A few weeks ago, I looked around for a method to store a password but
coudn't find any other than a patch to store passwords in the Mac OS X
Keychain.

I don't have login or any shell access on remote box.

I am not using an SSH key.

I couldn't see anyway to use ssh-agent to do what I want. (I do use
ssh-agent with keys continually, but in this case I don't have a key.)

Anyways, here is a patch below my signature. Any thoughts on this? Or any
better way? I know an alternative is to use "expect".

For ssh2 this works for both keyboard-interactive and also for regular
"password" authentication method. So probably this could be improved.

Jeremy C. Reed

--- readconf.c.orig 10 Mar 2007 23:05:25 -0000 1.32
+++ readconf.c 22 May 2007 21:42:47 -0000
@@ -97,6 +97,7 @@
ForwardAgent no
ForwardX11 no
PasswordAuthentication yes
+ Password pass-phrase
RSAAuthentication yes
RhostsRSAAuthentication yes
StrictHostKeyChecking yes
@@ -113,7 +114,7 @@
oBadOption,
oForwardAgent, oForwardX11, oForwardX11Trusted, oGatewayPorts,
oExitOnForwardFailure,
- oPasswordAuthentication, oRSAAuthentication,
+ oPasswordAuthentication, oPassword, oRSAAuthentication,
oChallengeResponseAuthentication, oXAuthLocation,
#if defined(KRB4) || defined(KRB5)
oKerberosAuthentication,
@@ -158,6 +159,7 @@
{ "useprivilegedport", oUsePrivilegedPort },
{ "rhostsauthentication", oDeprecated },
{ "passwordauthentication", oPasswordAuthentication },
+ { "password", oPassword },
{ "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
{ "kbdinteractivedevices", oKbdInteractiveDevices },
{ "rsaauthentication", oRSAAuthentication },
@@ -425,6 +427,10 @@
intptr = &options->password_authentication;
goto parse_flag;

+ case oPassword:
+ charptr = &options->password;
+ goto parse_string;
+
case oKbdInteractiveAuthentication:
intptr = &options->kbd_interactive_authentication;
goto parse_flag;
@@ -1057,6 +1063,7 @@
options->gss_authentication = -1;
options->gss_deleg_creds = -1;
options->password_authentication = -1;
+ options->password = NULL;
options->kbd_interactive_authentication = -1;
options->kbd_interactive_devices = NULL;
options->rhosts_rsa_authentication = -1;

--- readconf.h.orig 28 Sep 2006 21:22:14 -0000 1.17
+++ readconf.h 22 May 2007 21:42:47 -0000
@@ -57,6 +57,7 @@
int gss_deleg_creds; /* Delegate GSS credentials */
int password_authentication; /* Try password
* authentication. */
+ char *password; /* Use this password instead. */
int kbd_interactive_authentication; /* Try keyboard-interactive auth. */
char *kbd_interactive_devices; /* Keyboard-interactive auth devices. */
int batch_mode; /* Batch mode: do not ask for passwords. */

--- sshconnect1.c.orig 2006-11-07 06:14:42.000000000 -0600
+++ sshconnect1.c 2007-05-22 17:28:01.000000000 -0500
@@ -453,9 +453,17 @@
if (options.cipher == SSH_CIPHER_NONE)
logit("WARNING: Encryption is disabled! Password will be transmitted in clear text.");
for (i = 0; i < options.number_of_password_prompts; i++) {
- if (i != 0)
- error("Permission denied, please try again.");
- password = read_passphrase(prompt, 0);
+ if (i != 0) {
+ if (options.password && (1 == i))
+ error("Pre-defined password failed. Try manually.");
+ else
+ error("Permission denied, please try again.");
+ }
+ if (options.password && (0 == i)) {
+ debug("Using pre-defined password.");
+ password = options.password;
+ } else
+ password = read_passphrase(prompt, 0);
packet_start(SSH_CMSG_AUTH_PASSWORD);
ssh_put_password(password);
memset(password, 0, strlen(password));

--- sshconnect2.c.orig 2006-09-01 00:38:37.000000000 -0500
+++ sshconnect2.c 2007-05-22 18:04:44.000000000 -0500
@@ -740,12 +740,21 @@
if (attempt++ >= options.number_of_password_prompts)
return 0;

- if (attempt != 1)
- error("Permission denied, please try again.");
+ if (attempt != 1) {
+ if (options.password && (2 == attempt))
+ error("Pre-defined password failed. Try manually.");
+ else
+ error("Permission denied, please try again.");
+ }

- snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password: ",
- authctxt->server_user, authctxt->host);
- password = read_passphrase(prompt, 0);
+ if (options.password && (1 == attempt)) {
+ debug("Using pre-defined password.");
+ password = options.password;
+ } else {
+ snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password: ",
+ authctxt->server_user, authctxt->host);
+ password = read_passphrase(prompt, 0);
+ }
packet_start(SSH2_MSG_USERAUTH_REQUEST);
packet_put_cstring(authctxt->server_user);
packet_put_cstring(authctxt->service);

--- ssh_config.5.orig 2007-05-22 18:15:13.000000000 -0500
+++ ssh_config.5 2007-05-22 18:17:14.000000000 -0500
@@ -656,6 +656,9 @@
Specifies the number of password prompts before giving up.
The argument to this keyword must be an integer.
The default is 3.
+.It Cm Password
+Specifies the password to be used for password authentication.
+TODO: add a disclaimer about security here.
.It Cm PasswordAuthentication
Specifies whether to use password authentication.
The argument to this keyword must be