Ssh – Remember SSH Password after once entered without SSH Keys


I've to work a lot with SSH on different Servers where I'm not allowed to store a public Key on the remote Server. So i cant use SSH-Keys and SSH-Agent.

The Authentication is over LDAP so its always the same Password. I would like to enter my password once per Session which is then stored somewhere and use it for all further Connections.

I’ve searched a lot and the best way I could find is to store the Password in an environment Variable and use sshpass like:

sshpass -e ssh username@servername

But I dont like the idea to know that my password is saved in an environment Variable. Is there a better way to do this?

Best Answer

Not really, by the sound of it.

I guess you could wrap sshpass in a script, to avoid having the password in your env, but then you have it written in a script. Basically, if a password must be involved, you probably just have to deal with it.

One possibility might be using SSH certificates instead of pubkeys, which allows more granularity and control (see

Kerberos also seems like it would tick everyone's boxes, but Kerberos isn't necessarily something people want to jump into, and I would have doubts about it ever being seriously considered. But it would provide pretty much exactly the kind of compromise you seek (no pubkeys, but also the ability to have passwordless logins during a session).

An intermediary solution that might account for your needs and the server operator's concerns/policies could be something like Teleport, which provides a jumphost and fairly strong access controls.

tl;dr: It sounds like you might need to bite the bullet if you want to avoid exposing your password, and your best bet might be to try and propose a solution that accounts for whatever concerns the admins have about pubkey.