Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: SFTP with Password
Top Forums Shell Programming and Scripting SFTP with Password Post 302645967 by Corona688 on Thursday 24th of May 2012 10:28:39 AM
Old 05-24-2012
ssh/sftp/scp/sudo/su/et al are all designed to stop you from injecting stored plaintext passwords. This is a subtle hint, written in mile-high flashing neon letters, that it's a really bad idea -- it's almost impossible to keep retrievably-stored passwords safe. "interactive password authentication" means "password typed by a human being in realtime authentication" and nothing else is supposed to do.

To this end, they read from the terminal, which your program doesn't control and not from standard input, which you can redirect. To even try to forcefeed it, you'll need to install a third-party brute-forcing utility like expect and write a big ugly script in it. It won't happen natively like keys do.

That's why they made the much safer key-based authentication, to remove the need and temptation to inject passwords.
This User Gave Thanks to Corona688 For This Post:
joeyg
 

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

SFTP password automation

I am working on a script to automate and SFTP that I am currently doing to a company that does not allow for a .ssh profile to be created. I have search and read about the -b option and am wondering if i can get some more information about it. I tried to right a file containing the password... (3 Replies)
Discussion started by: jaycheetwood
3 Replies

2. Red Hat

sftp/scp without password

Hi, I want to use sftp/scp without password.How can I do that ?? I plan to use script with scp/sftp and execute by cronjob ,any sample or example?? How can I test the scp/sftp working or not in the same user account , in the same red linux server?? any suggestion ??? (5 Replies)
Discussion started by: chuikingman
5 Replies

3. Shell Programming and Scripting

SFTP using user id and password

Hi, I am using below syntax - sftp -b passwordfile userid@ipaddress passwordfile is a file, in which I have just kept a password of userid. But by this, an error is coming like - Permission denied (publickey,password,keyboard-interactive). Please suggest me on this..as I dont... (6 Replies)
Discussion started by: Monalisa
6 Replies

4. Shell Programming and Scripting

password - SFTP

Hi team, I know if we need to transfer the files between between 2 servser, we use SFTP through key setup between 2 server. currently There are some problems and we are not able to setup keys between servers. How can i use password with SFTP for temporary solutions, so that the file... (6 Replies)
Discussion started by: Amit.Sagpariya
6 Replies

5. Shell Programming and Scripting

sftp is asking password

Hi i have generate public private key pair using command ssh-keygen -t rsa -b 2048 and then it made the two keys under the directory ~/.ssh ( in server 1) one is public key and another one is private .. i copied public one key onto my second server under the directory ... (22 Replies)
Discussion started by: aishsimplesweet
22 Replies

6. Shell Programming and Scripting

sftp password problem

Hello, trying to download data by the ksh via sftp (password protected). I am looking for the exact syntax. (I know there are 1000 of threads but I have not found anything how to add the password). ftp.XYZ.com User:ABC Passwrd:123 I tried several stuff like: sftp -b... (2 Replies)
Discussion started by: jurgen
2 Replies

7. Shell Programming and Scripting

SFTP / SCP using password

Hi, I was provided with sftp servername, user and password and the requirement is to connect to sftp server using credentials provided and drop the file. Manually i am able to connect with commands like sftp user@servername and after clicking enter, i was asked for a password and entering... (4 Replies)
Discussion started by: forums123456
4 Replies

8. Shell Programming and Scripting

SFTP prompting for password even though password is in script

Hi All, I am trying to transfer a file from one server to a remote server using SFTP. Client is not ready for key setup. I am working on Solaris 10. Here is the code. #!/bin/ksh # sample automatic Sftp script to dump a file USER="user1" PASSWORD="pass1" HOST="host1" sftp $USER@$HOST... (6 Replies)
Discussion started by: megha2525
6 Replies

9. UNIX for Dummies Questions & Answers

SFTP without prompting password

Dear unix experts, i have a requirement as below. i need to use SFTP as FTP. ftp -n -v << ENDFTP open test_ftp.server user ftp_user_name ftp_password quit ENDFTP if i use this in a shell script, it's not asking for password. But i want the similar thing achived using... (5 Replies)
Discussion started by: AraR87
5 Replies

10. Shell Programming and Scripting

Sftp with password

I have been tasked with scripting a sftp transfer from my clients sftp server to a vendor. I have been given a user name and password. This is an older OEL server, 5.2. I am not able to install any packages on this system. It does not have expect, ssh-pass, or any other ssh password helper... (6 Replies)
Discussion started by: mtrgoose
6 Replies

LEARN ABOUT SUSE

scp

SCP(1)							    BSD General Commands Manual 						    SCP(1)

NAME

     scp -- secure copy (remote file copy program)

SYNOPSIS

     scp [-1246BCpqrv] [-c cipher] [-F ssh_config] [-i identity_file] [-l limit] [-o ssh_option] [-P port] [-S program] [[user@]host1:]file1 ...
	 [[user@]host2:]file2

DESCRIPTION

     scp copies files between hosts on a network.  It uses ssh(1) for data transfer, and uses the same authentication and provides the same secu-
     rity as ssh(1).  Unlike rcp(1), scp will ask for passwords or passphrases if they are needed for authentication.

