15

I need to automate some identity deployments, ideally using ssh-copy-id.

I'm trying to provide the password through stdin, which is possible on ssh by using the -S flag. I'm aware that I can send additional options to ssh using the -o flag in the ssh-copy-id command however there's no usage examples of this flag in the man page.

So I've tried to pass the SSH password for ssh-copy-id through stdin using:

$# echo $TMP_PASS | ssh-copy-id -p2222 -i key.pub user@host -o "-S"

But all I get is:

/bin/ssh-copy-id: ERROR: command-line: line 0: Bad configuration option: -s

EDIT:

I'm trying to provide the password through stdin, which is possible on ssh by using the -S flag.

This statement is wrong. I've actually read this flag from sudo man;

cvsguimaraes
  • 259

3 Answers3

19

You might want to try installing sshpass, and altering your call to ssh-copy-id:

sshpass -p "$TMP_PASS" ssh-copy-id user@host
brad
  • 103
dhag
  • 15,736
  • 4
  • 55
  • 65
  • 2
    lol, not on mac and when brew install is attempted, i get "Error: No available formula with the name "sshpass" We won't add sshpass because it makes it too easy for novice SSH users to ruin SSH's security." – tofutim Apr 13 '18 at 19:26
2

Where did you find the information about -S option? It does something completely different! It is used for multiplexing and ControlPath.

SSH will not accept passwords on stdin ever, so you should pre-install authorized keys in your deployment (preferred way) or use sshpass or expect script as described in many other questions.

Jakuje
  • 21,357
  • Damn you're right! I've just realized that -S flag is from sudo :S – cvsguimaraes Sep 16 '15 at 15:09
  • If I want to install my keys on 100 hosts, using ssh-copy-id, having that all the hosts already have a default username and password, how to avoid ssh-copy-id asking me every time the same password? – realtebo Aug 11 '18 at 15:08
  • That is already answered in both of the answers -- use sshpass if you have to or some expect script. – Jakuje Aug 13 '18 at 07:19
1

2020 / Mac OS X (copy pasted my answer on SO)

Install sshpass (original answer)

brew install hudochenkov/sshpass/sshpass

Run ssh-copy-id using sshpass and with the password as an arg

sshpass -p $MYPASSWORD ssh-copy-id -i ~/PATH/TO/KEY $USER@$HOST -p $PORT

If you want to turn off strict host checking as well, use the -o flag, which is passed to the underlying ssh:

sshpass -p hunter2 ssh-copy-id -o StrictHostKeyChecking=no -i ~/PATH/TO/KEY $USER@$HOST -p $PORT

I tried the solution by @redneb, and installed setsid through util-linux by following this answer, but kept receiving a password denied.

I found this strategy to work for uploading my SSH key while setting up multiple raspberry pis in successino. In my script, I also run ssh-keygen -R raspberrypi.local each time too, to avoid the The ECDSA host key for raspberrypi.local has changed error.

Brian Chan
  • 11