Logging with SSH can be a cumbersome task. Sure, there are solutions to this problem, but most are based on the assumption you can add your credentials to the server. The reality is that sometimes servers may not give you access to do that.
The script I’m presenting works solely on client side. Nothing complex and nothing new. In fact, I simply unified two separate solutions into a single one. If the title didn’t hint you off, by the end of this post you’ll be able to login and have Touch ID acting as your password. Touch ID is what I’ve got close to my fingertips (pun intended), but the idea is there and you can adapt to your own preference.
Here is the gist, we save our SSH login password to a file which can only be accessed with sudo. We also enable usage of Touch ID for sudo access. The script then relies on expect and reads the password file triggering Touch ID.
The file that’ll contain the password must only contain it. Once created, I recommend removing the permissions to all users so only sudoers can access it. You can do this with chmod a-rwx <PATH_TO_PASSWORD_FILE>.
I won’t detail how you can enable Touch ID for sudo access, but instead point you to the same Stack Overflow thread that I followed. If you use iTerm, pay attention as you may need to do an additional step.
Now, we’re just a script away from automating the process. Here’s my tweaked version from JournalDev:
#!/usr/bin/expect
# Connects via SSH to the host passed as argument
set timeout 60
set server [lindex $argv 0]
set username <USERNAME>
set password [exec sudo cat <PATH_TO_YOUR_PASSWORD_FILE>]
spawn ssh $username@$server
expect {
"yes/no" { send "yes\r" ; exp_continue }
"*?assword" { send "$password\r" }
}
interact
Customize this script as you want and add it to your $PATH.
Everything should work now!
Added bonus: Touch ID works now as an alternative of entering the password for sudo commands.