Now when I ssh from the local computer on a specific user account to the remote computer with a specific user account, it no longer prompts for a password for ssh.
Corona688: No, I don't type the password in the script, rather I request the user to type the password, read it as a variable and use that in the sshpass -p "$pwd"
DGPickett: I don't understand this, can you show an example?
//use the ssh cat twice to copy files through your host, or//
nbsparks: Thanks, I know about ssh-keygen, there's just too many servers for which I can't just go and do this!
Sorry if this is a stupid question, I'm a novice at this, but how is that visible to the entire system? I'm getting the password one time during the execution of the script. Here's a bit from my script:
The reason why I'm asking the user to enter the password is because I have multiple lines where I have to login into different servers (with same user, ofcourse), so I don't want the user to enter the password for multiple times.
Do you think reading the password using the above way will still be visible to the entire system?
It's possible that sshpass makes some effort to conceal the password once its passed. It could exec() again with different parameters and blank it. But even so, there'd be an unavoidable eyeblink when the password was exposed. Anyone could extract the password with obsessive logging.
These weaknesses are well-known, so sshpass has many safer options fortunately. sshpass can read a file, according to its manpage, so you could do this:
OLDMASK=$(umask)
umask 077 # Force rw------- permissions on /tmp/$$
exec 5>/tmp/$$ #Create temp file /tmp/$$ and write with FD 5
exec 6</tmp/$$ # Read from temp file /tmp/$$ with FD 6
rm /tmp/$$ # DELETE tempfile /tmp/$$ so nothing else can get it
umask $OLDMASK # Restore umask
cat <<EOF >&5 # Finish writing to /tmp/$$
$PASSWORD
EOF
exec 5>&- # Close FD 5
sshpass -d6 ...
exec 6<&- # Close FD 6
Which should protect the password much better. The temp file won't even be listed in /tmp/ while sshpass is running.