SFTP in a shell script without public/private key

Alexis_Duarte · December 17, 2009, 1:29pm

Hi everybody,

I need some help on writing a script that is able to remote copy file to one server. I already created this types of scripts, and works ok as long as this server I want to copy from is access through telnet. Here is how I do it:

ftp -n xxx.xxx.xxx.xxx << _EOF_
user user_name password
cd $directory_path
ascii
prompt off
get file_i_want_to_copy
_EOF_

So you see that the input << allows the user name and password to be prompt.

The problem is when I try to do the same with the other servers that can be accessed only through ssh protocol. I tried to do this:

sftp -b batfile username@host

where my batfile contains:

password
cd $directory_path
get file_i_want_to_copy
quit

But still when I run the script it prompts for the password, and (after i enter the password) it says that there is no such file in such path....

I already sniffed around the net, and I already comprehend that sftp is mainly interactive, that the best way is to do it in a script is through scp with using a public/private key. But my problem is:

With scp, instead of remote cp to the server where the script is runing, I have to write a script in the server I want to copy from
I really rather not create a public/private key as root, but the files are accessible as root.

But right now, I�m open to suggestions, and in case there is no way to do this withouth the creation of a key, can you guys show me how to create this keys, and how it works??
There is still a lot of thing to learn in unix...... a lot!

Thanks for your time and help.

---------- Post updated at 05:29 PM ---------- Previous update was at 03:26 PM ----------

Hey guys, a little help please?? Kind of desperate here...
Thanks a lot

zaxxon · December 17, 2009, 1:49pm

Why that? You can usually copy from anywhere in both directions with scp, as well as you can with rcp.

Allowed pub-key makes filteransfer much more relaxing.
In our internal environment we mostly use pubkey authentication to run our file transfers via scp.
Exchanging keys is usually more secure than having the username and password unencrypted in some file.

There are plenty of threads in the forum and also on the web how to setup passwordless pub key authentication. Use the forum's search engine maybe.

markdjones82 · December 17, 2009, 2:14pm

Agreed. You need to setup the key authentication for scripts to really work well.

jim_mcnamara · December 17, 2009, 2:26pm

The openSSH standard actually "forbids" reading a password from a file in an interactive shell script. If the script runs without a controlling terminal in the process tree, it will allow it.

markdjones82 · December 18, 2009, 10:02am

Zax one example you can't allow SCP is because of security standards. I have to use the SFTP-internal subsystem jailing and that doesn't allow any protocol but SFTP. You can still do Pubkey authentication with it though. THe scripting is a little more of a challenge though hah

Also Jim, how do you run a script with no controlling terminal? like ssh -t?

fpmurphy · December 18, 2009, 10:27am

Have a look at lftp. It supports scripting sftp sessions.

Alexis_Duarte · December 30, 2009, 8:12pm

Hi all.... sorry for this very long delay, but I went on a trip.

After acknowledging the anwser of Zaxxon, I realized that I could solve my particulary problem by writing two scripts on the two servers I wanted to copy from using ftp, since the issue was that I could not connect through ftp from server 1 (the server I needed to copy to), but it was possible to connect through ftp from the other servers (the ones I wanted to copy from).
Hope this is not confusing....

Anyway, by writing this two scripts, and using the put command, I worked out my problem in time so I could go on my vacations without a guilty conscience...

But ofcourse the ideia was to write just one script on the main server, so thats why I posted this question, but it seemes that ssh and sftp will not allow to work in scripts without promping the user and password, only the use of public/private keys...

Anyway, and once again, your help was preciouse and again sorry for so late replay from me.
Thank you all

P.S. By the way, in case I could not use ftp on either direction, and the use of public/private keys was not an option (case where the server are crucial and very sensible to errors one might do, and the perimission to mingle with the .ssh directory is not recommended) there is absolutly no way to write scripts capable of copying files from other servers??!! Just a question, since I found nothing satisfying on net....