At work, I access both a remote system via SSH and some web interfaces that login through LDAP. I use 1password to manage my passwords, but I can't seem to find a simple way to input the password from the password manager to SSH. I saw sshpass
but it can show the password in ps
, which is really bad security, and also doesn't work in my case. Is there any way to input a password from an external program or script through SSH directly, or are there facilities within SSH that I can leverage and keep the passwords in sync? Such as keeping a key file that I unlock for SSH that has the same password, which is updated whenever I update the password. Note I can't directly use keys to log into the system because it's not built to support it.
Edit: One commenter pointed out that sshpass
will show the password in ps
, which is a no-go. I also can't directly alias ssh
to something like sshpass ... ssh
because I do still log into systems that use keys.
Edit 2: I got confirmation that a password manager is okay, and I attempted to use sshpass
with a file descriptor to log into the server but it doesn't seem to work — instead of giving me a prompt to enter my RSA token, I just get nothing, which makes me think it doesn't run through the same code and won't accept sshpass
.
Best Answer
sshpass
does not have to show the password in the ps. It might read it an environment variable:or from a file: