How to run the sftp command with a password from Bash script?

后端 未结 9 593
礼貌的吻别
礼貌的吻别 2020-11-22 11:55

I need to transfer a log file to a remote host using sftp from a Linux host. I have been provided credentials for the same from my operations group. However, since I don\'t

相关标签:
9条回答
  • 2020-11-22 12:25

    Bash program to wait for sftp to ask for a password then send it along:

    #!/bin/bash
    expect -c "
    spawn sftp username@your_host
    expect \"Password\"
    send \"your_password_here\r\"
    interact "
    

    You may need to install expect, change the wording of 'Password' to lowercase 'p' to match what your prompt receives. The problems here is that it exposes your password in plain text in the file as well as in the command history. Which nearly defeats the purpose of having a password in the first place.

    0 讨论(0)
  • 2020-11-22 12:29

    Combine sshpass with a locked-down credentials file and, in practice, it's as secure as anything - if you've got root on the box to read the credentials file, all bets are off anyway.

    0 讨论(0)
  • 2020-11-22 12:30

    I was recently asked to switch over from ftp to sftp, in order to secure the file transmission between servers. We are using Tectia SSH package, which has an option --password to pass the password on the command line.

    example : sftp --password="password" "userid"@"servername"

    Batch example :

    (
      echo "
      ascii
      cd pub
      lcd dir_name
      put filename
      close
      quit
        "
    ) | sftp --password="password" "userid"@"servername"
    

    I thought I should share this information, since I was looking at various websites, before running the help command (sftp -h), and was i surprised to see the password option.

    0 讨论(0)
  • 2020-11-22 12:32

    You can override by enabling Password less authentication. But you should install keys (pub, priv) before going for that.

    Execute the following commands at local server.

    Local $> ssh-keygen -t rsa 
    

    Press ENTER for all options prompted. No values need to be typed.

    Local $> cd .ssh
    Local $> scp .ssh/id_rsa.pub user@targetmachine:
    Prompts for pwd$>  ENTERPASSWORD
    

    Connect to remote server using the following command

    Local $> ssh user@targetmachine
    Prompts for pwd$> ENTERPASSWORD
    

    Execute the following commands at remote server

    Remote $> mkdir .ssh
    Remote $> chmod 700 .ssh
    Remote $> cat id_rsa.pub >> .ssh/authorized_keys
    Remote $> chmod 600 .ssh/authorized_keys
    Remote $> exit
    

    Execute the following command at local server to test password-less authentication. It should be connected without password.

    $> ssh user@targetmachine
    
    0 讨论(0)
  • 2020-11-22 12:33

    EXPECT is a great program to use.

    On Ubuntu install it with:

    sudo apt-get install expect
    

    On a CentOS Machine install it with:

    yum install expect
    

    Lets say you want to make a connection to a sftp server and then upload a local file from your local machine to the remote sftp server

    #!/usr/bin/expect
    
    spawn sftp username@hostname.com
    expect "password:"
    send "yourpasswordhere\n"
    expect "sftp>"
    send "cd logdirectory\n"
    expect "sftp>"
    send "put /var/log/file.log\n"
    expect "sftp>"
    send "exit\n"
    interact
    

    This opens a sftp connection with your password to the server.

    Then it goes to the directory where you want to upload your file, in this case "logdirectory"

    This uploads a log file from the local directory found at /var/log/ with the files name being file.log to the "logdirectory" on the remote server

    0 讨论(0)
  • 2020-11-22 12:34

    You have a few options other than using public key authentication:

    1. Use keychain
    2. Use sshpass (less secured but probably that meets your requirement)
    3. Use expect (least secured and more coding needed)

    If you decide to give sshpass a chance here is a working script snippet to do so:

    export SSHPASS=your-password-here
    sshpass -e sftp -oBatchMode=no -b - sftp-user@remote-host << !
       cd incoming
       put your-log-file.log
       bye
    !
    
    0 讨论(0)
提交回复
热议问题