Ubuntu – How to avoid having to enter a password for an scp command by hard-coding the password into the script

bashcommand linepasswordscpscripts

I've created a bash script that sometimes need me to enter some information (other machine password / username) when I run it.

Is there a way to prevent this by entering (hard-coding) this information in the code? In this way when I execute it, it will run smoothly without asking me to input anything.

This is the command:

scp /home/machine1/backup/test.txt /home/machine2/backup

Instead of typing the machine2 password, I want to hard code it in my script.

Best Answer

SSH key authentication is convenient and secure

Please do not hardcode a password into the shellscript, because it is easy for other people to read it.

Login with key authentication to ssh is what you need.

This way you need no password, and it is more secure too. This is particularly important if the computer is visible on the internet. If you don't think it's important, try logging the login attempts you get for the next week.
- Running
```
ssh-keygen
```
  you will probably be offered to protect the key with a passphrase.
- Don't do it (press Enter to continue without a passphrase when ssh-keygen asks), because you don't want to type any password or passphrase when you run the script and arrive at the scp command line.
  
  Without key authentication and with clear-text passwords, it is very important to have strict permissions on the shellscript and it is a good idea also for security related shellscripts without a clear-text passphrase. The default permissions for a script file (when created somewhere in your home directory) is probably 644
```
$ ls -l shellscript 
-rw-r--r-- 1 sudodus sudodus 349 dec 23 10:54 shellscript
```
  and you may give your script files execute permissions for everybody, 755
```
$ chmod 755 shellscript
$ ls -l shellscript 
-rwxr-xr-x 1 sudodus sudodus 349 dec 23 10:54 shellscript
```
  but you had better cut it down to 600, no permission except for your own userID, and no execute permission at all
```
$ chmod 600 shellscript 
$ ls -l shellscript
-rw------- 1 sudodus sudodus 349 dec 23 10:54 shellscript
```
  and you cannot run it directly with ./shellscript, so use
```
bash shellscript       # when shellscript in the current directory
bash path-to-shellscript/shellscript  # from other directories
```
- Do it (enter a passphrase when ssh-keygen asks) if you want higher security, because your private key will be protected (encrypted with the passphrase), but then you have to type the passphrase, when you run the script with scp.
- You must copy a key file, for example with
```
ssh-copy-id <username>@<host>
```
- scp uses ssh for data transfer. So when the keys are in place, it should work without a password.

Every linux machine can be made an ssh server by installing openssh-server, in Ubuntu with apt,
```
sudo apt update
sudo apt install openssh-server
```

Link with details, for example troubleshooting tips,

help.ubuntu.com/community/SSH/OpenSSH/Keys

Related Solutions

Ubuntu – Proper way to let user enter password for a bash script using only the GUI (with the terminal hidden)

The -A sudo option allows you to specify a helper program (in the SUDO_ASKPASS variable) that will ask for the password.

Create a script to ask the password (myaskpass.sh):

#!/bin/bash
zenity --password --title=Authentication

Then insert this line at the beginning of your script:

export SUDO_ASKPASS="/path/to/myaskpass.sh"

and replace all occurences of sudo <command> with:

sudo -A <command>

You can use whatever password asking program you want instead of zenity. I had to encapsulate it within a script because SUDO_ASKPASS must point to a file, so it won't work with the --password option required by zenity.

The above works like a charm if it runs from command line or if you choose Run in terminal after double click the script file in the file manager, but if you choose Run or try to launch it from a .desktop file every sudo will ask for the for password again.

If you don't want a terminal window at all, you can store the password in a variable and pipe it to sudo -S. Maybe there's some security concerns, but I think it's pretty safe (read the comments on this answer).

Insert this line at the beginning of your script:

PASSWD="$(zenity --password --title=Authentication)\n"

and replace all occurences of sudo <command> with:

echo -e $PASSWD | sudo -S <command>

Ubuntu – execute shell script without entering password

Change the line in the sudoers file to:

kf   ALL=(ALL) NOPASSWD: /sbin/fstrim

I don't recommend, adding the script in /etc/sudoers, because the script can be altered and every command (the whole script) would then be executed with root privileges.

Best Answer

SSH key authentication is convenient and secure

Related Solutions

Ubuntu – Proper way to let user enter password for a bash script using only the GUI (with the terminal hidden)

Ubuntu – execute shell script without entering password

Related Question