HPE Community
Operating System - HP-UX
1834394 Members
1626 Online
110066 Solutions
New Discussion

SFTP using expect script (02)

 
SOLVED
Go to solution
Dewa Negara_4
Regular Advisor

‎09-15-2004 03:27 PM

‎09-15-2004 03:27 PM

SFTP using expect script (02)

Hi ALl,

Sorry I post this again since I still can not find the answer.

I am running SFTP using expect script below as my company has not decided yet using public/private keys :

#!/usr/local/bin/expect
spawn sftp -b batchFile @
expect "password:"
send "\n";
interact

Is there any way how to prevent from hard-coded password in the script? Can we hidden the password? I just want to mitigate the security risk for the script.

Pls help. High score will be given.

Thanks and Best Regards,
Negara
Santos
0 Kudos
Reply
5 REPLIES 5
Marcel Boogert_1
Trusted Contributor

‎09-15-2004 06:40 PM

‎09-15-2004 06:40 PM

Re: SFTP using expect script (02)

Hi Negara,

Are you using this from cron or interactive?
What if you vi a script wich sets the password to a variable like: MYPW=12ab34cd. Give this script root:sys rights and r-x------

Then execute this script before the sftp session, and afterwards set the password again to some dummy pwd. You can also put the script file to some place where ordinary users cannot get.

Regards, MB.
Reply
Eric Antunes
Honored Contributor

‎09-15-2004 08:36 PM

‎09-15-2004 08:36 PM

Solution

Re: SFTP using expect script (02)

Hi Dewa,

Check Michael Tully's reply in this thread:

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=350086

Regards,

Eric Antunes
Each and every day is a good day to learn.
Reply
Dewa Negara_4
Regular Advisor

‎09-15-2004 09:27 PM

‎09-15-2004 09:27 PM

Re: SFTP using expect script (02)

Hi Eric,

Thanks alot for your help.

It looks fine for me now. I can avoid the hard-coded password from the script and put it into a hidden file. Even it is not 100% secure, but it is much better than hard-code the password in the script.

Thanks alot.

Best Regards,
Negara
Santos
0 Kudos
Reply
Iris_10
New Member

‎11-04-2004 03:05 PM

‎11-04-2004 03:05 PM

Re: SFTP using expect script (02)

Hi Dewa,
It seems that you got the answer. Could you give me the sample. Our company also need to use sftp without public/private keys. I have the situation the same as yours. Many thanks for your help !!
:)
0 Kudos
Reply
Dewa Negara_4
Regular Advisor

‎11-04-2004 08:28 PM

‎11-04-2004 08:28 PM

Re: SFTP using expect script (02)

Hi Iris,

I use the script below. It looks fine so far. Hope this help.

Thanks.
Dewa

#!/usr/local/bin/expect

# Initialisation
set authFile "/home/myuser/transfer/.password"

# Check the authorisation file exists
if {![file exists $authFile]} { ;# Does file exist
send_user "$authFile does not exist; aborting\n"
exit 1
}
set fileFD [open $authFile r] ;# Open the auth file
gets $fileFD authLine ;# Read in 1 line to authLine
close $fileFD

# Transfer file(s)
spawn sftp -b batchFile user01@hostname
expect "password:"
send "$authLine\n";
interact
Santos
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.