     File names may contain a user and host specification to indicate that the file is to be copied to/from that host.	Local file names can be
     made explicit using absolute or relative pathnames to avoid scp treating file names containing ':' as host specifiers.  Copies between two
     remote hosts are also permitted.

     The options are as follows:

     -1      Forces scp to use protocol 1.

     -2      Forces scp to use protocol 2.

     -4      Forces scp to use IPv4 addresses only.

     -6      Forces scp to use IPv6 addresses only.

     -B      Selects batch mode (prevents asking for passwords or passphrases).

     -C      Compression enable.  Passes the -C flag to ssh(1) to enable compression.

     -c cipher
	     Selects the cipher to use for encrypting the data transfer.  This option is directly passed to ssh(1).

     -F ssh_config
	     Specifies an alternative per-user configuration file for ssh.  This option is directly passed to ssh(1).

     -i identity_file
	     Selects the file from which the identity (private key) for public key authentication is read.  This option is directly passed to
	     ssh(1).

     -l limit
	     Limits the used bandwidth, specified in Kbit/s.

     -o ssh_option
	     Can be used to pass options to ssh in the format used in ssh_config(5).  This is useful for specifying options for which there is no
	     separate scp command-line flag.  For full details of the options listed below, and their possible values, see ssh_config(5).

		   AddressFamily
		   BatchMode
		   BindAddress
		   ChallengeResponseAuthentication
		   CheckHostIP
		   Cipher
		   Ciphers
		   Compression
		   CompressionLevel
		   ConnectionAttempts
		   ConnectTimeout
		   ControlMaster
		   ControlPath
		   GlobalKnownHostsFile
		   GSSAPIAuthentication
		   GSSAPIDelegateCredentials
		   HashKnownHosts
		   Host
		   HostbasedAuthentication
		   HostKeyAlgorithms
		   HostKeyAlias
		   HostName
		   IdentityFile
		   IdentitiesOnly
		   KbdInteractiveDevices
		   LogLevel
		   MACs
		   NoHostAuthenticationForLocalhost
		   NumberOfPasswordPrompts
		   PasswordAuthentication
		   PKCS11Provider
		   Port
		   PreferredAuthentications
		   Protocol
		   ProxyCommand
		   PubkeyAuthentication
		   RekeyLimit
		   RhostsRSAAuthentication
		   RSAAuthentication
		   SendEnv
		   ServerAliveInterval
		   ServerAliveCountMax
		   StrictHostKeyChecking
		   TCPKeepAlive
		   UsePrivilegedPort
		   User
		   UserKnownHostsFile
		   VerifyHostKeyDNS

     -P port
	     Specifies the port to connect to on the remote host.  Note that this option is written with a capital 'P', because -p is already
	     reserved for preserving the times and modes of the file in rcp(1).

     -p      Preserves modification times, access times, and modes from the original file.

     -q      Quiet mode: disables the progress meter as well as warning and diagnostic messages from ssh(1).

     -r      Recursively copy entire directories.  Note that scp follows symbolic links encountered in the tree traversal.

     -S program
	     Name of program to use for the encrypted connection.  The program must understand ssh(1) options.

     -v      Verbose mode.  Causes scp and ssh(1) to print debugging messages about their progress.  This is helpful in debugging connection,
	     authentication, and configuration problems.

     The scp utility exits 0 on success, and >0 if an error occurs.

SEE ALSO

     rcp(1), sftp(1), ssh(1), ssh-add(1), ssh-agent(1), ssh-keygen(1), ssh_config(5), sshd(8)

HISTORY

     scp is based on the rcp(1) program in BSD source code from the Regents of the University of California.

AUTHORS

     Timo Rinne <tri@iki.fi>
     Tatu Ylonen <ylo@cs.hut.fi>

BSD
								 February 8, 2010							       BSD
All times are GMT -4. The time now is 06:32 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy