by Computer Perso » Wed, 03 Dec 2003 04:47:21
I want to use sftp in a cron job (shell script) so obvously I do not want to
have to interactively enter a password. I have seen solutions such as using
expect (nah) and setting up rsa keys and the like..
Anyone know what the best method of doing this is (in their opinion)? And if
so, do you know where I can find step by step instructions of how to carry
this out :) rtfm is not what I am looking for as a response..
Thanks!
by Dr. David Kirk » Wed, 03 Dec 2003 12:39:47
> I want to use sftp in a cron job (shell script) so obvously I do not want to
> have to interactively enter a password. I have seen solutions such as using
> expect (nah) and setting up rsa keys and the like..
> Anyone know what the best method of doing this is (in their opinion)? And if
> so, do you know where I can find step by step instructions of how to carry
> this out :) rtfm is not what I am looking for as a response..
> Thanks!
Here's an example of me copying the file 'ww' from host 'sparrow' to
host 'webserver2' and putting it in /tmp.
webserver2: HP-UX 11 system.
ww 100% |*****************************| 375
00:00
When you run ssh-keygen on 'sparrow' to create public and private
keys, you need to enter nothing for a passphase. Then append the
public key (id_dsa.pub or similar) from host 'sparrow' to the file
$HOME/.ssh/authorized_keys on the host 'webserver2'
(if $HOME/.ssh/authorized_keys does not exist, just copy the public
key. You can have multiple public keys all in the one 'authorized_key'
file).
This is secure but it does rely on nobody being able to get the
private part of the key.
If a passphrase was entered when entering using ssh-keygen, then the
private part of the key would not be sufficient to allow the file
copy, as the passphrase would need to be entered too. Obviously that
is impossible if you want to do it non-interactively, so you must have
a null passphrase.
Dr. David Kirkby
by Dr. David Kirk » Wed, 03 Dec 2003 13:08:59
> I want to use sftp in a cron job (shell script) so obvously I do not want to
> have to interactively enter a password. I have seen solutions such as using
> expect (nah) and setting up rsa keys and the like..
> Anyone know what the best method of doing this is (in their opinion)? And if
> so, do you know where I can find step by step instructions of how to carry
> this out :) rtfm is not what I am looking for as a response..
> Thanks!
This public-key/private-key takes a bit of getting one's head around,
but once you do, it is fairly simple. The file id_dsa.pub I used is
the default name for the public key of the type 'dsa', which you
generate with
ssh-keygen -t dsa
(this takes a while, then enter RETURN for the passphrase).
If you use the ssh from www.ssh.com, rather than openssh, then there
are differences in the file names, which adds to the confusion. There
are other issues too, so its best to stick to openssh, on which Sun's
ssh in Solaris 9 is based.
I hope that is a bit more a reply than 'rtfm', but releasitically you
do need to read the documentation.
BTW, There is a newsgroup devoted specifically to ssh.
Dr. David Kirkby.
by Proud Gay Male Anthony Mandi » Wed, 03 Dec 2003 13:08:23
> I want to use sftp in a cron job (shell script) so obvously I do not want to
> have to interactively enter a password. I have seen solutions such as using
> expect (nah) and setting up rsa keys and the like..
> Anyone know what the best method of doing this is (in their opinion)? And if
> so, do you know where I can find step by step instructions of how to carry
> this out :) rtfm is not what I am looking for as a response..
Lazy Canadian.
1. Non-interactive Authentication for SFTP from Shell?
Hi, all:
I don't know much about OpenSSH. Please kindly help on the following
questions:
Does anybody know whether sftp (OpenSSH 2.9) can do non-interactive
authentication or not? I need to run some automatic sftp to transfer
files between two servers. If current version sftp didn't allow
non-interactive authentication, I could not do it automatically.
For "ftp", it is like:
ftp -n host
user username passwd
...
But there are is not a clear non-interactive usage descriptions in the
OpenSSH manuals, and sftp doesn't seem to have similar "-n" option as
ftp does.
Furthermore, if I can't use sftp to do automatic file transfer, can I
use scp to do it? At this time, I just doubt it.
From what I understood the manuals, I have tried this:
sftp -b batch_file host
The question is sftp can only execute what is written in the
batch_file AFTER it successfully authenticates the password -- that
is, before sftp ever tries to read your batch_file, it will always
prompt you to enter your password.
Actually, I have also tried this:
sftp -oBatchMode=yes host
But I don't know which file (and to which line and in what format) to
put my password in -- OpenSSH has quite a few config files.
Of course when you use "ftp -v host" you will read the verbose
messages that sftp will ask for several different types of
authentications. The password authentication seems to be the one that
is NOT well done at this time -- Or maybe I don't have much knowledge
on it.
A review of sftp manual says:
--------------------
sftp is an interactive file transfer program, similar to ftp(1), which
performs all operations over an encrypted ssh(1) transport. It may
also use many features of ssh, such as public key authentication and
compres-sion. sftp connects and logs into the specified host, then
enters an interactive command mode.
The second usage format will retrieve files automatically if a
non-interactive authentication method is used; otherwise it will do so
after successful interactive authentication.
The last usage format allows the sftp client to start in a remote
directory.
...
--------------------
However for this second usage from the listed options, you may find
that you almost can not do your password authentication
automatically.
Maybe it depends on how to configure the ssh_config and some other
config files? -- There is NOT a clear clue for which file and which
line in the file that sftp may look for the password.
I doubt if anybody had the same trouble? Any hints?
Thanks.
3. non-interactive ftp sessions
5. How-to: Non-interactive 'ftp' session ...
6. FAQ?
7. Non interactive ftp session. How?
8. settting DISPLAY is .bash_profile ??
9. csh : PATH not set in SOME non-interactive sessions
10. telnet session from shell script (non-interactive)
11. How to? Non-interactive 'ftp' session
12. Install interactive package non-interactive during Jumpstart
13. interactive/non-interactive?