SSH Wrapper with Password and TOTP Support
Project description
PSSH - SSH Wrapper with Password and TOTP Support
PSSH is a Python-based SSH wrapper that provides automatic password and TOTP (Time-based One-Time Password) support for SSH connections.
Features
- Automatic password authentication using stored credentials
- TOTP support for two-factor authentication
- Non-interactive SSH connections using SSH_ASKPASS
- Interactive SSH wrapper with automatic credential injection
- Secure credential storage in
~/.ssh/.sshpt
Installation
From Source
- Clone the repository:
git clone <repository-url>
cd pssh
- Install the package:
pip install -e .
This will:
- Install the Python package
- Create a
wsshexecutable in the project directory - Install the
psshcommand-line tool
Configuration
Create a configuration file at ~/.ssh/.sshpt with your credentials:
{
"example.com": {
"password": "your_password_here",
"totp": "your_totp_secret_here"
},
"another-server.com": {
"password": "another_password"
}
}
Configuration Options
password: The password for the SSH connectiontotp: The TOTP secret key for two-factor authentication
Usage
Method 1: Using the wssh executable
The wssh executable works as a drop-in replacement for ssh:
./wssh user@example.com
This will:
- Set
SSH_ASKPASSto use the Python script - Automatically provide passwords and TOTP codes when prompted
- Fall back to interactive prompts if credentials are not configured
Method 2: Using the pssh command
pssh user@example.com
This runs the interactive SSH wrapper that automatically injects credentials.
Method 3: Manual SSH_ASKPASS setup
You can also set up SSH_ASKPASS manually:
export SSH_ASKPASS="python /path/to/pssh/main.py"
ssh user@example.com
How It Works
-
SSH_ASKPASS Mode: When SSH prompts for a password, the Python script is called with the SSH arguments. It parses the hostname and looks up credentials in the configuration file.
-
Interactive Mode: The script spawns an SSH process and automatically responds to password and TOTP prompts using stored credentials.
-
Credential Storage: Credentials are stored in JSON format in
~/.ssh/.sshpt. Make sure this file has appropriate permissions (600).
Security Considerations
- Store the configuration file with restricted permissions:
chmod 600 ~/.ssh/.sshpt - Consider using a password manager or encrypted storage for sensitive credentials
- The TOTP secret should be kept secure and not shared
Requirements
- Python 3.9+
- pexpect
- pyotp
License
MIT License
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file py_askpass-0.0.0.tar.gz.
File metadata
- Download URL: py_askpass-0.0.0.tar.gz
- Upload date:
- Size: 3.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.10.14
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
97748e43968ba97ce4d873a0add17b382a65f7e81f10ad0ac697f8d9a94fb7dd
|
|
| MD5 |
453af71ef13304cc99b3d6f1b4c867ab
|
|
| BLAKE2b-256 |
85d5b87bf01a196710a2bf74e8de0e3d706153813a9f897a238d137ccd9a1fe1
|
File details
Details for the file py_askpass-0.0.0-py3-none-any.whl.
File metadata
- Download URL: py_askpass-0.0.0-py3-none-any.whl
- Upload date:
- Size: 4.1 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.1.0 CPython/3.10.14
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
01ff52e7a4b2a10b585071fb468674d1c79d65dacd3212df43f3cb30f863301b
|
|
| MD5 |
49132fbbeb58bf01c4f1b21f7b014a30
|
|
| BLAKE2b-256 |
18727f1b8acf091afe4691b4904eea6b7a4156ffc67f41d3a1b1a44dfe758034
|
