Operating System - HP-UX
1839200 Members
2726 Online
110137 Solutions
New Discussion

Re: SFTP using expect script (02)

 
SOLVED
Go to solution
Dewa Negara_4
Regular Advisor

SFTP using expect script (02)

Hi ALl,

Sorry I post this again since I still can not find the answer.

I am running SFTP using expect script below as my company has not decided yet using public/private keys :

#!/usr/local/bin/expect
spawn sftp -b batchFile @
expect "password:"
send "\n";
interact

Is there any way how to prevent from hard-coded password in the script? Can we hidden the password? I just want to mitigate the security risk for the script.

Pls help. High score will be given.

Thanks and Best Regards,
Negara
Santos
5 REPLIES 5
Marcel Boogert_1
Trusted Contributor

Re: SFTP using expect script (02)

Hi Negara,

Are you using this from cron or interactive?
What if you vi a script wich sets the password to a variable like: MYPW=12ab34cd. Give this script root:sys rights and r-x------

Then execute this script before the sftp session, and afterwards set the password again to some dummy pwd. You can also put the script file to some place where ordinary users cannot get.

Regards, MB.
Eric Antunes
Honored Contributor
Solution

Re: SFTP using expect script (02)

Hi Dewa,

Check Michael Tully's reply in this thread:

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=350086

Regards,

Eric Antunes
Each and every day is a good day to learn.
Dewa Negara_4
Regular Advisor

Re: SFTP using expect script (02)

Hi Eric,

Thanks alot for your help.

It looks fine for me now. I can avoid the hard-coded password from the script and put it into a hidden file. Even it is not 100% secure, but it is much better than hard-code the password in the script.

Thanks alot.

Best Regards,
Negara
Santos
Iris_10
New Member

Re: SFTP using expect script (02)

Hi Dewa,
It seems that you got the answer. Could you give me the sample. Our company also need to use sftp without public/private keys. I have the situation the same as yours. Many thanks for your help !!
:)
Dewa Negara_4
Regular Advisor

Re: SFTP using expect script (02)

Hi Iris,

I use the script below. It looks fine so far. Hope this help.

Thanks.
Dewa

#!/usr/local/bin/expect

# Initialisation
set authFile "/home/myuser/transfer/.password"

# Check the authorisation file exists
if {![file exists $authFile]} { ;# Does file exist
send_user "$authFile does not exist; aborting\n"
exit 1
}
set fileFD [open $authFile r] ;# Open the auth file
gets $fileFD authLine ;# Read in 1 line to authLine
close $fileFD

# Transfer file(s)
spawn sftp -b batchFile user01@hostname
expect "password:"
send "$authLine\n";
interact
Santos