Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Password in sftp NOT with key
Top Forums Shell Programming and Scripting Password in sftp NOT with key Post 302820867 by Corona688 on Thursday 13th of June 2013 02:49:57 PM
Old 06-13-2013
"interactive password authentication" means "password typed by a human being in realtime authentication", and no substitutes for humans are acceptable to it. It makes sure it reads from a terminal, not a file, not a pipe.

To force it to accept a stored plaintext password, you would have to install a third-party brute forcing utility like expect or the like, which creates virtual terminals to fool things into thinking they're interactive when they're not. It would make your scripts a great deal more complicated since you must lead it step by step.
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

How to add SFTP KEY to UAT SERVER?

Hi All, I have some SFTP Key. I would like to know how do I add them to UAT Server? Please help. Thanks (0 Replies)
Discussion started by: jingi1234
0 Replies

2. Shell Programming and Scripting

SFTP in Shell Script with RSA-KEY or password.

I am trying to SFTP to a couple sites. One has an RSA-KEY that was sent to me. Currently I am running that manually using WinSCP. I would like to set it up as a CRON process on our Linux host (Sun). Can I use the rsa-key they sent me in any directory or does it need to be placed in a specific... (2 Replies)
Discussion started by: alemat
2 Replies

3. UNIX for Advanced & Expert Users

Sftp Key Authentication Issue

Hello, We have an issue attempting to login from a Unix Solaris to an NT server using key authentication. I will attempt to provide you with as much of the relevant information regarding the way the system is set up, although I'm workingin solely on the Unix side, so don't have full access to... (3 Replies)
Discussion started by: SteveBurch
3 Replies

4. Shell Programming and Scripting

SFTP in a shell script without public/private key

Hi everybody, I need some help on writing a script that is able to remote copy file to one server. I already created this types of scripts, and works ok as long as this server I want to copy from is access through telnet. Here is how I do it: ftp -n xxx.xxx.xxx.xxx << _EOF_ user user_name... (6 Replies)
Discussion started by: Alexis Duarte
6 Replies

5. UNIX for Dummies Questions & Answers

SFTP Passing without DSA Key check

Hi, I am trying to connect through SFTP. Though the DSA 2048 public key is installed in the server machine, the connection is established only with password authentication! When i turn off password authentication in sshd_config file the connection is not working. Please advise, Best... (0 Replies)
Discussion started by: Maharajan
0 Replies

6. UNIX and Linux Applications

SFTP Passing without DSA Key check

Hi, I am trying to connect through SFTP. Though the DSA 2048 public key is installed in the server machine, the connection is established only with password authentication! When i turn off password authentication in sshd_config file the connection is not working. Please advise, Best... (0 Replies)
Discussion started by: Maharajan
0 Replies

7. Shell Programming and Scripting

Auto Script to Access external Server via SFTP using Password and Key

Hello All, I am stuck! I have access to an external server via SFTP. In order to access the external server I was given a specific port, password, and a ppk. I would to create a script on my server end that can I can setup as a corn job, that will connect to the external server and... (1 Reply)
Discussion started by: kingr008
1 Replies

8. HP-UX

To find where sftp public key is installed for user

Hi All, I am facing an issue wherein a new sft public key for a user is not working on our HP-UX m/c. So i have to check where the sftp public keys for some other sample users were installed earlier in the system i.e. under which folder. Can you please help me out on this. (2 Replies)
Discussion started by: ammbhhar
2 Replies

9. UNIX for Dummies Questions & Answers

SFTP syntax without specifying private key location (no password)

Hi all, I need to connect using SFTP from Red Hat to Windows. Connection between servers work when I specify location of my private key in the script. However, I want to use syntax without private key location specified. I know this should work, as I found it in older scripts. Scripts were... (0 Replies)
Discussion started by: yavvie
0 Replies

10. Shell Programming and Scripting

SFTP prompting for password even though password is in script

Hi All, I am trying to transfer a file from one server to a remote server using SFTP. Client is not ready for key setup. I am working on Solaris 10. Here is the code. #!/bin/ksh # sample automatic Sftp script to dump a file USER="user1" PASSWORD="pass1" HOST="host1" sftp $USER@$HOST... (6 Replies)
Discussion started by: megha2525
6 Replies

