sftp code required with out prompting for a password - unix

Working code for ftp is as follows
#!/bin/sh
HOST='host ip address'
USER='yourid'
PASSWD='yourpw'
FILE='output_file.csv'
ftp -n $HOST <<END
quote USER $USER
quote PASS $PASSWD
put $FILE
quit
END
exit 0
This is a working ftp code for file transfer. What modification have to be done in this code to make it a Working SFTP code?

If you are mentioning SFTP [Secure FTP]. then you would require to generate the sftp keys (or the ssh keys) and exchange with the remote target server. They needs to be placed in the .ssh folder on remote machine. This would ensure password-less connectivity between the 2 hosts.
Then just issue the command
$ sftp remoteUser#host
You would get logged into the remote machine. You need to amend the code accordingly as you won't need the password now.

Related

ssh command -T option

I'm wondering what the -T option in the following command does, cannot see this option in the manual somehow:
$ ssh -T git#gitlab.com
Welcome to GitLab, Simeon !
Could somebody explain?
I explained before what TTY was: a text terminal is needed when you open an interactive session to a remote server.
But: in the context of a remote Git repository hosting server (GitHub, Gitlab, BitBucket, ...), no remote server will ever allow you to open an interactive session (for security reason)
Then only reason why you would still do an ssh -T git#github.com would be to test if you are correctly authenticated, and the session would immediately end with:
Hi username! You've successfully authenticated,
but GitHub does not provide shell access.
Since no tty is needed for that test, you should use the -T option when making this test.

SSH AUTHENTIFACTION ISSUE

I am a newbie to embedded networking. I want to set arm board as a ssh server .From other boards(client boards connected in the network), I need to connect to this server board.
I have downloaded the openssh and cross compiled it for arm successfully.
I have used default sshd_config file and run sshd command in arm-board.
Command
"ssh-keygen -t rsa -f /usr/local/etc/ssh_host_rsa_key -N "" "
is used to genrate key.
My doubt is where can I set the username and password, so that I can login from a remote client using ssh command. I didn't find any document regarding this...?
Using ssh you are logging in as a normal system user. So you should add user using useradd command. You can change password using passwd command.

Unable to login to unix server using Plink in batch ifle

we are facing one issue with Plink while running the batch files, we are running batch files using autosys, the batch files are available in my windows client server and one of the batch file will call the plink to connect the unix server but we are facing the issue to connect the unix server, when I run the batch script using command prompt then the plink can be connected the unix server but it is not happening with autosys to run the batch scripts. below is the Plink command...
call %aScrDir%plink -l %hypSrvUser% -pw %hypSrvPwd% %essSvr% "sh /xxxxxxxxxxx"
when we see the error file which is generated by autosys there are some errors
"The server's host key is not cached in the registry. You
have no guarantee that the server is the computer you
think it is.
The server's rsa2 key fingerprint is:
ssh-rsa 2048 f9:5e:2a:4a:11:ed:40:91:80:3a:13:04:08:05:e7:ac
If you trust this host, enter "y" to add the key to
PuTTY's cache and carry on connecting.
If you want to carry on connecting just once, without
adding the key to the cache, enter "n".
If you do not trust this host, press Return to abandon the
connection.
Store key in cache? (y/n) Connection abandoned."
could you please give the suggestion to avoid this situations and where do we add the host key in the server.
appreciate your action on this.
Option 1 : If allowed, first start a manual connection to the server and confirm the SSH key
Option 2 : If you are running the last version, there is a -hostkey switch to indicate in command line the expected host key
Option 3 : Use something like
echo N | %aScrDir%plink -l %hypSrvUser% -pw %hypSrvPwd% %essSvr% "sh /xxxxxxxxxxx"
That is, pipe the n character to the plink command to answer no to the query to save the host key.
Try this it would be working fine.
cd to the plink.exe file directory
echo Y | .\plink.exe -pw xxyyxxyy root#host_ip 'ls -lah'

How to transfer a file using sftp in UNIX

I want to transfer a .png file from a directory on my computer to a directory on a remote server.
I have to use SFTP to secure the file and transfer mode. And I already have a UNIX script (.ksh) file to copy the files in the normal mode. How do I implement the transfer in SFTP mode?
Use sftp instead of whatever command you are using in your .ksh script. See sftp man for reference.
You may also want to look at scp secure copy - scp man.
EDIT
sftp is mostly for interactive operations, you need to specify host you want to connect to:
sftp example.com
you will be prompted for username and passsword, and the interactive session will begin..
Although it can be used in scripts, the scp is much more easy to use:
scp /path/to/localfile user#host:/path/to/dest
you will be prompted for password..
Edit 2
Both scp and sftp use ssh as underlying protocol, see this and this
The best way to setup them to run from scripts is to setup passwordless authentication using keys. See this and this. I use this extensively on my servers.. After you setup keys, you can run
scp -i private-key-file /path/to/local/file user#host:/path/to/remote
sftp -oIdentityFile=private-key-file -b batch-file user#host
If you want to authenticate with password, you may try the expect package. The simplest script may look like this:
#!/usr/bin/expect
spawn sftp -b batch-file user#host
expect "*?assword:*"
send "pasword\n"
interact
See this, this and this for more info.
Send commands through sftp on one line:
Make a file and save it as my_batch_file:
cd /root
get blah.txt
bye
Run this to execute your batch file:
eric#dev /home/el $ sftp root#10.30.25.15 < my_batch_file
Connecting to 10.30.25.15...
Password:
sftp> cd /root
sftp> get blah.txt
Fetching /root/blah.txt to blah.txt
sftp> bye
The file is transferred
That moved the blah.txt from remote computer to local computer.
If you don't want to specify a password, do this:
How to run the sftp command with a password from Bash script?
Or if you want to do it the hacky insecure way, use bash and expect:
#!/bin/bash
expect -c "
spawn sftp username#your_host
expect \"Password\"
send \"your_password_here\r\"
interact "
You may need to install expect, change the wording of 'Password' to lowercase 'p' to match what your prompt receives. The problems here is that it exposes your password in plain text in the file as well as in the command history. Which nearly defeats the purpose of having a password in the first place.

What's the syntax and prerequisite for --password-file option in rsync?

I want to store --password-file option that comes with rsync. I don't want to use ssh public_private key encryption. I have tried this command:
rsync -avz --progress --password-file=pass.txt source destination
This says:
The --password-file option may only be used when accessing an rsync daemon.
So, I tried using:
rsync -avz --progress --password-file=pass.txt source destination rsyncd --daemon
But this return various errors like unknown options. Is my sytanx correct? How do I setup rsync daemon in my Debian machine.
That is correct,
--password-file is only applicable when connecting to a rsync daemon.
You probably haven't set it in the daemon itself though, the password you set and the one you use during that call must match.
Edit /etc/rsyncd.secrets, and set the owner/group of that file to root:root with world reading permissions.
#/etc/rsyncd.secrets
root:YourSecretestPassword
To connect to a rsync daemon, use a double colon followed by the module name, and the file or folder to synchronize (instead of a colon when using SSH),
RSYNC_PASSWORD="YourSecretestPassword"; rsync -rtv user#remotehost::module/source/ destination/
NOTE:
this implies abdicating SSH encryption, though the password itself is not sent across the network in plain text, your data is ...
this is already insecure as is, never as the the same password as any of your users account.
For a better understanding of its inner workings (how to give specific IPs/processes the ability to upload to specified areas of the filesystem without the need for a user account): http://transamrit.net/docs/rsync/
After trying a while, I got this to work. Since Im copying from my live server (and routers data) to my local server in my laptop as backup user no problem with password been unencrypted, its secured wired on my laptop at home. First you need to install sshpass if Centos with yum install sshpass then create a user backup and assign a temp password. I listed the -p option in case your ssh port is different than default.
sshpass -p 'password' rsync -vaurP -e 'ssh -p 2222' backup#???.your.ip.???:/somedir/public_data/temp/ /your/localdata/temp
Understand SSH RSA is a better permanente alternative and all that, but this is a quick alternative to backup and restore on the go. It works if you are not too concern about security but more concern about your data been backup locally as in an emergency o data recovery. Your user backup password you can change it once the backup is completed. Its a lot faster to setup when your servers change IPs, users, and its in constant modifications (as routers change config and non static IPs, also when routers are not local and you are backing up clients servers locally, where you dont have always access to do SSH. Some of my clients dont even have SSH installed and they dont want to hassle with creating public keys. On some servers only where you have access on a temporary basis. By the way, if you want to do the restore, just reverse the case. Dont need change much, from the same command shell you can do it reversing the order of target and source directories, and creating another backup user with same temp password on the target. After finish, you delete the backup user or change its passwords on target and/or source servers. You can protect even further, as I have done, replacing the password for a one line file using a bash script for multi server environment. Alternative is to use the -f option so the password does not show in the bash history -f "/path/to/passwordfile" Regards
NOTE: If you want to update only modified files then you should use this parameters -h -v -r -P -t as described here https://unix.stackexchange.com/questions/67539/how-to-rsync-only-new-files
rsync -arv -e \
"sshpass -f '/your/pass.txt' ssh -o StrictHostKeyChecking=no" \
--progress /your/source id#IP:/your/destination
Maybe you have to install "sshpass" if you not.

Resources