SFTP & Passphrase('s)

Cameron · May 26, 2008, 10:03am

Hi all,

I generally use the something along the lines of the following when I need to perform SFTP's ...

  sftp -v -o IdentityFile=${IdentityFile} \
       -b ${SFTP_BATCH_FILE} \
       ${USRID}@${IP_OR_DNS}:${REMOTE_DIR} 2>&1 | tee -a ${SFTPLOG}

Now currently we are not using any passphrase against our key-pair when generated. However, if I am forced down that path because of security requirements; can I still automate the SFTP transfers without user interaction??

I'm running HPUX-11.23, but have not been able to identify and option/parameter that I could use to facilitate the passphrase.

Any assistance really appreciated.

Cheers,
Cameron

sysgate · May 27, 2008, 3:34am

Especially for HP-UX's version of SFTP I'm not sure there is a command line option, consider using expect with passing the password from a script (though it's but insecure to store password in plain file), search the forum for SSH expect scripts.

Cameron · May 27, 2008, 4:01am

Thanks for responding sysgate.
It's something that I'm hoping will not become a reality, but some 'people' here have mentioned that it might with providing a clear reason why. Our current setup (example above) has been working without issue for sometime. Not sure if they're trying to take a lend of me - but they're the supposed security experts and if it turns out that I've wasted time and resources my boss has promised to take strips of them

Not played with expect before & thanks for the keyword.

Cheers,
Cameron

ortsvorsteher · May 27, 2008, 4:49am

Hello Cameron,

we have running a hp-ux box and there is one user which uses passphrase authentification. Try to make a .ssh2 directory in users home on the target box. Store there the id_dsa.pub, may you have to use ssh from ssh.com, and put a file .ssh2/authorization
In the authorization file, you put in which key to use.

root@hp-ux: / # cat authorization
Key id_dsa.pub

I hope this solves your question.

Regards,

Frank

Cameron · May 27, 2008, 8:51am

Hi Frank,

Thanks too for your reply.
I should qualify some of what I've mentioned earlier.
Any existing ssh/sftp configurations are to remain as is.
All new ssh/sftp configurations are "apparently" to use the additional passphrase security.
And this will initially be for a Windows setup running WinSSHD with Virtual Accounts established.
Which I've only just set up & have a number of accounts working presently.

I'll reread up on the ssh pages to see what is mentioned regarding dsa keys and their use.

Again, many thanks Frank for the mention.

Cheers,
Cameron