Solved

non-interactive authentication of sftp command in AIX 5.3

Posted on 2009-07-09
15
271 Views
Last Modified: 2016-05-23
I need to send few files from AIX host to Windows host via sftp. Now this whole process needs to be automated starting from login to putting files in non-interactive mode.
Please help me out with the options to write such a shell script.
0
Comment
Question by:smartdev123
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 4
  • 4
  • +2
15 Comments
 
LVL 40

Expert Comment

by:omarfarid
ID: 24813965
0
 

Author Comment

by:smartdev123
ID: 24815397
Hi,

I did the following steps:

On server A logged in as Id x -

[/home/x]>ssh-keygen -t dsa
>chmod 700 .ssh
>cd .ssh
files generated-->
id_dsa
id_dsa.pub
>chmod 600 *
created file called authorized_keys
vi authorized_keys
chmod 600 authorized_keys

On server B logged in as Id y -

[/home/y]>ssh-keygen -t dsa
>chmod 700 .ssh
>cd .ssh
files generated-->
id_dsa
id_dsa.pub
>chmod 600 *
created file called authorized_keys
vi authorized_keys
chmod 600 authorized_keys
========================
Now, copied contents of id_dsa.pub of server A to authorized_keys of server B and vice versa.
Now, on server A I do:
[/home/x]>ssh server B
The authenticity of host 'server B (IP B)' can't be established.
RSA key fingerprint is 08:b5:98:d9:43:1a:af:dd:63:95:ce:7b:97:8c:14:4a.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'server B,IP B' (RSA) to the list of known hosts.
x@server B's password:

PLEASE ADVISE IF I MISSED ANY STEP . WHY IS IT STILL ASKING FOR PASSWORD?
ALSO, DO THE IDs ON BOTH THE MACHINES NEED TO BE THE SAME?
0
 
LVL 40

Expert Comment

by:omarfarid
ID: 24815419
are you working on windows and aix unix systems ?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:smartdev123
ID: 24815557
No. I made this test between two AIX Unix systems. But in real time i will have to make it work between AIX and Windows.
0
 
LVL 40

Expert Comment

by:omarfarid
ID: 24815690
try to generate keys with rsa option
0
 

Author Comment

by:smartdev123
ID: 24815744
tried that too..same result..:(

Isnt there any other way without involving key generations?
0
 
LVL 40

Expert Comment

by:omarfarid
ID: 24816013
please steps in the link below:

http://waelchatila.com/2005/06/06/1118124232757.html

another key for ssh with no password

http://macnugget.org/projects/publickeys/
0
 
LVL 62

Expert Comment

by:gheist
ID: 24832038
Maybe "copu oub to authorized" step made world-writable file due to less restrictive umask.
0
 
LVL 26

Expert Comment

by:arober11
ID: 24996587
On both servers have you:
chmod 755 $HOME
chmod 700 $HOME.ssh
chmod 600 $HOME/.ssh/id_dsa

Checked the "/etc/ssh/sshd_config" to make sure it has the following enabled / defined?

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile     .ssh/authorized_keys

Done a: ls -la $HOME/.ssh/authorized_keys

Once you have AIX ot AIX running, can loop back to the sam host if you wish, have a play with Windows.

Which SSH / SFTP Deamon (SFTP server) are you going to be running at the Windows end, and have you enabled key based authentication (Not all support it)?

If the Windows sftp server dosen't support key based authentication, then you can either upgrade the server, or convert your sftp batch script  to an "expect" script, see:

http://www.perzl.org/aix/index.php?n=Main.Expect

And an example script:
#!/bin/sh
#Example 'expect' sftp script
#
EXPECT_DIR="/usr/bin"
LOG_DIR="/tmp"
LOG_FILE="expect.log"
SFTP_CMD_FILE="$HOME/test_sftp.bat"
SFTP_USER="a-user"
SFTP_HOST="localhost"
SFTP_PASS="xxxxxxx"

$EXPECT_DIR/expect 2>&1 > ${LOG_DIR}/${LOG_FILE} <<EOF
set timeout 1000000
spawn  /usr/bin/sftp -b $SFTP_CMD_FILE $SFTP_USER@$SFTP_HOST
log_file ${LOG_DIR}/${LOG_FILE}
expect "Connecting to $SFTP_HOST..." {
        expect {
        -re "^.*assword: " { send "$SFTP_PASS\r"
                             expect -re "^.assword: " { echo "ERROR SFTP password invalid\n"
                                                        exit 2  }
                             exit }
        eof { echo "WARNING: Connected without password\n"; exit }}
        echo "ERROR SFTP connection failed\n"
        exit 3 }
echo "ERROR SFTP initialization failed\n"
exit 1
EOF
SFTPEXIT=$?
echo "SFTP exit code: $SFTPEXIT"
exit $SFTPEXIT
0
 

Accepted Solution

by:
smartdev123 earned 0 total points
ID: 25024739
Hi All,

Really apologize for the late reply..But, I am now able to ssh using keys without passwords.

Just a suggestion for those who are working on Unix..When you are copying your public key to the authorized_keys file of the target server, it should be pasted as a single line without any carraige returns. Preferrably use cat command rather than editors like vi etc.
0
 
LVL 62

Expert Comment

by:gheist
ID: 25026803
It is described in "man sshd"

AUTHORIZED_KEYS FILE FORMAT
     AuthorizedKeysFile specifies the file containing public keys for public
     key authentication; if none is specified, the default is
     ~/.ssh/authorized_keys.  Each line of the file contains one key (empty
     (because of the size of the public key encoding) up to a limit of 8 kilo-
     bytes, which permits DSA keys up to 8 kilobits and RSA keys up to 16
     kilobits.  You don't want to type them in; instead, copy the
     identity.pub, id_dsa.pub, or the id_rsa.pub file and edit it.
0
 

Expert Comment

by:EE_AutoDeleter
ID: 41608272
I've requested that this question be deleted for the following reason:

No comment has been added to this question in more than 21 days, so it is now classified as abandoned.

I have recommended this question be closed as follows:

Not enough information to confirm an answer.

If you feel this question should be closed differently, post an objection and a moderator will read all objections and then close it as they feel fit. If no one objects, this question will be closed automatically the way described above.

Experts-Exchange Auto Deleter
0
 
LVL 62

Expert Comment

by:gheist
ID: 41608273
#25024739 says even split between answers leading to it.
0
 
LVL 62

Expert Comment

by:gheist
ID: 41611947
Also fair...
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
AIX    Volume group Auto ON/OFF question 2 149
need to remove or skip  grub protection password in ubuntu on boot time 2 91
Sed question 2 139
Python Assistance 7 98
FreeBSD on EC2 FreeBSD (https://www.freebsd.org) is a robust Unix-like operating system that has been around for many years. FreeBSD is available on Amazon EC2 through Amazon Machine Images (AMIs) provided by FreeBSD developer and security office…
Why Shell Scripting? Shell scripting is a powerful method of accessing UNIX systems and it is very flexible. Shell scripts are required when we want to execute a sequence of commands in Unix flavored operating systems. “Shell” is the command line i…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question