09-24-2009
Issues with automating SFTP
Hi
We are trying to set up a non-interactive sftp to one of our clients to be able to transfer files to them. For the setup I logged into server1 as user1 and generated RSA public and private keys id_rsa and id_rsa.pub. Then I did an sftp to server2 as user2 and put the id_rsa.pub in the .ssh folder as authorized_keys. Then when I try to do an sftp from server1 (logged in as user1) to server2 as user2 I get prompted for the password.
These are the sshd_config parameters on server2:
IgnoreRhosts yes
RhostsAuthentication no
RhostsRSAAuthentication no
RSAAuthentication yes
PubkeyAuthentication yes
One interesting this that I have noticed is that when I connect via. sftp to server2 as user2 for the first time I get the message:
The authenticity of host '<server2>' can't be established.
DSA key fingerprint is <some numbers>
Are you sure you want to continue connecting (yes/no)?
and the known_hosts file is created with a key starting with ssh-dss. When I am creating an RSA key pair why is my server creating a DSA key fingerprint? Is that right/expected behaviour?
I did a -vvv on the sftp to server2 to try to detect what my problem was and noticed that the RSA key is not being detected.This is the version of SSH on the server
server1:user1:> ssh -V
Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090704f
Part of the logging that I captured. I can send you the complete one if you need it:
server1:user1:> sftp -vvv user2@server2
Connecting to server2...
Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090704f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to server2 port 22.
debug1: Connection established.
debug3: Not a RSA1 key file /abcd/./files/mgr/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: no key found
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: no key found
debug1: identity file /abcd/./files/mgr/.ssh/id_rsa type 1
debug1: identity file /abcd/./files/mgr/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version ReflectionForSecureIT_6.1.0.16
debug1: no match: ReflectionForSecureIT_6.1.0.16
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-Sun_SSH_1.1
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc
debug2: kex_parse_kexinit: aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: i-default
debug2: kex_parse_kexinit: i-default
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
I have spent a lot of time on this without any success. I don't know if I am missing something very obvious here. Any response would be appreciated.
10 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
I have to write an automated sftp script which uses password authentication method to access the remote server. I want to pass the password as a parameter or to be included in the script itself, so that when i run the sftp script, it should not prompt me to enter the password.
Thanks in advance... (1 Reply)
Discussion started by: Rajeshsu
1 Replies
2. Shell Programming and Scripting
Hello all,
I've written an automated SFTP script to work with the Expect command. It recently occurred to me however, that if the client side box does not have the known host entry for the server, it will not work correctly. So I have added an expect for the known host prompt, and that part... (2 Replies)
Discussion started by: sysera
2 Replies
3. Linux
Hello,
I'm new to linux/unix and presently at my work i have wrote a script that goes out from a unix host connects to a transfer proxy using sftp (username & password) with internal IP address as scp is disabled on the server..
Now my problem is that when i try and get a bigger file sftp will... (1 Reply)
Discussion started by: est
1 Replies
4. Shell Programming and Scripting
Hi everyone,
i'm having a little trouble wih my first shell script ever.
So the point of that script is to:
-Archive Zip files in a directory
-Remove txt files from that directory
-connect through sftp and a rsa key to a remote server
-download a couple of files
-unzip downloaded files
... (0 Replies)
Discussion started by: Peanutz
0 Replies
5. Shell Programming and Scripting
Hi Guys,
I am working on a shell script, which gets log files from a windows machine.
Problem:
1. My server doesn't support FTP, so i am using SFTP
2. I am not able to automate sftp using public key generation technique, because i need to access many windows machines using this script. ... (0 Replies)
Discussion started by: rajhydprag
0 Replies
6. Shell Programming and Scripting
Hi All,
To transfer the files, from one server to another through SFTP, i am using below code in my script.
cur_dt=$1
echo "cd /inbox/" >> SFTP.txt # folder of traget server
echo "mput /opt/myfile/inbox/*_${cur_dt}_*.* " >> SFTP.txt # to get files from /opt/myfile for given date and... (1 Reply)
Discussion started by: Amit.Sagpariya
1 Replies
7. UNIX for Dummies Questions & Answers
Hi Newbie here
I am having problems with automating sFTP transfers.
Just to save time - SCP is not an option as sFTP is stipulated by controllers of far end server.
Ineed to automate sFTP transfer of a single file, once a day to a remote server to which i have no control over.
