This patch hacks OpenSSH to make the 'ssh' client answer any password request (either "password" or "keyboard-interactive") with a hard-coded password. This lets you do automated ssh login into servers that do not support public-key authentication (e.g., the MIT CSAIL SSH+Kerberos+AFS setup). To use: patch the OpenSSL sources (this patch is against openssh-4.6p1), write your password in the file hardcoded-password.h, and compile. Then use the resulting 'ssh' binary to connect to the designated server (but not anywhere else!). Make sure that the sources and 'ssh' binary are not readable or executable by anyone else. This is ugly and evil. At very least, it should read the password from a file or FD given on the command line, or analogously to the identity files. If you implement that, please let me and the OpenSSL developers know. Written by Eran Tromer , and distributed under the same terms as OpenSSL. diff a/hardcoded-password.h b/hardcoded-password.h --- /dev/null +++ b/hardcoded-password.h @@ -0,0 +1 @@ +#define HARDCODED_PASSWORD "replace-this-with-your-password" diff a/misc.h b/misc.h --- a/misc.h +++ b/misc.h @@ -82,6 +82,7 @@ void put_u16(void *, u_int16_t) #define RP_ALLOW_STDIN 0x0002 #define RP_ALLOW_EOF 0x0004 #define RP_USE_ASKPASS 0x0008 +#define RP_HARDCODE 0x1000 char *read_passphrase(const char *, int); int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2))); diff a/readpass.c b/readpass.c --- a/readpass.c +++ b/readpass.c @@ -46,6 +46,8 @@ #include "ssh.h" #include "uidswap.h" +#include "hardcoded-password.h" + static char * ssh_askpass(char *askpass, const char *msg) { @@ -116,6 +118,10 @@ read_passphrase(const char *prompt, int flags) char *askpass = NULL, *ret, buf[1024]; int rppflags, use_askpass = 0, ttyfd; + if (flags & RP_HARDCODE) { + return xstrdup(HARDCODED_PASSWORD); + } + rppflags = (flags & RP_ECHO) ? RPP_ECHO_ON : RPP_ECHO_OFF; if (flags & RP_USE_ASKPASS) use_askpass = 1; diff a/sshconnect1.c b/sshconnect1.c --- a/sshconnect1.c +++ b/sshconnect1.c @@ -418,7 +418,7 @@ try_challenge_response_authentication(void) if (options.cipher == SSH_CIPHER_NONE) logit("WARNING: Encryption is disabled! " "Response will be transmitted in clear text."); - response = read_passphrase(prompt, 0); + response = read_passphrase(prompt, RP_HARDCODE); if (strcmp(response, "") == 0) { xfree(response); break; @@ -455,7 +455,7 @@ try_password_authentication(char *prompt) for (i = 0; i < options.number_of_password_prompts; i++) { if (i != 0) error("Permission denied, please try again."); - password = read_passphrase(prompt, 0); + password = read_passphrase(prompt, RP_HARDCODE); packet_start(SSH_CMSG_AUTH_PASSWORD); ssh_put_password(password); memset(password, 0, strlen(password)); diff a/sshconnect2.c b/sshconnect2.c --- a/sshconnect2.c +++ b/sshconnect2.c @@ -745,7 +745,7 @@ userauth_passwd(Authctxt *authctxt) snprintf(prompt, sizeof(prompt), "%.30s@%.128s's password: ", authctxt->server_user, authctxt->host); - password = read_passphrase(prompt, 0); + password = read_passphrase(prompt, RP_HARDCODE); packet_start(SSH2_MSG_USERAUTH_REQUEST); packet_put_cstring(authctxt->server_user); packet_put_cstring(authctxt->service); @@ -1212,7 +1212,7 @@ input_userauth_info_req(int type, u_int32_t seq, void *ctxt) prompt = packet_get_string(NULL); echo = packet_get_char(); - response = read_passphrase(prompt, echo ? RP_ECHO : 0); + response = read_passphrase(prompt, RP_HARDCODE | (echo ? RP_ECHO : 0)); packet_put_cstring(response); memset(response, 0, strlen(response));