Is there any way to automate ssh login, without sshpass or expect?

The context here is that I have a series of embedded Linux systems at work. They do not have internet access. They are frequently re-imaged. I do not control the OS image and the owning team is not interested in incorporating sshpass or expect into the OS builds.

These are test machines only accessible from an internal network. Currently the update process is quite painful and involves me manually scp'ing files between 3 hops. I would like to automate this process with a script, it would likely save me several hours per week. The current workflow is for me to have a gigantic series of 3-deep nested tmux sessions with various panes, in which I run very similar commands. It works, but it's not fun. However as far as I can tell, there is no way to plaintext pipe a password to regular ssh. The password for all these machines is just root, since they are test & development machines only.

Things I have seen which I believe won't work:

• Shared keys: these machines are re-imaged daily to multiple times per day. I cannot expect a persistent key.
• sshpass or expect: as stated above, the OS team has declined my request to add these.
• Installing any non-default UNIX tools, since these machines have no internet access.

First, my condolences. You've been made responsible for solving this problem without being supported to do it properly. If the systems are being regulardly re-imaged, installing keys should be easily added to that build flow. If the responsible team isn't willing to do that, that seems hard to justify.

And you're right - by design, there's no way to pass ssh a password on the command line. So there aren't many options to automate further without installing something else, just as you've said.

Given the constraints - and assuming that you shouldn't store the password anywhere - I'd say a script that uses nested SSH (using multiple invocations of the -J flag) to reduce your hops, and having the password ready to paste in your paste buffer, would minimize your effort.

One more suggestion. You mention no Internet access, but if there are any scripts or tools that you could make internally available, you could pull them from that internal source to your target systems. Pulling a single 'bootstrap' script, and then running that script to install any other statically compiled utilities (or even certificates or SSH keys!), might be efficient. It would have to be re-done every time the systems are rebuilt, but the script could even check to see whether or not the target system has been re-imaged or not, and only install what's missing. In other words, you could automate the process of returning rebuilt systems to supportability.

Either way, good luck. If Hallmark made a card for this, I would get it for you. :D