I am using:... (6 Replies)
Discussion started by: robbien
6 Replies
8. Shell Programming and Scripting
Hi,
I have situation where i need to automate transferring 10000+ files using sftp.
while read line
do
if ; then
echo "-mput /home/student/Desktop/folder/$line/* /cygdrive/e/folder/$line/">>sftpCommand.txt
fi
done< files.txt
sftp -b sftpCommand.txt stu@192.168.2.1
The above... (1 Reply)
Discussion started by: noobrobot
1 Replies
9. Shell Programming and Scripting
Hi All,
I am currently looking at automating the steps that I follow to download log files from putty to desktop.
I connect to a client's machine through citrix desktop. I am required to download quite a number of application logs to identfiy the issues in production.
Steps that is being... (3 Replies)
Discussion started by: krackjack84
3 Replies
10. Red Hat
Hello,
I have a weird issue, I have RHEL 5.7 running with openssh5.2 where sftpgroup OS group is chroot. I see the difference difference in timestamp on files, when I login via ssh and SFTP, I see four hour difference, is something missing in my configuration.
#pwd... (8 Replies)
Discussion started by: bobby320
8 Replies
LEARN ABOUT SUSE
ssh-keyconverter
SSH-KEYCONVER(1) BSD General Commands Manual SSH-KEYCONVER(1)
NAME
ssh-keyconvert -- convert ssh v1 keys and authorization files
SYNOPSIS
ssh-keyconvert [-k] [-o output_file] identity_file ...
ssh-keyconvert [-a] [-o output_file] authorization_file ...
DESCRIPTION
ssh-keyconvert converts RSA public and private keys used for public key based user authentication with protocol version 1 to the format used
with protocol version 2.
When using RSA user authentication with SSH protocol version 1, the client uses the private key from $HOME/.ssh/identity to provide its iden-
tity to the server. The server grants or denies access based on whether the public part of this key is listed in $HOME/.ssh/authorized_keys.
SSH protocol version 2 supports both DSA and RSA keys, but the way RSA keys are stored are differently. On the client, the default file name
is .ssh/id_rsa rather than .ssh/identity, and the file's format is different as well. On the server, the public porting of the key can still
be stored in .ssh/authorized_keys, but the key notation has changed as well. Therefore, when switching from protocol version 1 to version 2,
you either have to create a new identity key using ssh-keygen(1) and add that key to the server's authorized_keys file, or you need to con-
vert your keys using ssh-keyconvert.
By default, ssh-keyconvert will try to guess the type of file that is to be converted. If it fails to guess correctly, you can tell if what
type of conversion to perform by specifying the -k option to convert the private key, or the -a option to convert an authorisation file.
When converting your private keys stored in .ssh/identity, ssh-keyconvert will read the private key, prompting you for the pass phrase if the
key is protected by a pass phrase. If the -o option is given, it will write the private key to the specified file, using version 2 syntax. If
the key was protected by a pass phrase, it will use the same pass phrase to protect the new file. It will also write the public portion of
the key to a second file, using the specified file name with ``.pub'' appended. If the -o option was not given, private and public key will
be written to id_rsa and id_rsa.pub, respectively, relative to the directory of the input key file.
If the destination file already exists, ssh-keyconvert will prompt the user for confirmation before overwriting the file, unless the -f
option is given.
When converting your authorized_keys file, ssh-keyconvert will ignore any keys in SSH version 2 format. Any public keys in version 1 format
will be converted and appended to the output file using the new syntax. If the -o option is given, keys are appended to the specified file.
If it is not given, ssh-keyconvert will append all keys to the input file.
Note that ssh-keyconvert does not check for duplicate keys, so if you run it on .ssh/authorized_keys more several times, the converted keys
will show up several times.
OPTIONS
-k Convert private key file(s). The default is to guess the type of file that should be converted.
-a Convert authorized_keys file(s). The default is to guess the type of file that should be converted.
-o outfile
Specify the name of the output file. When converting an authorization file, all public keys will be appended to this file. For pri-
vate key conversion, the private and public components of the key will be stored in outfile and outfile.pub, respectively. Note that
since every key must be stored in a separate file, you cannot use this option when you specify several input files.
-f When converting a key file, and the output file already exists, ssh-keyconvert will ask the user whether to overwrite the file. Using
this option forces overwriting.
AUTHORS
OpenSSH is a derivative of the original and free ssh 1.2.12 release by Tatu Ylonen. Aaron Campbell, Bob Beck, Markus Friedl, Niels Provos,
Theo de Raadt and Dug Song removed many bugs, re-added newer features and created OpenSSH. ssh-keyconvert was contributed by Olaf Kirch.
SEE ALSO
ssh(1), ssh-add(1), ssh-agent(1), sshd(8)
J. Galbraith and R. Thayer, SECSH Public Key File Format, draft-ietf-secsh-publickeyfile-01.txt, March 2001, work in progress material.
BSD
February 2, 2002 BSD