Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Need some help regarding file transfer between server (sftp/scp)
Top Forums UNIX for Beginners Questions & Answers Need some help regarding file transfer between server (sftp/scp) Post 303037348 by bakunin on Tuesday 30th of July 2019 08:18:10 AM
Old 07-30-2019
Quote:
Originally Posted by abhi_123
But in such a case, when we share a public key from server/system B to server/system A, this generally indicates that user from server B is transferring files to server A and not vice-versa.
No! It means that the authentication is done in this direction.

Consider it this way: if you give someone the key to your house he has access to it. That could mean he takes away something or brings something, but this difference is not depending on him receiving your key or not. He could do both these things without the key too, he just would have to ring your bell (and wait till you answer it) if he lacks the key.

If userA@systemA (notice that "userA" on one system and "userA" on another system are two different accounts, they just happen to share the same name) has his key on systemB this user is allowed to log on (without password). What he does after this logon is not determined by the key at all. He could put files (that is: transfer to the server) or get files (that is: copy files from that server).

This is also possible with classical ftp or sftp: there is the put/mput command to move files to the system and get/mget command to move/copy files from the system.

In scp this would look like:

Code:
scp user@system:/path/to/remotefile /path/to/localfile

This will transfer a remote file from "system" using the account "user" to the local system. The other way would be:

Code:
scp /path/to/localfile user@system:/path/to/remotefile

This would transfer a local file using the account "user" to the remote system "system". The difference between having put the key of your local user on "system" will be: without the key you need to authenticate, with the key you don't.

I hope this helps.

bakunin
 

10 More Discussions You Might Find Interesting

1. AIX

CRLF during SFTP transfer is appearing only in one server

Hello. I have got 3 unix boxes A B C. Box A is being used to prepare some reports. After the reports generation, Box A sftp the reports to Box B and Box C. When I look at the report in Box B and Box C. The reports are different. In Box B, I see using od -x command there is CRLF (\r\n) at the end... (7 Replies)
Discussion started by: panchpan
7 Replies

2. UNIX for Dummies Questions & Answers

File Missing When Grabbing Files from SFTP Server using SCP Command

Hi, I have this problem where sometimes my files would go missing when I schedule my crontab to run the SCP command to get file from the SFTP server. My crontab will run the scripts at an interval of 3 minutes (between the two scripts) The following is the setting in my crontab. ... (1 Reply)
Discussion started by: gingervitus
1 Replies

3. UNIX for Dummies Questions & Answers

scp or sftp to Window server

Dear Unix Gurus, I have a question to confirm before I proceed to script my program. I'm currently running on IBM AIX Ver 5.3. I just like to know if it's compatible to use scp or sftp between AIX and Wintel server? I'm trying to scp or sftp a file from AIX to Window server and I was... (1 Reply)
Discussion started by: lweegp
1 Replies

4. Shell Programming and Scripting

file transfer using scp..

Hi Frdz I have a problem like. I need to transfer a file from source to destination (different systems with different IPs) using "scp" command and before transfer the file i have to check the file is available in destination or not, if it is there no need to transfer, otherwise we have to... (5 Replies)
Discussion started by: KiranKumarKarre
5 Replies

5. UNIX for Dummies Questions & Answers

File transfer using SCP

I have a shell script which uses SCP command to transfer the files from one server to another server. The files are getting transferred successfully, but the problem is the files transferred to the destination server didnot have the permissions as that of the files on the source server. Command... (5 Replies)
Discussion started by: kumarm
5 Replies

6. Shell Programming and Scripting

SFTP to transfer files from one server to another

Hello, i have to write a script to perform sftp from the remote server to another server. the files which are at the remote location are huge data log files which should be transfered to my server in a particular folder. could you please provide me the general code (simple )... (1 Reply)
Discussion started by: urfrnddpk
1 Replies

7. Shell Programming and Scripting

Using SFTP and FTP to transfer data from One Remote Server To Another

HI I need to write a script in 415univ server which should go to 534unix server and move the files from there to windows server. I am not able to get it bcoz sftp prompt is not allowing ftp command. Can some one plz help me Thanks in advance (3 Replies)
Discussion started by: himakiran9
3 Replies

8. Shell Programming and Scripting

Transfer files from linux server to windows using secure ftp (sftp)

HI, I have to transfer files from linux server to windows using secure ftp (sftp) .Kindly help me out. (3 Replies)
Discussion started by: manushi88
3 Replies

9. UNIX for Advanced & Expert Users

SCP File Transfer

I have 3 AIX server namely - Server 1 , Server 2 and Server 3. And have done SCP setup between Server 1 and Server 2 so that i dont have to give password when i transfer file from Server 1 to Server 2 by setting public key between the server. Q1. If the unix password of the target server... (3 Replies)
Discussion started by: Pash
3 Replies

10. UNIX for Advanced & Expert Users

SCP File Transfer

On unix AIX server, when I am trying to transfer file from one directory to another directory on the same server through a program(where i call the script) it gives error "Lost Connection". (5 Replies)
Discussion started by: Pash
5 Replies

LEARN ABOUT DEBIAN

fetchfile

FETCHFILE(7)						 Miscellaneous Information Manual					      FETCHFILE(7)

NAME

       O-SAFT / fetchfile

DESCRIPTION

   Introduction
       With  the  server  protocol  extension  O-SAFT (Offer Simple Asynchronous File Transfer) and the matching client fetchfile there is an easy
       method of retrieving files from a SAFT server. This is a direct analogy to the SMTP and POP or APOP protocol suite in the world	of  e-mail
       transfer.

