Ubuntu – Execute bash script on remote server non-interactively

bashcommand linescriptsserverssh

I have a bash script that accepts exactly 3 arguments and I have created a web interface in PHP to run this script on a remote server. The user just enters username host and password of the remote server.

I found this command to execute bash script on remote server:

ssh root@host 'bash -s' < script.sh

But this command prompts for a password and also doesn't use any arguments. But I need something that can be run non-interactively.

Something like:

ssh root@host -password="password" 'bash -s' < script.sh

Best Answer


Make sure that you have read security considerations


Install sshpass it's a tool for non-interactive ssh password authentication.

sudo apt install sshpass

You can use it like:

sshpass -p 'password' ssh user@server/IP

Then use it like this to run your script with its arguments:

sshpass -p 'password' ssh user@server "bash -s" < ./script.sh arg1 arg2

If it didn't work then what I suggest is to use scp and move your script to remote server, then run your command and remove the script:

sshpass -p 'password' scp script.sh user@server:/tmp/script.sh
sshpass -p 'password' ssh user@server /tmp/script.sh arg1 ar2 arg3
sshpass -p 'password' ssh user@server rm /tmp/script.sh

Security considerations [man sshpass]

First and foremost, users of sshpass should realize that ssh's insistance on only getting the password interactively is not without reason. It is close to impossible to securely store the password, and users of sshpass should consider whether ssh's public key authentication provides the same end-user experience, while involving less hassle and being more secure.

The -p option should be considered the least secure of all of sshpass's options. All system users can see the password in the command line with a simple "ps" command. Sshpass makes a minimal attempt to hide the password, but such attempts are doomed to create race conditions without actually solving the problem. Users of sshpass are encouraged to use one of the other password passing techniques, which are all more secure.

In particular, people writing programs that are meant to communicate the password programatically are encouraged to use an anonymous pipe and pass the pipe's reading end to sshpass using the -d option.

Related Question