SSH and passwords

[edg_ars]

How can I connect to server via SSH without password being asked (and no public-private keys)?

I did try (and failed):
echo password | ssh username@host
It still asks for the password...

Facts:
- I need this for an rsync script like this: rsync.exe -rvz -e ssh localpath username@host:remotepath
- I didn't find that rsync supports anything else but ssh and rsh, therefore I'm stuck with the ssh.
- The server I need to connect to security policy restricts ssh private-public key authorization. And I can not change that.
- I don't care that this password is being stored plaintext on my computer.

Any ideas or suggestions?

[DThor]

AFAIK you're stuck. You need keys to do this with ssh, or else you have to enter your password, or use rsh(ech), all of which you say are non-options.

I'm assuming you know all about setting up the key system - I would pressure the server guys to let you do that. It's pretty damned safe and just requires two files in a home directory on the server.

DT

[spoon!]

Many scripting languages, like Perl, PHP, etc. have libraries/modules that implement SSH and will let you connect using a password.

[DThor]

That would require control on the server side, though, wouldn't it? Given their not even letting him store a couple of config files in .ssh, I'm not sure that's likely. In the end, authentication has to happen on the server side when you're trying to upload to it. It would be a far more significant security hole on the server giving him scripting library access than simply supporting ssl.

DT

[edg_ars]

I modified the ssh source code (openssh 4.3p1-2) adding a password parameter for the authentication mode "password".
ssh connection can be opened like this now:
ssh -o PreferredAuthentications=password -z mypassword user@host
So, now what can do is:
rsync -rvz -e "ssh -o PreferredAuthentications=password -z mypassword" localpath username@host:remotepath
Yes, the secureness of it is close to zero. But I don't need much security in this case. What I needed was to get the rsync to work and I did it.

Btw, if anyone else is interested in having the password option (but if you really need it, because it's unsecure!), here's the changes I made:

ssh.c
---was---
" [-w tunnel:tunnel] [user@]hostname [command]\n"
---new---
" [-w tunnel:tunnel] [-z login_pass] [user@]hostname [command]\n"


ssh.c
---was---
while ((opt = getopt(ac, av,
"1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:L:MNO:PR:S: TVw:XY")) != -1) {
---new---
while ((opt = getopt(ac, av,
"1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:L:MNO:PR:S: TVw:XYz:")) != -1) {


ssh.c
---was---
case 'l':
options.user = optarg;
break;
---new---
case 'l':
options.user = optarg;
break;
case 'z':
options.password = optarg;
break;


readconf.h
---was---
char *user; /* User to log in as. */
---new---
char *user; /* User to log in as. */
char *password; /* Password to use in the
* first try of the password
* authentication */

readconf.h
initialize_options
---was---
options->user = NULL;
---new---
options->user = NULL;
options->password = NULL;


sshconnect2.c
userauth_passwd
---was---
password = read_passphrase(prompt, 0);
---new---
if (attempt == 1 && options.password != NULL) {
password = xstrdup(options.password);
debug2("Password given as command line argument.");
} else {
password = read_passphrase(prompt, 0);
}

[DThor]

LOL! Very cool, but I'd be a little surprised if the server that was so restrictive about your keys took to this kindly. I still don't understand how you can do this all on the client end!

DT

[edg_ars]

The server people have made effort to configure the server to work well. Any change is a potential threat to server stability and security. They better like to ignore my suggestions. And then I better spend half a day to create a little ssh modification. I had already spent even more time to find a way to give password without changing the ssh source.