       Overview:

	       - How does O-SAFT/fetchfile work?
	       - What to do on the client side?
	       - What to do on the server side?
	       - How about security issues?

   How does O-SAFT/fetchfile work?
       O-SAFT  is  an extension to the existing SAFT protocol and allows athenticated clients to retrieve files from a (remote) server. The imple-
       mention is the server sendfiled and the client fetchfile.

       O-SAFT uses a dedicated pgp key pair to authenticate the fetchfile session.  The private key will be kept on the client	side,  the  public
       key must tbe present at the server side. For security reasons this will NOT be your regular e-mail pgp key pair, but a separate pair of pgp
       keys, uniquely assigned for fetchfile transfers. You will have to create a pair of pgp keys for this  purpose  befor  using  the  fetchfile
       client for the first time (see below).

       Fetchfile  can  provide a directory listing of available files from the server, retrieve files or delete files. After retrieving a file, it
       will be placed in the regular spool directory, not in the current directory! You will have to use the receive command to transfer the files
       from the spool directory to your current directory afterwards.

       If  there  already  exists  a  regular  sendfile  spool	directory  /var/spool/sendfile	on  the  client  side it will be used, otherwise a
       $HOME/.sfspool will be created. Fetchfile will be running without using root permissions on the client side.

   What to do on the client side?
       You must have pgp-2.6.x installed and the binaries must be available through your $PATH environment variable.

       First, and ONLY ONCE before using fetchfile the very first time, you have to create a fetchfile	pgp  key  pair	(only  pgp-2.6.x  is  sup-
       ported!):

       fetchfile -I

       Please only hit 'ENTER' when being asked for a pass phrase! This will create a special non-passphrase protected key pair for O-SAFT.

       After this initialization you will have a file /var/spool/sendfile/$USER/config/public.pgp resp. $HOME/.sfspool/public.pgp

       Please send this file to root@SAFT-server, who has to save this public key file into the appropiate user configuration directory.

       Example:

       sendfile -c 'my O-SAFT puplic key' /var/spool/sendfile/$USER/config/public.pgp root@bofh.belwue.de

       (This prelimary action will enable you to use the SAFT server and will prevent othes from abusing your name or SAFT-account on the server.)

       After preparing the pgp keys an both sides, you can invoke fetchfile on a regular basis:

       fetchfile -l
	       list files on the server

       fetchfile -a
	       retrieve all files from server

       fetchfile -daf *aol.com
	       delete all files from the AOL domain

       There is a detailed description of all capabilities in the fetchfile(1) man page.

       For configuring the server SAFT account by the client user there are two options:
	    fetchfile -Cw=config
	    fetchfile -Cw=restrictions

       Using  this  the  two  local configuration files will be transfered from the local current directory to the SAFT server. The details of the
       configuration can be found in the sendfile(1) man page.

       With using
	    fetchfile -Cr=config
	    fetchfile -Cr=restrictions

       the files will be retrieved back and will be displayed to STDOUT.

   What to do on the server side?
       pgp-2.6.x must be installed. The system adminsitrator needs to run sfdconf -e config add set the following option:

       fetchfile = on

       The system administrator must create a user account (if it does not yet exist). This account does not need an interactive login	shell  and
       does  not need a valid password; the login shell could be /bin/false. The only purpose is to enable the sendfiled to check out the user and
       to create a local spool directory (this method is well known for creating POP mail accounts).

       The client user will create the initial pgp key pair and the public key (public.pgp) will be  sent  to  the  system  administrator  of  the
       server.	 This key has to be placed into the config directory for the particular user.  Assuming the user name is bozo, the system adminis-
       trator will have to type the following (under root permissions):

	    receive -f bozo@* -b bozo public.pgp
	    su bozo
	    cd /var/spool/sendfile/bozo/config
	    receive public.pgp

       (the first receive resends the file public.pgp from the sender bozo@* to the
	local user bozo)

   How about security issues?
       O-SAFT uses a tcp challenge/response authentication with a pgp signature.  This opens the possibility that  the	session  can  be  attacked
       through	tcp hijacking. We are well aware of this, but tcp hijacking is not easy and only possible if the attacker has direct access to the
       transport media (e.g. listening on the same ethernet cable/segment) and has access to a set of pretty  nice  cracker  tools.  With  regular
       operating system supplied software it is not possible to attack a session.

SEE ALSO

       sendfile(1), fetchfile(1), sendfiled(8).

AUTHOR

       Ulli Horlacher  -  framstag@rus.uni-stuttgart.de

       translated by andreas@citecs.de

3rd Berkeley Distribution													      FETCHFILE(7)
All times are GMT -4. The time now is 07:20 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy