Hi
we need to implement SFTP through unix shell scripts. I have seen many posts, in which there is discussion about non-interactive,automated SFTP.
Can anyone please send me the sample code for SFTP shell script. We are using SFTP to transfer the files from the host server to the target server.
There are plenty of possibilities, you can create quite large matrix with options, let us know more about your specs : OS, users ( got root ?), language, uploads, downloads. Actually, if you have clear requirements and little bit more patience to search in the forum, you will find many different solutions.
We are looking to run an SFTP Shell Script, from a server A(Database Server), to be able to transfer files from a server B(Application) to the Destination Server C.
Basically we need to SFTP a file from one server to another, with the script running on a third server.
Any assistance with this would be great.Sample codes would be of great help.
Thanks
Madhu
All servers are UNIX based.
I see, well, in my opinion TCL/expect based code will be a good choice. Sample code :
#!/usr/bin/expect
set timeout -1
spawn sftp -oPort=22 $user@$host
expect *assword:
send "$pass\r"
expect sftp>
send "put file1 newFileName\r"
expect sftp>
send "exit\r"
expect eof
The above will connect to a host, and will transfer a file via SFTP. Modify per your needs. Note - you can also use autoexpect, which will record your actions and will generate the script.
I am attempting to do the same with a script. The Sun Sparc9 Server I maintain does not have the expect command located on the hard drive. Is there another command that works the same?
This is a govt. Server, so downloading files to it is not an option.
wsiefkas,
You can use ssh's pki (keys) to facilitate interaction from a shell script. Simply look at the man pages for : ssh-add, ssh, ssh-agent, ssh-keygen, sshd, etc.. for details. This does
add to administrative overhead (key-management and key maintenance) in a way that an expect based solution avoids.
This would be okay if as sysadmin I was able to log in as root. If it isn't already on the system I can't add or delete files to the core. DOL computers do not give the sysadmin root capabilities. I need to find something that exists besides 'expect' or 'spawn'
What we have appears to be a really stripped down version of ssh. We have ssh capabilities but none of the modifying commands. The core files are locked down pretty tight. I may have to get ahold of DOL again and see if they can add these files for me.
They remote in to do any of the updates. I did a file search and a man on ssh and keygen. Neither are an option in the man pages, so the way this server is set up, if man can't see it and I can find it with a search, I don't have a file path to point to active and run a command. Its a secure server, used for Dept. of Labor functions for unemployment. therefore the reason for keeping a tight lid on files and capabilities. Seems I have my work cut out for me.
Thanks for trying!
Yep. I worked for the DOC and before audit we settled on the CIS L1 standard.
It sounds like you guys went way past that.
I feel your pain but admins that have root create huge problems in a naively secure environment.
Say I su root. The local syslog daemon sends a message to the central logserver (which I have no privileges on) that I have assumed root. Voila..I am accountable. After that any message from that host is not reliable...even that I've logged out. That's the gotcha.
If the level of insecurity is such that admins are allowed root or application equivalence then anything they do is a potential systems compromise.
It's about trust..and all security, large and small, is eventually about trust.