Tuesday, May 21, 2013

SFTP with password from script

The first question I have is if you have access to SFTP client and server? If you do then do not use password, instead use public key authentication.

Then now back to real world. You need to connect to an external SFTP server, the owner does not want to provide public key authentication. A second scenario is a client who wants to connect to your SFTP and they do not want to use certificates either. These two scenarios are driven by bad decisions but those are decisions that are not for you to take nor to fight. You make it clear in a polite email "Please be advise that using passwords is less secure than using public key authentication since it is more vulnerable to brute force attacks". I do not want to engage into the eternal discussion about where to keep the password or the key, so let us move on.

You could use expect and bash to resolve this issue. Remoto-IT uses expect for example to command remote servers. It works perfectly and definitely you could use the same way expect to interact with SFTP.

But there is a great program called lftp which is available in most Unix/Linux distros and if not you can always compile from sources. Here is an example of how to install it and use it in ubuntu:
# Ubuntu installation
$ sudo apt-get install lftp
# Save the list directory command to a file
$ echo dir > commands.sftp
# Run all commands from a file
$ cat commands.sftp | lftp -u myUser,myPassword sftp://sftp.sample.com
#Run a command directly from #linuxoneliner
$ echo dir | lftp -u -u myUser,myPassword sftp://sftp.sample.com

No comments: