How to provide SSH password inside a script or oneliner

If you ever need to provide a password for SSH login inside a bash script or a shell command, to avoid being asked a password when SSH keys are not used, it can be done with usage of expect command, or sshpass utility.

Using expect

Expect is a program that “talks” to other interactive programs according to a script.

Lets say you want to SSH to a server and run a remote command, ls for instance, with a command like this:

ssh [email protected] "ls -lh file"

If you are not using SSH keys, you will be prompted a password, and will need to enter it manually.

If you want to avoid entering a password, and have it inputted to login prompt automatically you can use expect command.

Provide SSH password inside a script.

Expect reads cmdfile for a list of commands to execute. Expect may also be invoked implicitly on systems which support the #! notation by marking the script executable, and making the first line in your script:
#!/usr/local/bin/expect -f

Example of a script which runs a remote command over SSH, with password being provided inside a script.

#!/usr/bin/expect -f
spawn ssh [email protected] "ls /file"
expect "assword:"
send "mypassword\r"


Running a SSH command with provided password inside a one-liner, can be done using expect -c and then putting the commands inside single quotes.

The -c flag prefaces a command to be executed before any in the script. The command should be quoted to prevent being broken up by the shell. This option may be used multiple times. Multiple commands may be executed with a single -c by separating them with semicolons.

Example of a one-line command:

expect -c 'spawn ssh [email protected] "ls -lh file"; expect "assword:"; send "mypassword\r"; interact'

Using sshpass

SSH password prompt can also be bypassed by connecting with sshpass command, which is available in EPEL repo in CentOS

To install sshpass, first make sure you have EPEL repo on your server.

You can install EPEL with

yum -y install epel-release

Install sshpass with

yum -y install sshpass

You can then connect to remote server with sshpass using a command similar to this:

sshpass -p 'password' ssh [email protected]

If you have never connected to the server before, you will probably not get connected to remote server due to host key checking.
To bypass host key checking use -o StrictHostKeyChecking=no option:

sshpass -p 'password' ssh -o StrictHostKeyChecking=no  [email protected]

Install ClamAV on RHEL/CentOS 7, and configure clamd

ClamAV on RedHat Enterprise Linux (RHEL) and CentOS 7 can be installed from Extra Packages for Enterprise Linux (EPEL) repository.

One liner to install EPEL repo, ClamAV packages, and correct configuration files.

yum -y install epel-release; yum -y install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd; sed -i '/^Example$/d' /etc/freshclam.conf; sed -i '/^Example$/d' /etc/clamd.d/scan.conf; sed -i -e 's/#LocalSocket \/var\/run\/clamd.scan\/clamd.sock/LocalSocket \/var\/run\/clamd.scan\/clamd.sock/g' /etc/clamd.d/scan.conf; sed -i '/REMOVE ME/d' /etc/sysconfig/freshclam; systemctl enable [email protected]; freshclam; systemctl start [email protected]; systemctl status [email protected];

If everything is OK, output should end something like this.

Downloading daily.cvd [100%]
daily.cvd updated (version: 20882, sigs: 1566229, f-level: 63, builder: neo)
Downloading bytecode.cvd [100%]
bytecode.cvd updated (version: 268, sigs: 47, f-level: 63, builder: anvilleg)
Database updated (3990501 signatures) from (IP:
[email protected] - Generic clamav scanner daemon
   Loaded: loaded (/usr/lib/systemd/system/[email protected]; enabled)
   Active: active (running) since Sun 2015-09-06 09:24:37 EDT; 16ms ago
 Main PID: 707 (clamd)
   CGroup: /system.slice/system-clamd.slice/[email protected]
           └─707 /usr/sbin/clamd -c /etc/clamd.d/scan.conf --nofork=yes

Sep 06 09:24:37 test.demo.local systemd[1]: Started Generic clamav scanner daemon.
Sep 06 09:24:37 test.demo.local clamd[707]: clamd daemon 0.98.7 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64)
Sep 06 09:24:37 test.demo.local clamd[707]: Running as user clamscan (UID 998, GID 997)
Sep 06 09:24:37 test.demo.local clamd[707]: Log file size limited to 1048576 bytes.
Sep 06 09:24:37 test.demo.local clamd[707]: Reading databases from /var/lib/clamav
Sep 06 09:24:37 test.demo.local clamd[707]: Not loading PUA signatures.
Sep 06 09:24:37 test.demo.local clamd[707]: Bytecode: Security mode set to "TrustSigned".
[[email protected] ~]#

ClamAV Installation details:

Install EPEL repo:

EPEL can be installed from CentOS Extras repository, which is enabled by default, with the following command.

yum -y install epel-release

In case epel-release package is not available for any reason, it can be installed from Webtatic or Fedora servers, with following commands.

rpm -Uvh


rpm -Uvh
Install ClamAV packages:

Once EPEL is installed ClamAV packages can be installed with the following command.

yum -y install clamav-server clamav-data clamav-update clamav-filesystem clamav clamav-scanner-systemd clamav-devel clamav-lib clamav-server-systemd

Once all necessary packages have been installed, freshclam.conf file needs to be edited, for ClamAV update to work.

Correct freshclam.conf file:

Default installation will return the following error when “freshclam” command is run, due to file being marked as example config file.

# freshclam
ERROR: Please edit the example config file /etc/freshclam.conf
ERROR: Can't open/parse the config file /etc/freshclam.conf

Error is caused by the following section in the freshclam.conf configuration file.

## Example config file for freshclam
## Please read the freshclam.conf(5) manual before editing this file.

# Comment or remove the line below.

As specified in the file, last line in this snippet, needs to be removed, or commented out, in order for “freshclam” command to work.
Line can be removed with the following command.

sed -i '/^Example$/d' /etc/freshclam.conf
Enable automatic Updates:

By default freshclam cronjob is disabled, and last line needs to be removed or commented out from /etc/sysconfig/freshclam in order for automatic updates to run.

[[email protected] ~]# cat /etc/sysconfig/freshclam
## When changing the periodicity of freshclam runs in the crontab,
## this value must be adjusted also. Its value is the timespan between
## two subsequent freshclam runs in minutes. E.g. for the default
## | 0 */3 * * *  ...
## crontab line, the value is 180 (minutes).

## A predefined value for the delay in seconds. By default, the value is
## calculated by the 'hostid' program. This predefined value guarantees
## constant timespans of 3 hours between two subsequent freshclam runs.
## This option accepts two special values:
## 'disabled-warn'  ...  disables the automatic freshclam update and
##                         gives out a warning
## 'disabled'       ...  disables the automatic freshclam silently

### !!!!! REMOVE ME !!!!!!
### REMOVE ME: By default, the freshclam update is disabled to avoid
### REMOVE ME: network access without prior activation
[[email protected] ~]#

Lines can be removed with following command.

sed -i '/REMOVE ME/d' /etc/sysconfig/freshclam
Correct scan.conf file:

Same needs to be done for scan.conf file

## Example config file for the Clam AV daemon
## Please read the clamd.conf(5) manual before editing this file.

# Comment or remove the line below.

Following command removes the line from scan.conf file.

sed -i '/^Example$/d' /etc/clamd.d/scan.conf

We also need to define the socket file.
If we try to run clamd, following error is returned.

[[email protected] ~]# clamd -c /etc/clamd.d/scan.conf
ERROR: Please define server type (local and/or TCP).
[[email protected] ~]#

Checking the scan.conf file, we see socket file is commented out.

# Path to a local socket file the daemon will listen on.
# Default: disabled (must be specified by a user)
#LocalSocket /var/run/clamd.scan/clamd.sock

Comment can be removed with following command.

sed -i -e 's/#LocalSocket \/var\/run\/clamd.scan\/clamd.sock/LocalSocket \/var\/run\/clamd.scan\/clamd.sock/g' /etc/clamd.d/scan.conf