Automating Scp Password Without Sshpass

On RedHat Enterprise Linux, sshpass isn’t available in the standard package repositories (it needs the EPEL repos) so, when working on air-gapped servers, an alternative is to build a script around “expect”. Here’s a re-usable script:

    #Install "expect" which is a dependency
    #sudo yum install -y expect

    #!/usr/bin/expect -f
    # Usage: scp.exp <hostname> <username> <password> <local_source_file> <destination_file>
    set server [lrange $argv 0 0]
    set name [lrange $argv 1 1]
    set pass [lrange $argv 2 2]
    set src [lrange $argv 3 3]
    set dest [lrange $argv 4 4]
    spawn scp -oStrictHostKeyChecking=no -oCheckHostIP=no $src $name@$server:$dest
    match_max 100000
    expect "*?assword:*"
    send -- "$pass\r"
    send -- "\r"
    interact

Combine the script with “read” to securely read the password:

    read -s -p "Password: " password
    #Use the password BASH variable like this:
    #echo $password
    #...but, obviously, not to echo it