How to transfer a file using sftp in UNIX - sftp

I want to transfer a .png file from a directory on my computer to a directory on a remote server.
I have to use SFTP to secure the file and transfer mode. And I already have a UNIX script (.ksh) file to copy the files in the normal mode. How do I implement the transfer in SFTP mode?

Use sftp instead of whatever command you are using in your .ksh script. See sftp man for reference.
You may also want to look at scp secure copy - scp man.
EDIT
sftp is mostly for interactive operations, you need to specify host you want to connect to:
sftp example.com
you will be prompted for username and passsword, and the interactive session will begin..
Although it can be used in scripts, the scp is much more easy to use:
scp /path/to/localfile user#host:/path/to/dest
you will be prompted for password..
Edit 2
Both scp and sftp use ssh as underlying protocol, see this and this
The best way to setup them to run from scripts is to setup passwordless authentication using keys. See this and this. I use this extensively on my servers.. After you setup keys, you can run
scp -i private-key-file /path/to/local/file user#host:/path/to/remote
sftp -oIdentityFile=private-key-file -b batch-file user#host
If you want to authenticate with password, you may try the expect package. The simplest script may look like this:
#!/usr/bin/expect
spawn sftp -b batch-file user#host
expect "*?assword:*"
send "pasword\n"
interact
See this, this and this for more info.

Send commands through sftp on one line:
Make a file and save it as my_batch_file:
cd /root
get blah.txt
bye
Run this to execute your batch file:
eric#dev /home/el $ sftp root#10.30.25.15 < my_batch_file
Connecting to 10.30.25.15...
Password:
sftp> cd /root
sftp> get blah.txt
Fetching /root/blah.txt to blah.txt
sftp> bye
The file is transferred
That moved the blah.txt from remote computer to local computer.
If you don't want to specify a password, do this:
How to run the sftp command with a password from Bash script?
Or if you want to do it the hacky insecure way, use bash and expect:
#!/bin/bash
expect -c "
spawn sftp username#your_host
expect \"Password\"
send \"your_password_here\r\"
interact "
You may need to install expect, change the wording of 'Password' to lowercase 'p' to match what your prompt receives. The problems here is that it exposes your password in plain text in the file as well as in the command history. Which nearly defeats the purpose of having a password in the first place.

Related

Unable to login to unix server using Plink in batch ifle

we are facing one issue with Plink while running the batch files, we are running batch files using autosys, the batch files are available in my windows client server and one of the batch file will call the plink to connect the unix server but we are facing the issue to connect the unix server, when I run the batch script using command prompt then the plink can be connected the unix server but it is not happening with autosys to run the batch scripts. below is the Plink command...
call %aScrDir%plink -l %hypSrvUser% -pw %hypSrvPwd% %essSvr% "sh /xxxxxxxxxxx"
when we see the error file which is generated by autosys there are some errors
"The server's host key is not cached in the registry. You
have no guarantee that the server is the computer you
think it is.
The server's rsa2 key fingerprint is:
ssh-rsa 2048 f9:5e:2a:4a:11:ed:40:91:80:3a:13:04:08:05:e7:ac
If you trust this host, enter "y" to add the key to
PuTTY's cache and carry on connecting.
If you want to carry on connecting just once, without
adding the key to the cache, enter "n".
If you do not trust this host, press Return to abandon the
connection.
Store key in cache? (y/n) Connection abandoned."
could you please give the suggestion to avoid this situations and where do we add the host key in the server.
appreciate your action on this.
Option 1 : If allowed, first start a manual connection to the server and confirm the SSH key
Option 2 : If you are running the last version, there is a -hostkey switch to indicate in command line the expected host key
Option 3 : Use something like
echo N | %aScrDir%plink -l %hypSrvUser% -pw %hypSrvPwd% %essSvr% "sh /xxxxxxxxxxx"
That is, pipe the n character to the plink command to answer no to the query to save the host key.
Try this it would be working fine.
cd to the plink.exe file directory
echo Y | .\plink.exe -pw xxyyxxyy root#host_ip 'ls -lah'

Automating sftp using IBM AIX(UNIX) shell script

I am trying to automate my SFTP command using a UNIX shell script but for some reason it doesn't work. Here is my code as below. Please share your thoughts/insights.
#This ftp script will copy all the files from source directory into the local directory.
#!/bin/sh
HOST='sftp.xyz.com'
USER='ABC'
PASSWORD='123'
SRC_DIR='From_Src'
TRGT_DIR='/work/'
FILE='abc.txt'
sftp -u ${USER},${PASSWORD} sftp://${HOST} <<EOF
cd $SRC_DIR
lcd $TRGT_DIR
get $FILE
bye
EOF
echo "DONE"
When I try executing the above code I get the below error.
sftp: illegal option -- u
usage: sftp [-1246Cpqrv] [-B buffer_size] [-b batchfile] [-c cipher]
[-D sftp_server_path] [-F ssh_config] [-i identity_file] [-l limit]
[-o ssh_option] [-P port] [-R num_requests] [-S program]
[-s subsystem | sftp_server] host
sftp [user#]host[:file ...]
sftp [user#]host[:dir[/]]
sftp -b batchfile [user#]host
There is no -u option for sftp, see the manual for available options. You can pass the username in this format:
sftp username#hostname
So in your case:
sftp sftp://${USER}#${HOST} <<EOF
This will prompt you the password though. If you don't want a password prompt, take a look at this topic: How to run the sftp command with a password from Bash script?
First, learn how to set up keys so that you can ssh, scp, and sftp to a server without a password. Look at ssh-keygen. It is fairly easy. I bet there are how tos on this site. In brief, generate your keys with ssh-keygen. They are created in ~/.ssh. Then add your public key to ~/.ssh/authorized_keys on the destination host where ~ is the home directory of the user you want to log in as. i.e. "ABC" in your example.
Now, you can just do "sftp ABC#sftp.xyz.com" and you will be at the sftp prompt on sftp.xyz.com. From there, getting your script to work should be easy.
My real suggestion is blow off sftp and use scp. e.g.
scp /path/to/the/source_file user#host:/remote/path/file
Its that simple. No "cd" and other gunk to deal with. You are making this way harder than it really is.
Good luck

What's the syntax and prerequisite for --password-file option in rsync?

