script to work properly because of timing. However, expect also includes a handy utility called autoexpect.

With autoexpect, it will watch you and generate an expect script for you. Simply run autoexpect and the command you want:

autoexpect ssh host@ip 

and do what you'd normally do. When you exit the program (by typing exit in the ssh'd shell), it will generate the script. In case that you don't want the whole script you're writing to be in an expect script, you can edit the script from autoexpect (called script.exp) to exit before typing the exit command into the shell. The line you want to move to change the script ending is:

expect eof

which means expect end of file. Hope this helps!

Answer 4

Using expect is just plain wrong to log into an ssh connection for anything other than in a test suite.

What @ben-a is looking for is already implemented in ssh. The trick is to how to use it. So here goes:

1. Generate a public/private keypair using ssh-keygen. Use either ECDSA or RSA as the -t (or type) and for RSA use 2048 or 4096 as the -b (or BITS length). This should suffice at the moment of writing. ALWAYS use a PASSWORD!
2. Utilize the ssh-copy-id or the above mentioned methodology to create on the machine you're logging on to (a.k.a. the server) the ~/.ssh/authorized_keys file. Within there is a copy of the public key you just generated.
3. Now on the machine you use to log into the 'server' (or client) you open the file ~/.ssh/config. If it does not exist you can create it.

4. In this file, you add the following for your needs

   host <name you want to use for this connection>
       Hostname <DNS or IP of the server>
       user <user name you want to use>
       identitiesonly yes
       identityfile <path to the private key>
   

5. You can now use just ssh <name> to setup the connection, but it will still need the password for your key. To solve this, use the for-this-purpose developed and included ssh-agent. To add your key to the agent just use ssh-add <path to keyfile>. You will be asked for the password, and it will store the key for you securely for this session. If it yields the error "can't find the ssh-agent" (or similar), that means that probably the agent hasn't been started. You can start it for this session using ssh-agent bash. This will start a new shell with the agent active in it.

When using these steps, you not only make it harder for someone to impersonate you by hijacking your credentials, but also keep the usability in order (its easier to use than plain passwords).

Answer 5

Access the remote host and run bash script without checking host key and username password in one line.

First install sshpass Debain:

sudo apt-get install sshpass

For CenOS install form EPEL:

yum --enablerepo=epel -y install sshpass

Copy and paste in a file for example: remoteScript.sh Add remote host details.

#!/bin/bash

PATH_TO_SCRIPT="/path/script.sh"

UserName="root"

HostName="192.168.01.11"

Password="yourPassword"

sudo -S sshpass -p $Password ssh -o stricthostkeychecking=no $UserName@$HostName 'sudo -s ' < $PATH_TO_SCRIPT

If you want to use without bash script in terminal:

sshpass -p Password ssh -o stricthostkeychecking=no [email protected] 'bash -s' < YourScript

Change Password, User, and Server IP