SFTP password through shell script.

l_gshankar24 · May 26, 2013, 11:38pm

Hi All,

I would be happy, if someone help me on this that I have only SFTP ID and Password to transfer some log files from webserver boxes to SFTP server

Anyone help me that how to pass the password parameter throough the shell scripts, since i don't have ssh login access on the SFTP Server.. only option to pass the password through my script.

Looking some quick response.Thanks in advance

spacebar · May 27, 2013, 1:35am

This is a example 'expect' script that should perform what you want(i.e get file from remote host):

#!/usr/bin/expect --
# Script: sftp_file_from.tcl
# Description: Utility to SFTP a file from(i.e. get) a host(i.e. source)
# usage: sftp_file_to.tcl source_host user pass source_directory local_directory file_name_to_ftp


# Set named parameters
set source_host              [lindex $argv 0]
set sftp_user                [lindex $argv 1]
set sftp_pass                [lindex $argv 2]
set source_directory         [lindex $argv 3]
set local_directory          [lindex $argv 4]
set file_name                [lindex $argv 5]
set sftp_prompt "sftp>?"
set timeout 300

#exp_internal 1;

# Procedure to connect to SFTP server
proc connect { sftp_pass } {
  variable sftp_prompt
  variable source_host
  expect -re "Are you sure you want to continue.*" { exp_send "YES\r"; exp_continue } \
         -re "(Password|password).*:.*"            { exp_send "$sftp_pass\r"; exp_continue } \
         -re $sftp_prompt                          { return 0 } \
         eof                                       { puts "***Error connecting to($source_host)."; return 1 }
         timeout                                   { puts "***Error connecting to($source_host)."; return 1 }
  }

# Procedure to send meesage denoting error, then quit SFTP, then exit with status denoting error.
proc abort { msg } {
  puts "$msg";
  exp_send "quit\r";
  exit 1;
  }

# Connect to the SFTP server
spawn sftp $sftp_user@$source_host
set connect_results [connect $sftp_pass]

# If successful connection, continue, else exit denoting error occured.
if { $connect_results == 0 } {
  # Change to source directory on source server.
  exp_send "cd $source_directory\r"
    expect "No such file or directory" { abort "\n**Error changing to directory($source_directory) on source server." } \
           -re $sftp_prompt            {} \
           timeout { abort "\n**Error changing to directory($source_directory) on source server." }

  # Change local directory.
  exp_send "lcd $local_directory\r"
    expect "No such file or directory" { abort "\n**Error changing to directory($local_directory) on local host." } \
           -re $sftp_prompt            {} \
           timeout { abort "\n**Error changing to directory($local_directory) on local host." }

  # Get file from source host
  set timeout 1800
  exp_send "get $file_name\r"
    expect "not found."                { abort "\n***Error transfering file($file_name) FROM: $source_host)." } \
           -re $sftp_prompt            {} \
           timeout { abort "\n***Error transfering file($file_name) FROM: $source_host)." }

  # QUIT!!
  exp_send "quit\r"
  # Successful SFTP session so exit with zero status
  exit 0
}
# Error connecting to SFTP server so exit with non-zero status
exit 1

rbatte1 · May 28, 2013, 5:37am

Could you generate a key pair with ssh-keygen, retrieve the .ssh/authorized keys from the target server, add your public key to the file and then put that back to the server? That might give you a password-less sign on, but of course, it depends if the server locks your account to a directory from which you cannot get to the .ssh directory. The directory might not exist, so you could probably create it, but you will need to make sure the permissions are rwx --- ---

If you already have a key pair generated, consider connecting as normal with SFTP and:-

sftp> get .ssh/authorized_keys server_keys
:
:
sftp> !cat server_keys .ssh/id_rsa.pub > new_server_keys
sftp> put new_server_keys .ssh/authorized_keys
:
:
sftp> quit
$ sftp remote-server

Of course, this assumes that the remote server put it's authentication files in ~/.ssh and that you can get to it, but it might be worth a try.

Look in ~/.ssh to see if you already have key generated, but to generate a key-pair / pair of certificates, just run ssh-keygen and follow the prompts.

I hope that this helps. It is not tested and perhaps it's just the hacker in me with a twisted mind, but this might get you going and ease the SFTP to becoming:-

sftp -b sftp.cmds server

... where sftp.cmds is a plain file containing the cd, get, put or whatever commands to execute when connected.

Robin
Liverpool/Blackburn
UK