Home Verkennen Help
Inloggen
SoftwareDesign
/
csu3_am335x
8
0
Vork 0
Bestanden Issues 0 Pull-aanvragen 0 Wiki
Aftakking: master
Aftakkingen Labels
csu3_am335x
/
EVSE
/
GPL
/
sshpass-1.0.6
/
sshpass.1

sshpass.1 5.1 KB
Permalink Geschiedenis Ruwe

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122 
  1. .TH SSHPASS 1 "April 25, 2015" "Lingnu Open Source Consulting" "Sshpass User Manual"
    2. 

  2. .\" Please adjust this date whenever revising the manpage.
    3. 

  3. .SH NAME
    4. 

  4. sshpass \- noninteractive ssh password provider
    5. 

  5. .SH SYNOPSIS
    6. 

  6. .B sshpass
    7. 

  7. .RB [ -f\fIfilename | -d\fInum | -p\fIpassword | -e ]
    8. 

  8. .RI [ options ] " command arguments"
    9. 

  9. .br
    10. 

  10. .SH DESCRIPTION
    11. 

  11. This manual page documents the \fBsshpass\fP command.
    12. 

  12. .PP
    13. 

  13. \fBsshpass\fP is a utility designed for running \fBssh\fP using the mode referred
    14. 

  14. to as "keyboard-interactive" password authentication, but in non-interactive mode.
    15. 

  15. .PP
    16. 

  16. ssh uses direct TTY access to make sure that the password is indeed issued by
    17. 

  17. an interactive keyboard user. Sshpass runs ssh in a dedicated tty, fooling it
    18. 

  18. into thinking it is getting the password from an interactive user.
    19. 

  19. .PP
    20. 

  20. The command to run is specified after sshpass' own options. Typically it will be
    21. 

  21. "ssh" with arguments, but it can just as well be any other command. The password
    22. 

  22. prompt used by ssh is, however, currently hardcoded into sshpass.
    23. 

  23. .SH Options
    24. 

  24. If no option is given, sshpass reads the password from the standard input. The
    25. 

  25. user may give at most one alternative source for the password:
    26. 

  26. .TP
    27. 

  27. .B \-p\fIpassword\fP
    28. 

  28. The password is given on the command line. Please note the section titled
    29. 

  29. "\fBSECURITY CONSIDERATIONS\fP".
    30. 

  30. .TP
    31. 

  31. .B \-f\fIfilename\fP
    32. 

  32. The password is the first line of the file \fIfilename\fP.
    33. 

  33. .TP
    34. 

  34. .B \-d\fInumber\fP
    35. 

  35. \fInumber\fP is a file descriptor inherited by sshpass from the runner. The
    36. 

  36. password is read from the open file descriptor.
    37. 

  37. .TP
    38. 

  38. .B \-e
    39. 

  39. The password is taken from the environment variable "SSHPASS".
    40. 

  40. .TP
    41. 

  41. .B \-P
    42. 

  42. Set the password prompt. Sshpass searched for this prompt in the program's
    43. 

  43. output to the TTY as an indication when to send the password. By default
    44. 

  44. sshpass looks for the string "assword:" (which matches both "Password:" and
    45. 

  45. "password:"). If your client's prompt does not fall under either of these,
    46. 

  46. you can override the default with this option.
    47. 

  47. .TP
    48. 

  48. .B \-v
    49. 

  49. Be verbose. sshpass will output to stderr information that should help debug
    50. 

  50. cases where the connection hangs, seemingly for no good reason.
    51. 

  51. .SH SECURITY CONSIDERATIONS
    52. 

  52. .P
    53. 

  53. First and foremost, users of sshpass should realize that ssh's insistance on
    54. 

  54. only getting the password interactively is not without reason. It is close to
    55. 

  55. impossible to securely store the password, and users of sshpass should consider
    56. 

  56. whether ssh's public key authentication provides the same end-user experience,
    57. 

  57. while involving less hassle and being more secure.
    58. 

  58. .P
    59. 

  59. The \-p option should be considered the least secure of all of sshpass's options.
    60. 

  60. All system users can see the password in the command line with a simple "ps"
    61. 

  61. command. Sshpass makes a minimal attempt to hide the password, but such attempts are doomed to create
    62. 

  62. race conditions without actually solving the problem. Users of sshpass are
    63. 

  63. encouraged to use one of the other password passing techniques, which are all
    64. 

  64. more secure.
    65. 

  65. .P
    66. 

  66. In particular, people writing programs that are meant to communicate the password
    67. 

  67. programatically are encouraged to use an anonymous pipe and pass the pipe's reading
    68. 

  68. end to sshpass using the \-d option.
    69. 

  69. .SH RETURN VALUES
    70. 

  70. As with any other program, sshpass returns 0 on success. In case of failure, the following
    71. 

  71. return codes are used:
    72. 

  72. .TP
    73. 

  73. 1
    74. 

  74. Invalid command line argument
    75. 

  75. .TP
    76. 

  76. 2
    77. 

  77. Conflicting arguments given
    78. 

  78. .TP
    79. 

  79. 3
    80. 

  80. General runtime error
    81. 

  81. .TP
    82. 

  82. 4
    83. 

  83. Unrecognized response from ssh (parse error)
    84. 

  84. .TP
    85. 

  85. 5
    86. 

  86. Invalid/incorrect password
    87. 

  87. .TP
    88. 

  88. 6
    89. 

  89. Host public key is unknown. sshpass exits without confirming the new key.
    90. 

  90. .P
    91. 

  91. In addition, ssh might be complaining about a man in the middle attack. This
    92. 

  92. complaint does not go to the tty. In other words, even with sshpass, the error
    93. 

  93. message from ssh is printed to standard error. In such a case ssh's return code
    94. 

  94. is reported back. This is typically an unimaginative (and non-informative) "255"
    95. 

  95. for all error cases.
    96. 

  96. .SH EXAMPLES
    97. 

  97. .P
    98. 

  98. Run rsync over SSH using password authentication, passing the password on the
    99. 

  99. command line:
    100. 

  100. .PP
    101. 

  101. rsync \-\-rsh='sshpass \-p 12345 ssh \-l test' host.example.com:path .
    102. 

  102. .P
    103. 

  103. To do the same from a bourne shell script in a marginally less exposed way:
    104. 

  104. .PP
    105. 

  105. SSHPASS=12345 rsync \-\-rsh='sshpass \-e ssh \-l test' host.example.com:path .
    106. 

  106. .SH BUGS
    107. 

  107. .P
    108. 

  108. Sshpass is in its infancy at the moment. As such, bugs are highly possible. In
    109. 

  109. particular, if the password is read from stdin (no password option at all), it
    110. 

  110. is possible that some of the input aimed to be passed to ssh will be read by
    111. 

  111. sshpass and lost.
    112. 

  112. .P
    113. 

  113. Sshpass utilizes the \fBpty\fR(7) interface to control the TTY for ssh. This interface,
    114. 

  114. at least on Linux, has a misfeature where if no slave file descriptors are open, the
    115. 

  115. master pty returns \fBEIO\fR. This is the normal behavior, except a slave pty may
    116. 

  116. be born at any point by a program opening \fB/dev/tty\fR. This makes it impossible
    117. 

  117. to reliably wait for events without consuming 100% of the CPU.
    118. 

  118. .P
    119. 

  119. Over the various versions different approaches were attempted at solving this problem.
    120. 

  120. Any given version of sshpass is released with the belief that it is working, but experience
    121. 

  121. has shown that these things do, occasionally, break. This happened with OpenSSH version 5.6.
    122. 

  122. As of this writing, it is believed that sshpass is, again, working properly.
    123.