I've seen this asked before on some other forums but never properly/fully answered.
My problem involves the automation of an SFTP script sending from F-Secure (ssh2) HP-UX, to Windows FTP server (ssh2) running VShell. We've set up SSH keys but while they do authenticate when I connect it drops immediately saying that "user has no roots specifed". Strangely this error does not occur when authenticating using the password.
However, this is not my problem. Assuming that SSH keys can not be used (wether there is a solution or not), is there any way to include the password as an argument in an SFTP script ?
I've attempted to include the password in a batchfile (running sftp -B), without success.
sftp -B /dev/stdin remoteuser@remotehost <<-EOF
password
put $FILE
quit
EOF
SCP will also not work because (I think) the remote username has a backslash in it e.g. abcd\b0bbins . The error returned here says "invalid username abcd\b0bbins" and drops connection.
Is there any solution without instaling 'expect' or similar
The only time you'd ever have needed to use the password is when you initially establish your SFTP connection manually with the other host. After and using key-based authentication; you'd use something like ...
sftp -v -o IdentityFile=${IdentityFile} \
-b ${SFTP_BATCH_FILE} \
${USRID}@${IP_OR_DNS}:${REMOTE_DIR} 2>&1 | tee -a ${SFTPLOG}
Incidently, using the -B was in error, -B specifies the buffer size. Lower-case -b is used when you have a batch-file.
Helps to keep -v included, it raises the loggin level and helps when trying to determine why things don't go as expected.
You'll never be able to perform what you are trying to do autonomously without key-based authentication. It's not that hard to setup, just requires a bit of reading and small amount of trial and error. Tip - Don't try establishing on LIVE or Production servers until you have a grasp of what you need to do. I hate seeing things go pear-shaped in Production.
(In F-secure sftp -B specifies batch mode while -b specifies buffer size. Also -D n is used to switch on debug. F-Secure SSH uses the standard -v for verbose mode)
I'm pretty comfortable with SSH keys for Unix. However we connect from Unix to a Windows server that drops us on to a share drive - While SSH authenticates, it drops immediately (This does not happen when dropping locally on to the Windows machine with a different user). Not being experienced in SSH for windows - I wondered if there was a way around this using the password in a script. This is now by-the-by as we've implemented other methods (Sterling Commerce's Connect:Direct)
I now have a further problem with SFTP (where keys are working). Again from Unix to Windows I do;
sftp remoteuser@remotehost
sftp> put testfile
./testfile (dest) : permission denied
There shouldn't be any error with permissions as when connecting via FTP to the same host as the same user I can write a file fine.
Anyone got any ideas ? I'm seriously considering training a carrier pigeon to deliver these files !
This may well be very off track but I have always had problems ftping *to* windows.
Are you able to ftp *from* windows to Unix and then pulling the files? I have always had much better success going this way.
Apologies if this is simply not an option for you - it is just an idea.
Have you checked the error log files on both ends to see if you can find out what the problem might be? Also I would avoid the passwd in a file/script for security reasons. Even if its a jailed generic user with limited permissions its still not a good practice.
I would verify both ends have the SSH services configured correctly and that I don't have any errors in my log files while the service is running or while connecting/transferring files.
I would then check the Windows user account that I am using with the login name and verify the permissions are right. I would also check the event viewer for errors tied to that user account.
I would then get your keys working on both ends. See if you can use keys to authenticate to the UNIX host from Windows.
I would setup a scheduled task on the Windows host to sftp using key-authentication to the UNIX host and put the files before I would go the passwd in a file route.
SSH keys are working fine in both directions. It's just the put command that I can't get to work (unix to windows).
One solution may be to invoke a 'get' script on the NT box - However they'd have to poll our unix directory constantly (due to the nature of the project) and that would involve a lot of SSH traffic on our unix box.
The strange thing is that I can write files via FTP, and in SFTP i can also mkdir's on the remote NT box (just can't write/copy/put a file)
Somebody here has suggested it may a problem "emulating the home directory and permissions on the window OS", and that the easiest way to resolve would be to place the remote user in the administartors group.
This is something I have to look in to.
You should find out from your colleague what tweaking he did (likely a permissions issue) just incase you ever have or want to avoid the same issue again in the future.
