Automating SCP and SFTP

Son Le · ‎01-24-2003

Hi...I am trying to automate SCP so that it sends a file over to a secure FTP site everynight. I just installed SSH package which include SCP and SFTP. I don't know where to begin doing this, can you guys please help me write a script or something that will do this. Here is an example:

server ip address: 192.168.1.5
user name: user
password: userpw

the file will be called test and will be in the temp directory:

/temp/test

and I want to transfer the file to the same directory on the remote side (192.168.1.5)

/temp/test

It works when i type in the following however i can't seem to include the password in it so after it connects, it will ask me to enter in my password:

# scp /temp/test user@192.168.1.5:/temp/test

user@192.168.1.5's password:

test 100% |******| 25 00:00

#

so that works...can someone please direct me or help me to write this so that its autoomated. Thanks so much.

Wilfred Chau_1 · ‎01-24-2003

You can use public key authentication so that you don't need to hardcode the password in your script.

1) su as the user. Generate a private/public keys pair. Depending on your version of SSH, most keys pair look like this: id_dsa & id_dsa.pub

2) ship the id_dsa.pub on the other end(the secure ftp server) & have the admin to authenticate you using that public key.

3) Then just write a script contains this line.

scp user@:

to help troubleshoot, add a -v argument to scp.

Steven E. Protter · ‎01-24-2003

Here is a document, originally from HP that tells you step by step on how to exchange public keys and do exactly what you wish to do.

I used this doc both for HP-UX and Linux.

Enjoy.

P

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

Son Le · ‎01-24-2003

i'll try it that way first but out of curiosity, how would you hardcode the password and have it automated? thanks for the response.

Sridhar Bhaskarla · ‎01-24-2003

Hi,

1. Generate public/private key pair on the localhost.

$ssh-keygen -t dsa -N ""

Take the defaults. It will create two files under your $HOME/.ssh directory id_dsa and id_dsa.pub. Copy id_dsa.pub file to your remote system (192.168.1.5) into /tmp directory.

Logon to the remote system and append id_dsa.pub file into $HOME/.ssh/authorized_keys. If there is no directory .ssh under $HOME, then create it. Use the following command to append the key.

$cat /tmp/id_dsa.pub >> /home/your_id/.ssh/authorized_keys

Now try scp. It should not prompt for the password.

-Sri

You may be disappointed if you fail, but you are doomed if you don't try

linuxfan · ‎01-28-2003

Hi,

I found keychain to be perfect in such cases.

http://www.gentoo.org/proj/en/keychain.xml

Do read the IBM developer articles he wrote.

Also you may want to check out Chris Wong's web site
http://newfdawg.com/SHP-Articles.htm

-HTH
Ramesh

They think they know but don't. At least I know I don't know - Socrates

Son Le · ‎02-26-2003

Hi everyone, I tried Sridhar Bhaskarla method and also some of the other method and it didn't work. Let me describe the system a little bit.

Local Computer: HP-UX 11.0
Remote Computer: Unknown

This is what I did:

on the local computer, I typed in the following:

$ssh-keygen -t dsa -N ""

which created the 3 files. I then scp id_dsa.pub to the remote system /home/temp/

I then logged into the remote system and did the following command:

$cat /home/temp/id_dsa.pub >> /home/temp/.ssh/authorized_keys

I then checked to make sure the file has the proper permission. It does. The only file in the directory .ssh is the authorized_keys. I then logged out of the remote system.

Now I am on the local computer. I typed in the following:
lets assume the remote system has an ip address of sftp.temp.com

$ssh sftp.temp.com

It then asked me for the password. I entered it in and then logged out. I then tried it again and it still asked me for the password. Can anyone please help me out. I am getting frustrated with this key stuff. Thanks for all your help. Much appreciated.

Son Le · ‎02-26-2003

anyone?? i kinda want to get this working ASAP. thanks

Chris Vail · ‎02-26-2003

If you've properly set up ssh, you don't need to use passwords at all. Use the command "scp /path/file host:path/file" and everything will be copasetic. I'm attaching a document I wrote on how to set up ssh so that passwords are not necessary, and you stil get a secure/encrypted connection. I seem to be posting this document several times a week here......

Chris

Son Le · ‎02-26-2003

Hi...I follow those instruction and still it doesn't work. However I don't have Citrix Metaframe so I couldn't copy and paste it, instead i just copy the same id_dsa.pub and rename it to authorized_keys. So in the folder ".ssh" of the local machine, i have id_dsa.pub, authorized_keys, id_dsa, known_hosts, and prng_seed. Here is what I did step by step. Hopefully you can find something wrong:

1. On local hp-ux machine.

$ ssh-keygen -t dsa

$ cd .ssh
$ ls
id_dsa.pub id_dsa prng_seed

$ cp id_dsa.pub /home/copy/.ssh/authorized_keys

$ chmod 644 authorized_keys

$ ssh sftp.test.com

The authenticity of host ' (ip address)....

$ scp /home/copy/.ssh/authorized_keys sftp.test.com:/home/copy/.ssh/authorized_keys

$

file transfered.

$ scp /home/copy/test sftp.test.com:/home/copy/test

enter your password:

[copy@sftp.test.com]$ exit

$ scp /home/copy/test sftp.test.com:/home/copy/test2

It then asked me for the password and what not. Can y ou please take a look at what I did and see if you can find anything that I did wrong. i followed the direction numerous of times and it still ask me for the password. I think i might be doing soething wrong. Can you please help me out. thanks alot.

