Easy passwordless SSH with sshh

This little wrapper for SSH and SCP allows for comfortable management and scripting.

It is specifically recommended for developing and testing embedded systems and virtual machines  before production, where strong security is not required.

Usage

Use sshh and scpp exactly as you would use ssh and scp.

Instalation

Easy install! Paste on your zsh terminal

, or on bash

It requires sshpass to be installed in the system. In Debian and derivatives, do

Details

Most of us already know that the ideal way to do passwordless SSH is creating a public-private key pair and adding the public key to ~/.ssh/authorized_keys.

Also, the first time we log in remotely we will be prompted for confirmation and the connection will be registered in ~/.ssh/known_hosts.

This is all good and safe, but it is really not very practical when we are developing embedded systems, containers or virtual machines of some kind. Every time we flash our board or reinstantiate a virtual machine we will encounter this welcoming message

For this kind of work, we will have different systems appear in the same default IP address, meaning that every single time we will have to remove the line from authorized_keys and again confirm for known_hosts. This is not only unconvenient, but totally prevents automated scripts from working.

The next logical thing to do is to reconfigure our SSH client in ~/.ssh/config like this

We won’t be bothered with the message again. As long as we copy the public key every time then we can begin scripting until we reflash or run a new VM image.

We can still do better though. It is not ideal to change our configuration from its secure defaults, and we still need to copy the key and input the password at least once.

My favourite solution is to call ssh  with the right options from the command line

As for the password, we can use sshpass. It will accept the password in the command line, and that is fine for us because in this case, security is not a concern.

We can combine both solutions, but of course this is not something that is nice to read, let alone to type. We need a wrapper for this.

Enter sshh.

sshh will first prompt for your password, just as ssh . Upon successful login, it will save the password in the environment variable SSH_PWD . Consequent logins will use sshpass with the stored password.

If we are scripting or lazy we can export SSH_PWD  as part of the script or in .zshrc and .bashrc.

We can now summarize some advantages

  • There is no need to change configurations.
  • There is no need to generate keys and save them as part of the build process, which would have to be changed everytime we want to test from a new computer.
  • The public key method still works and takes precedence over SSH_PWD.
  • Care has been taken to allow for the same use cases as SSH: you can pipe to it, you can append commands, use here-strings and here-documents, and so on.
  • Ideal defaults for scripting, ServerAliveInterval  and ConnectTimeout  will detect connection problems fast enough so your routines will not remain stuck at a faulty board all night.

This all applies to scpp  just the same.

Should the stored password fail, you will be prompted for a new password, but if for whatever reason you want to be asked again, rewrite SSH_PWD  or unset it.

Code

github

References

https://www.digitalocean.com/community/tutorials/ssh-essentials-working-with-ssh-servers-clients-and-keys

Humbly sharing things that I find useful [ github | gist ]