topic Re: SFTP script in Operating System - HP-UX

SFTP script

Dewa Negara_4 — Tue, 07 Sep 2004 03:38:25 GMT

Hi All,

Pls help. I am running the following script to transfer file using sftp. Everytime the script running, it's always prompting a password. It looks like the script ignores stdin.

Is there anyway to prevent from prompting a password wihthout generate public/private keys.

Pls help. High score will be given.

Thanks an Best Regards,
Negara

Re: SFTP script

Dewa Negara_4 — Tue, 07 Sep 2004 03:39:25 GMT

So sorry forgot to attach the script.

sftp ap1030@sihp8024 <<-EOF

get test_file
bye
EOF

Thanks.

Re: SFTP script

Muthukumar_5 — Tue, 07 Sep 2004 04:02:16 GMT

Dewa,

Did you make the setup of interactive sftp or not. We can not include the passwd of sftp in the command line without setting the ssh* on interactive setup.

openssh 3.9 version is supporing rhosts with out any key after compromising the security and some setup issues there.

Best way on this is to use RhostsRSAauthentication method for sftp.

You are going to create one host key and put that key in the remote hosts known_hosts file with hostname.

If you want to come out from sftp then use ftp easily as,

ftp -i hostname -n <<-EOF 2>/dev/null
open username passwd
ls
bye
EOF

Without making interactive setup for s* commands we can not expect your requirement completion.

And Refer this to setup s* commands not to look passwd with RhostsRASauthenticaiton as,

http://www.akadia.com/services/ssh_scp_without_password.html

Re: SFTP script

Michael Selvesteen_2 — Tue, 07 Sep 2004 04:11:16 GMT

If you are not concerned about periling your password, expect script can easily do the job.

Try the following,

The following script will spawn sftp in batch mode. The password prompt will be taken care by the expect.

#!/usr/local/bin/expect

spawn sftp -b batchFile ap1030@sihp8024
expect "password:"
send "\n";
interact

your batchFile may contain

get test_file
bye

A one step level of security can be encrypting your expect script using gnupg so that your password will be concealed

http://www.gnupg.org/

For more information on expect scripts

http://expect.nist.gov/

A example of automating sftp using expect can be seen at the following link

http://linux-bsd-central.com/index.php/content/view/26/29/

All the best

Re: SFTP script

Dewa Negara_4 — Tue, 07 Sep 2004 05:09:39 GMT

Hi Muthu,

I have tried already, but it didn't work. Is it because my version is 3.7?

[root@sihp8012:/home/ap1030/aldo]
# ssh -V
OpenSSH_3.7.1p2, SSH protocols 1.5/2.0, OpenSSL 0.9.7c 30 Sep 2003

Hi Michael,
Thanks alot for your help. The script is running well. I am considering to use the script, but I will try to find out how to encrypt expect script. Do you have the example how to do that, since I still can not find the link that you sent me.

Thanks alot.

Re: SFTP script

Michael Selvesteen_2 — Tue, 07 Sep 2004 06:45:31 GMT

Hi Dewa,

Nice to hear that your problem got solved.

Regarding gnupg, It is an opensouce encryption tool based on PGP ( Pretty Good Privacy ). It is a public-key encryption application.

You can get the source from http://www.gnupg.org

Here it is in action:

$ gpg -e my_secret_file.txt

Once this is done a file called 'my_secret_file.txt.gpg' is created in your current directory. Any attempts to view the contents of this file will prove futile unless you encrypted it using your own Public Key.

To decrypt it you simply use the -d switch followed by the encrypted file.

$ gpg -d secret_file.txt.gpg

Since you have your private key contained within your secret key ring GnuPG can determine whom 'secret_file.txt.gpg' was intended for and will decrypt it after you provide your passphrase.

For more information refer the following link

http://www.technocage.com/~caskey/gnupg/pgp2gnupg.html

Hope this helps.

Re: SFTP script

Seth Parker — Tue, 07 Sep 2004 20:04:20 GMT

I'm curious. If you're going to go to the trouble of using GPG and having to maintain a keyring, why not just use public key authentication in SFTP? If the remote host supports SSH2 you can do the following:

Use "ssh-keygen -t dsa" to generate the files $HOME/.ssh/id_dsa and $HOME/.ssh/id_dsa.pub. Don't give it a passphrase (the script looks like it's going to be run unattended).

Append the contents of id_dsa.pub to $HOME/.ssh/authorized_keys on the remote host.

This will allow you to log on to ssh, scp and scp using public key authentication when you either specify the identity file (id_dsa), or when that file is in the current user's configured $HOME directory.

Your script could change to:

sftp ap1030@sihp8024 <<-EOF
get test_file
bye
EOF

or the equivalent:

sftp ap1030@sihp8024:test_file

I'd love to hear comments on this!

Regards,
Seth

Re: SFTP script

Steven E. Protter — Tue, 07 Sep 2004 21:14:11 GMT

If you exchange public keys between the servers, you can do it with scp and will not have to hard code a password into a script.

I'm attaching instructions. They refer to X, you can do it with careful cat commands. Pay attention to directory permissions.

Word doc.
Its in this thead. I can't find a copy here right now.
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=144612

SEP

Re: SFTP script

Dewa Negara_4 — Wed, 08 Sep 2004 00:10:20 GMT

Hi Michael,

Thanks alot. I tried to install GPG on my test server using configure, make, make install and make clean respectively. But when I tried to run gpg, I got the error as below :

[root@sihp8012:/tmp]
# gpg -e sftp
gpg: failed to create temporary file `/root/.gnupg/.#lk4000d3c0.sihp8012.9344': No such file or directory
gpg: keyblock resource `/root/.gnupg/secring.gpg': general error
gpg: failed to create temporary file `/root/.gnupg/.#lk4000d3c0.sihp8012.9344': No such file or directory
gpg: keyblock resource `/root/.gnupg/pubring.gpg': general error
You did not specify a user ID. (you may use "-r")

Enter the user ID. End with an empty line: 123456CA
No such user ID.

Enter the user ID. End with an empty line: ap1030
No such user ID.

Enter the user ID. End with an empty line:
gpg: no valid addressees
gpg: sftp: encryption failed: no such user id

[root@sihp8012:/tmp]
# gpg sftp
gpg: failed to create temporary file `/root/.gnupg/.#lk4000d3c0.sihp8012.9345': No such file or directory
gpg: keyblock resource `/root/.gnupg/secring.gpg': general error
gpg: failed to create temporary file `/root/.gnupg/.#lk4000d3c0.sihp8012.9345': No such file or directory
gpg: keyblock resource `/root/.gnupg/pubring.gpg': general error
gpg: no valid OpenPGP data found.
gpg: processing message failed: eof

Any idea what is wrong?

Hi Seth,
Thanks alot for your great contribution. The main reason why we are not considering public/private keys is that the policy for the keys have not been established yet. So this just for temporary solution before using public/private keys.

Hi Steven,
Thanks alot for answer.