SalesforceDX: Log in to sandbox by username/password from command line without browser involved

sfdx force:auth only provides the JWT and web OAuth login methods:

sfdx force:auth commands: (get help with sfdx help force:auth:COMMAND)
 force:auth:jwt:grant      authorize an org using the JWT flow
 force:auth:logout         log out from authorized orgs
 force:auth:sfdxurl:store  authorize an org using an SFDX auth URL
 force:auth:web:login      authorize an org using the web login flow

But... there's a couple of different ways around the lack of a direct username/password login option.

One's to use sfdx force:source:convert to build a Metadata API package. Provided you have configured your sandbox so that CLI access doesn't require completing the verification code (or you're logging in with a security token), you can then use any existing Metadata API deployment tool ( Migration Tool, CLI, etc) to perform the deploy using the username and password alone.

Another route is to login to the sandbox by hand once, locally, via force:auth:web:login. Then do sfdx force:org:display -u <username> --verbose to get the SFDX authentication URL, which starts with force:// and includes the OAuth refresh token (not the session id). You can store that securely in an encrypted file and later load it into SFDX with sfdx force:auth:sfdxurl:store -f <thefile>. (Credit to CRMScience for documenting this approach).

You could use the auth command from the sfpowerkit plugin:

sfpowerkit auth:login

It supports login with username-password combination (probably will need security token as well). A functionality that the standard CLI lacks