LEARN ABOUT DEBIAN

sshpass

SSHPASS(1)							Sshpass User Manual							SSHPASS(1)

NAME

       sshpass - noninteractive ssh password provider

SYNOPSIS

       sshpass [-ffilename|-dnum|-ppassword|-e] [options] command arguments

DESCRIPTION

       This manual page documents the sshpass command.

       sshpass	is  a  utility	designed for running ssh using the mode referred to as "keyboard-interactive" password authentication, but in non-
       interactive mode.

       ssh uses direct TTY access to make sure that the password is indeed issued by an interactive keyboard user. Sshpass runs ssh in a dedicated
       tty, fooling it into thinking it is getting the password from an interactive user.

       The command to run is specified after sshpass' own options. Typically it will be "ssh" with arguments, but it can just as well be any other
       command. The password prompt used by ssh is, however, currently hardcoded into sshpass.

Options
       If no option is given, sshpass reads the password from the standard input. The user may give at most one alternative source for	the  pass-
       word:

       -ppassword
	      The password is given on the command line. Please note the section titled "SECURITY CONSIDERATIONS".

       -ffilename
	      The password is the first line of the file filename.

       -dnumber
	      number is a file descriptor inherited by sshpass from the runner. The password is read from the open file descriptor.

       -e     The password is taken from the environment variable "SSHPASS".

SECURITY CONSIDERATIONS

       First and foremost, users of sshpass should realize that ssh's insistance on only getting the password interactively is not without reason.
       It is close to impossible to securely store the password, and users of sshpass should consider whether ssh's public key authentication pro-
       vides the same end-user experience, while involving less hassle and being more secure.

       The -p option should be considered the least secure of all of sshpass's options.  All system users can see the password in the command line
       with a simple "ps" command. Sshpass makes a minimal attempt to hide the password, but such attempts are doomed to  create  race	conditions
       without	actually  solving  the problem. Users of sshpass are encouraged to use one of the other password passing techniques, which are all
       more secure.

       In particular, people writing programs that are meant to communicate the password programatically are encouraged to use an  anonymous  pipe
       and pass the pipe's reading end to sshpass using the -d option.

RETURN VALUES

       As with any other program, sshpass returns 0 on success. In case of failure, the following return codes are used:

       1      Invalid command line argument

       2      Conflicting arguments given

       3      General runtime error

       4      Unrecognized response from ssh (parse error)

       5      Invalid/incorrect password

       6      Host public key is unknown. sshpass exits without confirming the new key.

       In  addition,  ssh  might be complaining about a man in the middle attack. This complaint does not go to the tty. In other words, even with
       sshpass, the error message from ssh is printed to standard error. In such a case ssh's return code is reported back. This is  typically	an
       unimaginative (and non-informative) "255" for all error cases.

EXAMPLES

       Run rsync over SSH using password authentication, passing the password on the command line:

       rsync --rsh='sshpass -p 12345 ssh -l test' host.example.com:path .

       To do the same from a bourne shell script in a marginally less exposed way:

       SSHPASS=12345 rsync --rsh='sshpass -e ssh -l test' host.example.com:path .

BUGS

       Sshpass	is in its infancy at the moment. As such, bugs are highly possible. In particular, if the password is read from stdin (no password
       option at all), it is possible that some of the input aimed to be passed to ssh will be read by sshpass and lost.

       Sshpass utilizes the pty(7) interface to control the TTY for ssh. This interface, at least on Linux, has a misfeature  where  if  no  slave
       file  descriptors  are open, the master pty returns EIO. This is the normal behavior, except a slave pty may be born at any point by a pro-
       gram opening /dev/tty. This makes it impossible to reliably wait for events without consuming 100% of the CPU.

       Over the various versions different approaches were attempted at solving this problem.  Any given version of sshpass is released  with  the
       belief  that it is working, but experience has shown that these things do, occasionally, break. This happened with OpenSSH version 5.6.	As
       of this writing, it is believed that sshpass is, again, working properly.

Lingnu Open Source Consulting					  August 6, 2011							SSHPASS(1)
All times are GMT -4. The time now is 09:48 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy