Re: SFTP Batch without key

From: Per Hedeland (per_at_hedeland.org)
Date: 05/29/04

  • Next message: Per Hedeland: "Re: set umask for sftp connection"
    Date: Fri, 28 May 2004 23:30:06 +0000 (UTC)
    
    

    In article <40b23823$0$1776$39db0f71@news.song.fi> Ville Mattila
    <ville@mattila.fi> writes:
    >
    >I'm looking for a solution to the problem of logging in and transferring
    >files automatically over SFTP. Well, the problem is that I should do the
    >transfer job as a cronjob, but the server where they files will be
    >transferred to, doesn't support auth keys (that would have done the case
    >easy).
    >
    >I've been looking for a solution of reading the password from a
    >sepearated file (with proper modes of course) or other similar way, but
    >without results at the moment.
    >
    >Any ideas?

    You didn't say, but in case you're using OpenSSH on *nix (might work
    with some others too), I can tell you about a pretty gross hack that I
    just did. The OpenSSH ssh program (which is used by both scp and sftp to
    make the actual connection) pretty much insists on having a tty to read
    the password from - except in one case: If it thinks it's running in an
    X session.

    In that case, if it doesn't find a tty, it will fire up (e.g.)
    ssh-askpass, which throws an X dialogue that you can type your password
    into, and then simply prints it on stdout, where ssh reads it. The nice
    thing is that you can specify the actual program via the SSH_ASKPASS
    environment variable.

    I.e. in your case, you could simply have a script that gets the password
    from wherever and prints it on stdout, specify that via SSH_ASKPASS, set
    environment DISPLAY (to anything at all) to make the illusion complete,
    and you're done. The security implications of a script/program that
    prints a password on stdout when run should be obvious, but if you're
    prepared to have the password in cleartext in a file there isn't much
    actual loss in security by having something print it.

    (My hack wasn't that bad from a security point of view - to retrieve the
    password, my askpass program actually connects to a TCP port where it is
    provided by the program that fired up sftp/scp in the first place. That
    program normally gets the password from an actual user, but for certain
    reasons it is impractical for it to have the ssh program interact
    directly with the user via a tty.)

    Besides that, the source is available, and it's pretty easy to modify it
    to not have the tty requirement but just read the password from stdin.
    That may not work with sftp/scp though, since they probably grab ssh's
    stdin for their own purposes.

    --Per Hedeland
    per@hedeland.org


  • Next message: Per Hedeland: "Re: set umask for sftp connection"

    Relevant Pages

    • Re: FTP/SSL from OpenVMS (client) to Unix Filezilla (server) failure
      ... Years back I tried to use SFTP on VMS. ... now I read that it is transferring in binary mode, ... SFTP originally did not have an ASCII mode. ...
      (comp.os.vms)
    • Re: Is there a graphic SFTP for Ubuntu
      ... transferring many files at once. ... a file in-place inside the server folder - it would not let me save ... Editing a file in-place on a server mounted via gnome-vfs is something ... You won't be able to do that using an SFTP client neither (I ...
      (Ubuntu)
    • Re: sftp transfer with Nautilus slow
      ... and I've never been able to figure out an explanation. ... Nautilus only works half as fast as using command line sftp client or ... I've noticed this both when transferring files from a distant server ... over internet or a server the next room over on Fast Ethernet Lan. ...
      (Ubuntu)
    • Re: sftp transfer with Nautilus slow
      ... and I've never been able to figure out an explanation. ... somone explain to me why transferring a file over sftp protocal with ... Nautilus only works half as fast as using command line sftp client or ... What's disappointing here is the Gnome bug was reported 2008-03-17, ...
      (Ubuntu)
    • Re: Reading from media remotelly
      ... On Fri, 22 Aug 2003 09:52:22 GMT, Logan Shaw ... >security is nice, it's just too slow for transferring ... Since I was quoting out of my head I forgot to say to use the "-c ...
      (comp.unix.solaris)