Re: SFTP for multiple users

Robert Legatie · ‎07-07-2009

Hello,

I need to send files using sftp but the thing is there are 18 different users that need to send files. But all of them will use the same ID and password to connect to the remote server. Can someone please suggest a way to do this. High points will be awarded to the solution.

Thanks in advance.

James R. Ferguson · ‎07-07-2009

Hi Robert:

> But all of them will use the same ID and password to connect to the remote server.

So what are you asking? This isn't an issue involving languages and scripting, this is a security and administrative problem.

Regards!

...JRF...

Robert Legatie · ‎07-07-2009

I am looking for a script to do this. The security is not a problem. What i can use for this a for loop or case statement.

Thanks.

James R. Ferguson · ‎07-07-2009

Hi (again) Robert:

My choice would be to do this in Perl. If you want a pure shell script, though, use SFTP (Secure FTP) and public keys.

# cat .mysftp
HOST=$1
FILE=$2
sftp -b - <lcd /tmp
cd /tmp
put -P ${FILE} ${FILE}.backup
EOF
RC=$?
print -u2 "\nSFTP returned ${RC}"
exit ${RC}

...

Regards!

...JRF...

OldSchool · ‎07-08-2009

"I need to send files using sftp but the thing is there are 18 different users that need to send files. But all of them will use the same ID and password to connect to the remote server. Can someone please suggest a way to do this. High points will be awarded to the solution."

--and--

"I am looking for a script to do this. The security is not a problem. What i can use for this a for loop or case statement."

To do WHAT? I still can't understand what you are driving at....you have 18 different users that will all use the same 19th id to send files? How would a loop enter into this?????

If that's the case, it might be as simple as set up the 19th id, set-up / exchange keys, provide to private key to each of the 18 original users...

then they would do something like "sftp 19thID@dest.server.....

of course, JRF's crystal ball may be working better than mine is

James R. Ferguson · ‎07-08-2009

Hi (again):

> OldSchool: of course, JRF's crystal ball may be working better than mine is

Nope. I too was mystified by this request. 'Case' statements and 'for' loops as Robert mentioned don't make sense the way the problem is stated so I offered the abstract core of a shell-based SFTP script.

Regards!

...JRF...

Ganesan R · ‎07-08-2009

Hi Robert,

If 18 users are going to use the same id and password, then you could easily setup passwordless login between 18 source users and the remote user. You need to copy the remote user's public key into autherized_keys file of 18 users.

Once you setup the password less login simple script like below would do your task.

#-------------------------------------------------------
# Connect to remote server and put the files
#-------------------------------------------------------
sftp remoteuser@10.0.0.100 <<**
lcd /data/files
put filename.txt
**
#-------------------------------------------------------

Best wishes,

Ganesh.

OldSchool · ‎07-08-2009

Previously, I said: "If that's the case, it might be as simple as set up the 19th id, set-up / exchange keys, provide to private key to each of the 18 original users..."

of course, that (and probably all the previous posts) are speculation, as the actual problem is ill-defined.

Robert - I know *you know* what it is you want to accomplish, but you are going to have to be more verbose about what it is you actually want to do...

In the word's of Strother Martin: What we have here is a failure to communicate

Steven E. Protter · ‎07-08-2009

Shalom,

I would use a totally different approach.

http://www.hpux.ws/?p=10

I would set it up password free, generate public keys for each of the 18 users, and place that public key as authorized_keys on the .ssh directory of this special user.

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

rmueller58 · ‎07-09-2009

I agree with Steven about defining a trust

Are the users logging in from 18 different locations? or just ONE other Unix box?

I've set up a trust between a couple of my boxes with one particular user, by doing the key exchange so I can use SCP rather then SFTP.

Is this a process users will be doing or you will define a cron mechanism to disseminate files to them?

I think maybe a little clarification about the intent of the process might help in a conceptual process.

I prefer using scp -b sourcefilename remoteuser@remoteserver:/home/remoteuser/destfilename

rmueller58 · ‎07-09-2009

Sorry hit the wrong key..

My idea would be to define the 1:18 to push the file, rather then have users come and get it. That way they can't come back and say "I can't get in, I am having problems" thing about the social engineering aspects a bit.

Is the "filename" going to be constant or variable?

I would check for the exist of the file to transfer 1st.

cd sourcefolder

for filename in `ls`
do
if [ -f "$filename" ]
then

DEFINE SCP process HERE:
for user in `cat USERFILE`
do
scp -b $filename $user@remoteserver:/home/$user/
done
else
exit
fi

make a list of the users in a column file

USERFILE
user1
user2
user3
...
user18

Robert Legatie · ‎07-09-2009

Sorry for the delay in response and thanks for all the responses. I cannot use ssh keys...so that option is off the table. I will call an expect script from the shell script to pass on the ID and password information. I hope this clears a few things. I do have the script for one user...i am trying to adapt it to fit 18 users. Awaiting for new responses.

Thanks in advance.

James R. Ferguson · ‎07-10-2009

Hi (again) Robert:

> I cannot use ssh keys...so that option is off the table.

Why is that? Secure Shell is a product that should be installed when a server is first installed. SFTP/SCP using public keys is simple to setup.

> I do have the script for one user...i am trying to adapt it to fit 18 users.

If each user runs the script under their unique login name, then either ${LOGNAME} or $(whoami) provides that name. The script could simply use that if it needs it.

Regards!

...JRF...

Fredrik.eriksson · ‎07-13-2009

There aren't many ways that are more insecure then passing the password via a shell script (or expect script).

It's in clear text... Public keys are alot better for this particular thing. And I believe it's not a problem to just /bin/false (in /etc/passwd) the login shell and still be able to use sftp (should atleast work anyway) or scp.

It's just my 2 cents, and as JRF and some others said... still don't really get what you actually want to do.

I figured out so far that you wan't 18 users to be able to move files throu SFTP to a server which they all login with only a specific user?

Best regards
Fredrik Eriksson

Robert Legatie · ‎07-13-2009

I am closing it as it is too difficult to put all the environment constraints in here. Thanks to all those who replied.

James R. Ferguson · ‎07-13-2009

Hi Robert:

> I am closing it as it is too difficult to put all the environment constraints in here.

That's a shame...

> Thanks to all those who replied.

Please read:

http://forums13.itrc.hp.com/service/forums/helptips.do?#28

...it is a way of saying "thanks" and assigning value (of which there must be some, proportional to the quality of your question) to the answers you received...

...JRF...

OldSchool · ‎07-13-2009

"I am closing it as it is too difficult to put all the environment constraints in here."

that's too bad. if you'd been able willing to describe accurately what the intended goal was, you'd have probably gotten several useful replies.

unfortunately, not being able to do so may also mean that the actual problem to be solved is "ill-defined". if so, trying to develop a solution may still be daunting

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: SFTP for multiple users

SFTP for multiple users