top | item 41407672

(no title)

sshpass is a travesty of security.

It has all the pitfalls of putting your front door key under your doormat. Except you're doing it in a world where everyone can materialize a unique key out of thin air, and you can always instantly tell your door which of those keys should or shouldn't be allowed to open it.

sshpass is a curse, even calling it a crutch would be improper flattery. It's a dangerous cheat that accomplishes nothing except impeding people from otherwise spending the 20 minutes it takes to figure out SSH keys.

discuss

quesera|1 year ago

Yes this is the proper dogma, but you're missing the point.

Any automation around passwords is a crutch and a mistake. But sometimes it is necessary.

You don't always control the remote systems. The remote systems are not always capable of key-based auth. And sometimes the remote system is not of high concern so the "danger" is null.

sshpass makes a reasonable effort to do the best-possible thing under these less-than-ideal circumstances. The other options suck more.

My most recent use of sshpass is to collect reports from a vendor over sftp. I would have preferred to use https with BASIC auth, but in truth that has exactly the same problems as sshpass, and I have other hills to die on.

yusyusyus|1 year ago

sometimes the device you're connecting to doesnt support ssh keys.

unknown|1 year ago

[deleted]