I want to store --password-file option that comes with rsync. I don't want to use ssh public_private key encryption. I have tried this command:
rsync -avz --progress --password-file=pass.txt source destination
This says:
The --password-file option may only be used when accessing an rsync daemon.
So, I tried using:
rsync -avz --progress --password-file=pass.txt source destination rsyncd --daemon
But this return various errors like unknown options. Is my sytanx correct? How do I setup rsync daemon in my Debian machine.
That is correct,
--password-file is only applicable when connecting to a rsync daemon.
You probably haven't set it in the daemon itself though, the password you set and the one you use during that call must match.
Edit /etc/rsyncd.secrets, and set the owner/group of that file to root:root with world reading permissions.
#/etc/rsyncd.secrets
root:YourSecretestPassword
To connect to a rsync daemon, use a double colon followed by the module name, and the file or folder to synchronize (instead of a colon when using SSH),
RSYNC_PASSWORD="YourSecretestPassword"; rsync -rtv user#remotehost::module/source/ destination/
NOTE:
this implies abdicating SSH encryption, though the password itself is not sent across the network in plain text, your data is ...
this is already insecure as is, never as the the same password as any of your users account.
For a better understanding of its inner workings (how to give specific IPs/processes the ability to upload to specified areas of the filesystem without the need for a user account): http://transamrit.net/docs/rsync/
After trying a while, I got this to work. Since Im copying from my live server (and routers data) to my local server in my laptop as backup user no problem with password been unencrypted, its secured wired on my laptop at home. First you need to install sshpass if Centos with yum install sshpass then create a user backup and assign a temp password. I listed the -p option in case your ssh port is different than default.
sshpass -p 'password' rsync -vaurP -e 'ssh -p 2222' backup#???.your.ip.???:/somedir/public_data/temp/ /your/localdata/temp
Understand SSH RSA is a better permanente alternative and all that, but this is a quick alternative to backup and restore on the go. It works if you are not too concern about security but more concern about your data been backup locally as in an emergency o data recovery. Your user backup password you can change it once the backup is completed. Its a lot faster to setup when your servers change IPs, users, and its in constant modifications (as routers change config and non static IPs, also when routers are not local and you are backing up clients servers locally, where you dont have always access to do SSH. Some of my clients dont even have SSH installed and they dont want to hassle with creating public keys. On some servers only where you have access on a temporary basis. By the way, if you want to do the restore, just reverse the case. Dont need change much, from the same command shell you can do it reversing the order of target and source directories, and creating another backup user with same temp password on the target. After finish, you delete the backup user or change its passwords on target and/or source servers. You can protect even further, as I have done, replacing the password for a one line file using a bash script for multi server environment. Alternative is to use the -f option so the password does not show in the bash history -f "/path/to/passwordfile" Regards
NOTE: If you want to update only modified files then you should use this parameters -h -v -r -P -t as described here https://unix.stackexchange.com/questions/67539/how-to-rsync-only-new-files
rsync -arv -e \
"sshpass -f '/your/pass.txt' ssh -o StrictHostKeyChecking=no" \
--progress /your/source id#IP:/your/destination
Maybe you have to install "sshpass" if you not.

sftp code required with out prompting for a password

Working code for ftp is as follows
#!/bin/sh
HOST='host ip address'
USER='yourid'
PASSWD='yourpw'
FILE='output_file.csv'
ftp -n $HOST <<END
quote USER $USER
quote PASS $PASSWD
put $FILE
quit
END
exit 0
This is a working ftp code for file transfer. What modification have to be done in this code to make it a Working SFTP code?
If you are mentioning SFTP [Secure FTP]. then you would require to generate the sftp keys (or the ssh keys) and exchange with the remote target server. They needs to be placed in the .ssh folder on remote machine. This would ensure password-less connectivity between the 2 hosts.
Then just issue the command
$ sftp remoteUser#host
You would get logged into the remote machine. You need to amend the code accordingly as you won't need the password now.

How to change shell in unix

I'm new to unix. I need to copy file over ssh. This is what I do
me#localhost ~ $ ssh you#remotehost
Then I established ssh so I get
you#remotehost ~ $
I'd like to use scp to copy files from localhost to remotehost. Once I have ssh connection, how do I change to prompt back to me#localhost so that I can use the scp command? Is there a command for that?
Edit: The reason I need the ssh is because after I copied the file I have to execute it. Is there a way to remain in the ssh session and use scp to copy the file that I'm editing at localhost
You do not have to first create an SSH connection to use SCP. Simply use the scp command from your shell, and it will connect to the other server.
Most shells exit with exit. CtrlD may also work.
You can also:
scp /path/to/local-file you#remotehost:/remote/path
Try screen command.
You can use scp on either side. Here are two examples:
If you are on your local host:
scp myfile you#remotehost:
If you are on the remote host:
scp you#<localhost's hostname>:myfile .
Substitute your localhost's hostname for <localhost's hostname> in the second command. If you are behind a router, it will be easier to use the first one.
Both assume that myfile is in the home directory on localhost and is being sent to the home directory on remotehost.

Resources