sshpass

Connect to a remote server using a password supplied on a file descriptor (in this case, stdin)

$ sshpass -d [0] ssh [user]@[hostname]

$ sshpass -p [password] ssh -o StrictHostKeyChecking=no [user]@[hostname]

$ sshpass -f [path/to/file] ssh -o StrictHostKeyChecking=no [user]@[hostname] "[command]"

sshpass [options] command

-f filename
    Reads the password from the specified filename. This is generally preferred over providing the password directly on the command line for security reasons, though still not fully secure.

-d
    Enables debug mode, providing more verbose output for troubleshooting sshpass's operations.

-p password
    Provides the password directly on the command line. This method is highly insecure as the password will be clearly visible in the process list (e.g., via ps -ef) and stored in shell history.

-e
    Reads the password from the SSHPASS environment variable. For example: export SSHPASS='your_password'; then sshpass -e ssh user@host. Remember to unset the variable after use.

-v
    Enables verbose output, showing more details about sshpass's internal operations.

-?, --help
    Displays a help message and exits.

--version
    Displays version information for sshpass and exits.

sshpass is a utility that allows you to provide a password for SSH connections in a non-interactive way. This is particularly useful for scripting and automation where manual password entry is not feasible.

Instead of requiring a user to type the password at a prompt, sshpass can fetch it from a file, an environment variable, or directly from the command line, and then pipe it to the standard input of the ssh command. While it simplifies automation, it is crucial to understand that it is generally considered insecure for sensitive operations as it exposes the password in plain text, making it visible in process lists or shell history. The recommended and more secure alternative for automation is always SSH key-based authentication.

The primary limitation and concern with sshpass is security. Using it means exposing your password in plain text, which can be seen by other users on the system via process lists (ps -ef) or stored in shell history files. It bypasses the interactive security measures of SSH. For sensitive environments, SSH key-based authentication is always the preferred and most secure method for non-interactive logins. sshpass should be used only when SSH keys are not an option, and with extreme caution, understanding the inherent security risks.

sshpass supports several methods for providing the password:
From file: sshpass -f password_file ssh user@host 'command' (Ensure password_file has restricted permissions, e.g., chmod 600 password_file).
From environment variable: export SSHPASS='your_password'
sshpass -e ssh user@host 'command' (Remember to unset SSHPASS immediately after use to remove it from the environment).
Directly on command line: sshpass -p 'your_password' ssh user@host 'command' (Least secure; avoid this method at all costs).

Use sshpass primarily for non-sensitive, quick automation tasks where SSH key authentication is genuinely not an immediate option (e.g., initial server setup, specific legacy network devices, or simple lab environments).

Do not use sshpass for production systems with sensitive data, long-term automation, or anytime security is paramount. Always prioritize configuring SSH key-based authentication for robust, secure, and truly non-interactive access.

sshpass was developed to address a specific need: enabling non-interactive password authentication for SSH in shell scripts. Prior to its existence, automating SSH sessions with passwords was cumbersome, often relying on less robust or more general-purpose methods like expect scripts, which are more complex for this specific task. sshpass provides a lightweight, single-purpose utility for this. Its development reflects the pragmatic need for automation in various scenarios, even if it introduces security trade-offs compared to the more secure SSH key-based methods that are now widely adopted.

ssh(1), scp(1), sftp(1), ssh-keygen(1), ssh-agent(1), expect(1)