You should first file a complaint with the server's administration, observing that public key authentication is vastly more secure than simply a password, but I'll assume you've already done so, and your admins are simply idiots.
Apple sadly removed ssh-askpass when they integrated its functionality into ssh, scp, and ssh-add. There is however an SSHKeychain package that provides an ssh-askpass with an Apple-like Cocoa password prompt for macports' openssh package. It should fix your problems the way you want, perhaps even setting the SSH_ASKPASS variable for you.
Just fyi, I'd usually recommend against installing the openssh macports package itself because it break your Apple password prompt, but once you've installed SSHKeychain macports usually offers a more recent openssh than Apple.
There is nothing wrong imho with embedding passwords in scripts when the server disables public key authentication, i.e. if they cared about security, they should reenable public keys. There are even servers that intentionally break sshpass. You could access such machines using the following expect script :
#!/usr/bin/expect -f
set timeout -1
set send_human {.05 0.1 1 .07 1.5}
eval spawn $argv
match_max 100000
expect {
-re "USERNAME@(\[0-9A-Za-z_\\-\\.\]+)'s password: "
{ sleep 0.1 ; send -- "PASSWORD\r" ; sleep 0.3 }
}
interact
You may speed up this script by reducing the sleeps and send_human delays.
Make sure you have a corresponding id_rsa.pub
or id_dsa.pub
in your ~/.ssh
directory.
When I had an id_rsa
but not a corresponding id_rsa.pub
, Mac OS X kept popping up the dialog and remember passowrd in my keychain did nothing.
cd ~/.ssh
ssh-keygen -y -f id_rsa > id_rsa.pub
generated the appropriate public key file for me.
If you already had your public file there (rename it to another name) and generate the public key again using the above command, you'll notice that the generated and the old one are not equal. Somehow the older versions of Mac OS X generated a public key that Lion does not like anymore, generating it again fixes that.
For the curious, the key is exactly the same, the part that changes is that there is no "comments" section after the key on the file any longer.
Best Answer
First, you create a public and private key (if you haven't done so already) on the machine from which you want to login:
You only need to do this if there isn't already a
~/.ssh/id_dsa.pub
file.On Linux, there's the
ssh-copy-id
helper. On Mac, you need to copy the public key by hand:Copy the generated public key to the target machine:
scp ~/.ssh/id_dsa.pub user@targetmachine:myPublicKey.pub
Login to the target machine:
ssh user@targetmachine
Append the public key to the authorized keys:
cat myPublicKey.pub >>.ssh/authorized_keys
You can now delete the copied key:
rm myPublicKey.pub
Done. You should now be able to login to your target machine without the need to enter a password.