Chris Vail · ‎02-26-2003

Citrix Metaframe for Unix just pushes the standard CDE across a Citrix connection. Its per-seat cost is a lot lower than the usual X-servers, so we use it here a lot. If you have Hummingbird, Reflection or other X server on your desktop, the instructions apply. That document was written for my internal users who generally don't have a clue as to how to run dtpad.

It looks like you're getting close. It appears that your ran ssh-keygen -t dsa for root, and then copied it to ~/.ssh directory of your user (copy). You need to be logged in as that user (su - copy) and re-run "ssh-keygen -t dsa" for each user, on each host system. Each user then has his/her own public/private key pair. You can't use one authorized_keys file for every user, but you can have an authorized_keys file that is common to several servers, but only the same user on each system.

Again: check the permissions on each users' home directory: they should be 755, while the authorized_keys file should be 644.

Post back here with your successes or problems.

Chris

Son Le · ‎02-27-2003

Hi Chris...I was logged in as the user when I ran the keygen. Also I made sure the directory and the authorized_keys had the right permission. So let me get this straight. The id_dsa.pub and authorized_keys has the same content in them? correct? After copying the file, I went into the file and went to the end of it and hit return as the instruction says. The authorized_key are to be transfer to the remote host, right? So the remote host has the authorized_key and the local computer has the id_dsa.pub. The local computer use the id_dsa.pub file to compare that with the authorized_key on the remote computer and if its correct, no password is required. Is that what the key does?? can you please let me know if thats correct or not.

Son Le · ‎02-27-2003

could different SSH verion have any effect on these instruction? I think I am using openssh 3.5p1.

Chris Vail · ‎02-27-2003

You wrote: $ cp id_dsa.pub /home/copy/.ssh/authorized_keys
Which I took to mean that you copied the file to the /home/copy/.ssh directory for the "copy" user. You didn't mention that you had logged in as the 'copy' user.

The id_dsa.pub key contains the key for that one particular host. The authorized_keys file contains the key for all hosts that you want to give login permission to. So, if all you have are two machines, the authorized_keys file should have the contents of BOTH id_dsa.pub keys, on both hosts.

If you use the "-t dsa" argument to the "ssh-keygen" command, it shouldn't matter which version of ssh you're using.

Oh yeah.....points are appropriate now.....

Chris

Son Le · ‎02-27-2003

Hi Chris, yeah I just gave you the points, at first I didn't know what you meant by it. Well right now I am just trying to get a local machine connected to another machine. It is still not working, anymore suggestion??

Chris Vail · ‎02-27-2003

You have checked permissions as mentioned: 755 on the home directory (and the directory above it) and 644 on the files in the .ssh directory?

Chris

Son Le · ‎02-27-2003

yes I double checked the permission, i even set the permission on both to 777 but it still doesn't work.

Chris Vail · ‎02-27-2003

Do not use permission of 777: it just won't work. It HAS to be 755 for the home directory, and 644 for the .ssh files. Also, check ownership: each file and the .ssh directory needs to be owned by the user for whom it was created--on both hosts.

If this doesn't work for you, then I'm stumped. We're using this on 30+ systems here, with dozens of users, and no one is reporting problems. When we have had problems, it was always an ownership or permission issue.

is the sshd daemon running?

Chris

Son Le · ‎02-27-2003

on the local machine (hp-unix), sshd is not running. However on the remote server (redhat 7.1) is running.

Son Le · ‎02-27-2003

right now the directory ".ssh" on the local machine (hp-unix) have the following ownership and permission:
the user is copy

drwxr-xr-x 2 copy sys 96 Feb 27 .ssh

here is the permission and ownership in the .ssh directory:

-rw-r--r-- 1 copy sys id_dsa

-rw-r--r-- 1 copy sys id_dsa.pub

-rw-r--r-- 1 copy sys known_hosts

-rw-r--r-- 1 copy sys prng_seed

Chris Vail · ‎02-28-2003

AHA! Start the secure shell daemon on the HP box with "/sbin/init.d/secsh start". Then try it again with "ssh copy:"ls -l" /etc/hosts".
Then email me directly: "cvail 'at' ercot dot com.

Chris

Bart Buitenhuis_1 · ‎08-10-2005

Is there someone who's got this working on OpenVMS? I've tried the contents of the document (by Chris Vail) but things seem to be different a bit.
7.3-2
TCPIP_ECO V5.4-155

Bart

Resistance is not an option.

Bart Buitenhuis_1 · ‎08-11-2005

Ok, I figured it out.

Resistance is not an option.

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Automating SCP and SFTP

Automating SCP and SFTP

Re: Automating SCP and SFTP

Re: Automating SCP and SFTP

Re: Automating SCP and SFTP

Re: Automating SCP and SFTP

Re: Automating SCP and SFTP

Re: Automating SCP and SFTP

Re: Automating SCP and SFTP

Re: Automating SCP and SFTP

Re: Automating SCP and SFTP

Re: Automating SCP and SFTP

Re: Automating SCP and SFTP

Re: Automating SCP and SFTP

Re: Automating SCP and SFTP

Re: Automating SCP and SFTP

Re: Automating SCP and SFTP

Re: Automating SCP and SFTP

Re: Automating SCP and SFTP

Re: Automating SCP and SFTP

Re: Automating SCP and SFTP

Re: Automating SCP and SFTP

Re: Automating SCP and SFTP

Re: Automating SCP and SFTP