UNIX for Dummies Questions & Answers

Hi everyone, I am having problems with changing a script (originally it is used to transfer file from an FTP server to another place). Now the company change the FTP to SFTP server, so I need to change the script accordingly.

Basically, I have trouble with the log in authentication, here is the old log in part:

Code:

    echo "INFO    :    Generating FTP file size logging script" >> $log
    echo "ftp -n << FTPEND"           > $ftpProxy
    echo "open ${ftpServer}"         >> $ftpProxy
    echo "user $username $password " >> $ftpProxy
    echo "cd $ftpSourceDir"          >> $ftpProxy
    echo "ls -l ${tmpFile}.filesize" >> $ftpProxy
    echo "close"  >> $ftpProxy
    echo "bye"    >> $ftpProxy
    echo "FTPEND" >> $ftpProxy
    chmod 774 $ftpProxy
    $ftpProxy > ${tmpFile}

The generating log in file is in the same file as the rest

Now, when I look online for sftp log in credential, it seems that I need a separate log in file and an cmd file to do other thing, here is the sample:

Code:

spawn sftp -b [cmdFile] [username]@[servername]
expect "password:"
send "[yourPassword]\n";
interact

The point is if I generate out a log in file like that (which needs a cmdFile tp run) then I will not have the cmdFile at that time since the code gor the other part is generated after the login part (in the original file)

I know this maybe very confusing (since I am also quite confused with this whole ftp - sftp thing), I hope you guys can help me out a bit. Many thanks

Oh, one last thing, just asking: regarding commands, is there any difference between sftp and ftp

The syntax should be about the same for sftp, but the authentication works different, as you already noticed. You can't supply user and pw this way. Either your exchange ssh-keys (there is plenty of topics about this for "passwordless ssh" here in the forums as well on the www) or supply it manually, where the latter you don't want to. You can automate it also using expect to feed the credentials. There should b also some posts here in the forum about it you can find, using the search function.

To expand on what zaxxon explained:

With "ftp" you:

With "sftp" you:

exchange ssh-keys instead of user/password before you even attempt to transfer files. You do this only once. The "session" itself is:

The advantage is: you do not have to put passwords in clear text into scripts. Instead you exchange a secret (keys) once and then use these automatically. These secrets are not being sent in clear text over the network either (unlike "ftp", where passwords are transferred that way), which further enhances security: nobody listening on the network can collect the secret and then use it himself.

Things you have to consider: if you have a firewall between the two systems make sure you have the necessary ports opened. "sftp" operates (usually - can be configured) on another port than "ftp" (usually) does.

I hope this helps.

bakunin

HI, thanks for your help, I know there are posts out there talking about ssh key, but I hope you guys can help me again, so now I have the username and password for the SFTP server. Will I have to somehow generate this username and password into a ssh key; or I can create a separate ssh key (separate from my existing user name and password).
If there is any sample code for such procedure, I would be really appreciate, thanks

This actually is discussed in the man page of "ssh" at length. I suggest you read this.

Suppose you are userA@hostA and want o connect to hostB as userB:
Basically, you connect to the remote system once using standard username/password authentication. Then you generate an ssh-key on this remote system as the authenticated user. Transfer this generated key (this is a long string, you can either put it into a text file and transfer this, but even copy&paste would work) to the machine you connected from. There you have a "keyring" file ("hostA/~userA/.ssh/authorized_keys"), where you simply append this string. From now on, when you attempt to connect to hostB as userB coming from hostA as userA the ssh (or sftp) software provides this key and the remote system - instead of asking a password - takes this as authentication.

Note that this will not work both ways: the above would only provide passwordless access as userA@hostA to userB@hostB. To connect to hostA as userA coming from hostB as userB you would have to generate another key and transfer it in the other direction first.

Note also that this only authenticates a single host/user pair: If userA@hostA can connect passwordless to hostB as userB this neither means that userB@hostA can do the same or that userA@hostA can connect as userA@hostB without a password. You would have to generate and exchange keys first as these user/host combinations to make it work.

Another thing: generate keys only ONCE. If you want to connect as userB@hostB coming from userA@hostA as well as userB@hostA then connect to hostB as userB first, generate the key and put this key into the keyring file of userA@hostA as well as userB@hostA. Do NOT generate 2 keys!

I hope this helps.

bakunin