HPE Community
Operating System - HP-UX
1843969 Members
2293 Online
110226 Solutions
New Discussion

Re: SFTP script

 
SOLVED
Go to solution
Dewa Negara_4
Regular Advisor

‎09-06-2004 08:38 PM

‎09-06-2004 08:38 PM

SFTP script

Hi All,

Pls help. I am running the following script to transfer file using sftp. Everytime the script running, it's always prompting a password. It looks like the script ignores stdin.

Is there anyway to prevent from prompting a password wihthout generate public/private keys.

Pls help. High score will be given.

Thanks an Best Regards,
Negara

Santos
0 Kudos
Reply
8 REPLIES 8
Dewa Negara_4
Regular Advisor

‎09-06-2004 08:39 PM

‎09-06-2004 08:39 PM

Re: SFTP script

So sorry forgot to attach the script.

sftp ap1030@sihp8024 <<-EOF

get test_file
bye
EOF


Thanks.
Santos
0 Kudos
Reply
Muthukumar_5
Honored Contributor

‎09-06-2004 09:02 PM

‎09-06-2004 09:02 PM

Re: SFTP script

Dewa,

Did you make the setup of interactive sftp or not. We can not include the passwd of sftp in the command line without setting the ssh* on interactive setup.

openssh 3.9 version is supporing rhosts with out any key after compromising the security and some setup issues there.

Best way on this is to use RhostsRSAauthentication method for sftp.

You are going to create one host key and put that key in the remote hosts known_hosts file with hostname.

If you want to come out from sftp then use ftp easily as,

ftp -i hostname -n <<-EOF 2>/dev/null
open username passwd
ls
bye
EOF

Without making interactive setup for s* commands we can not expect your requirement completion.

And Refer this to setup s* commands not to look passwd with RhostsRASauthenticaiton as,

http://www.akadia.com/services/ssh_scp_without_password.html


Easy to suggest when don't know about the problem!
Reply
Michael Selvesteen_2
Trusted Contributor

‎09-06-2004 09:11 PM

‎09-06-2004 09:11 PM

Solution

Re: SFTP script

If you are not concerned about periling your password, expect script can easily do the job.

Try the following,

The following script will spawn sftp in batch mode. The password prompt will be taken care by the expect.

#!/usr/local/bin/expect

spawn sftp -b batchFile ap1030@sihp8024
expect "password:"
send "\n";
interact

your batchFile may contain

get test_file
bye

A one step level of security can be encrypting your expect script using gnupg so that your password will be concealed

http://www.gnupg.org/


For more information on expect scripts


http://expect.nist.gov/

A example of automating sftp using expect can be seen at the following link

http://linux-bsd-central.com/index.php/content/view/26/29/

All the best
Reply
Dewa Negara_4
Regular Advisor

‎09-06-2004 10:09 PM

‎09-06-2004 10:09 PM

Re: SFTP script

Hi Muthu,

I have tried already, but it didn't work. Is it because my version is 3.7?

[root@sihp8012:/home/ap1030/aldo]
# ssh -V
OpenSSH_3.7.1p2, SSH protocols 1.5/2.0, OpenSSL 0.9.7c 30 Sep 2003

Hi Michael,
Thanks alot for your help. The script is running well. I am considering to use the script, but I will try to find out how to encrypt expect script. Do you have the example how to do that, since I still can not find the link that you sent me.

Thanks alot.
Santos
0 Kudos
Reply
Michael Selvesteen_2
Trusted Contributor

‎09-06-2004 11:45 PM

‎09-06-2004 11:45 PM

Re: SFTP script

Hi Dewa,

Nice to hear that your problem got solved.

Regarding gnupg, It is an opensouce encryption tool based on PGP ( Pretty Good Privacy ). It is a public-key encryption application.

You can get the source from http://www.gnupg.org

Here it is in action:

$ gpg -e my_secret_file.txt

Once this is done a file called 'my_secret_file.txt.gpg' is created in your current directory. Any attempts to view the contents of this file will prove futile unless you encrypted it using your own Public Key.

To decrypt it you simply use the -d switch followed by the encrypted file.

$ gpg -d secret_file.txt.gpg

Since you have your private key contained within your secret key ring GnuPG can determine whom 'secret_file.txt.gpg' was intended for and will decrypt it after you provide your passphrase.

For more information refer the following link

http://www.technocage.com/~caskey/gnupg/pgp2gnupg.html

Hope this helps.
Reply
Seth Parker
Trusted Contributor

‎09-07-2004 01:04 PM

‎09-07-2004 01:04 PM

Re: SFTP script

I'm curious. If you're going to go to the trouble of using GPG and having to maintain a keyring, why not just use public key authentication in SFTP? If the remote host supports SSH2 you can do the following:

Use "ssh-keygen -t dsa" to generate the files $HOME/.ssh/id_dsa and $HOME/.ssh/id_dsa.pub. Don't give it a passphrase (the script looks like it's going to be run unattended).

Append the contents of id_dsa.pub to $HOME/.ssh/authorized_keys on the remote host.

This will allow you to log on to ssh, scp and scp using public key authentication when you either specify the identity file (id_dsa), or when that file is in the current user's configured $HOME directory.

Your script could change to:

sftp ap1030@sihp8024 <<-EOF
get test_file
bye
EOF

or the equivalent:

sftp ap1030@sihp8024:test_file

I'd love to hear comments on this!

Regards,
Seth
Reply
Steven E. Protter
Exalted Contributor

‎09-07-2004 02:14 PM

‎09-07-2004 02:14 PM

Re: SFTP script

If you exchange public keys between the servers, you can do it with scp and will not have to hard code a password into a script.

I'm attaching instructions. They refer to X, you can do it with careful cat commands. Pay attention to directory permissions.

Word doc.
Its in this thead. I can't find a copy here right now.
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=144612

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Dewa Negara_4
Regular Advisor

‎09-07-2004 05:10 PM

‎09-07-2004 05:10 PM

Re: SFTP script

Hi Michael,

Thanks alot. I tried to install GPG on my test server using configure, make, make install and make clean respectively. But when I tried to run gpg, I got the error as below :

[root@sihp8012:/tmp]
# gpg -e sftp
gpg: failed to create temporary file `/root/.gnupg/.#lk4000d3c0.sihp8012.9344': No such file or directory
gpg: keyblock resource `/root/.gnupg/secring.gpg': general error
gpg: failed to create temporary file `/root/.gnupg/.#lk4000d3c0.sihp8012.9344': No such file or directory
gpg: keyblock resource `/root/.gnupg/pubring.gpg': general error
You did not specify a user ID. (you may use "-r")

Enter the user ID. End with an empty line: 123456CA
No such user ID.

Enter the user ID. End with an empty line: ap1030
No such user ID.

Enter the user ID. End with an empty line:
gpg: no valid addressees
gpg: sftp: encryption failed: no such user id

[root@sihp8012:/tmp]
# gpg sftp
gpg: failed to create temporary file `/root/.gnupg/.#lk4000d3c0.sihp8012.9345': No such file or directory
gpg: keyblock resource `/root/.gnupg/secring.gpg': general error
gpg: failed to create temporary file `/root/.gnupg/.#lk4000d3c0.sihp8012.9345': No such file or directory
gpg: keyblock resource `/root/.gnupg/pubring.gpg': general error
gpg: no valid OpenPGP data found.
gpg: processing message failed: eof

Any idea what is wrong?

Hi Seth,
Thanks alot for your great contribution. The main reason why we are not considering public/private keys is that the policy for the keys have not been established yet. So this just for temporary solution before using public/private keys.

Hi Steven,
Thanks alot for answer.

Santos
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.