smartdev123
asked on
non-interactive authentication of sftp command in AIX 5.3
I need to send few files from AIX host to Windows host via sftp. Now this whole process needs to be automated starting from login to putting files in non-interactive mode.
Please help me out with the options to write such a shell script.
Please help me out with the options to write such a shell script.
ASKER
Hi,
I did the following steps:
On server A logged in as Id x -
[/home/x]>ssh-keygen -t dsa
>chmod 700 .ssh
>cd .ssh
files generated-->
id_dsa
id_dsa.pub
>chmod 600 *
created file called authorized_keys
vi authorized_keys
chmod 600 authorized_keys
On server B logged in as Id y -
[/home/y]>ssh-keygen -t dsa
>chmod 700 .ssh
>cd .ssh
files generated-->
id_dsa
id_dsa.pub
>chmod 600 *
created file called authorized_keys
vi authorized_keys
chmod 600 authorized_keys
========================
Now, copied contents of id_dsa.pub of server A to authorized_keys of server B and vice versa.
Now, on server A I do:
[/home/x]>ssh server B
The authenticity of host 'server B (IP B)' can't be established.
RSA key fingerprint is 08:b5:98:d9:43:1a:af:dd:63
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'server B,IP B' (RSA) to the list of known hosts.
x@server B's password:
PLEASE ADVISE IF I MISSED ANY STEP . WHY IS IT STILL ASKING FOR PASSWORD?
ALSO, DO THE IDs ON BOTH THE MACHINES NEED TO BE THE SAME?
I did the following steps:
On server A logged in as Id x -
[/home/x]>ssh-keygen -t dsa
>chmod 700 .ssh
>cd .ssh
files generated-->
id_dsa
id_dsa.pub
>chmod 600 *
created file called authorized_keys
vi authorized_keys
chmod 600 authorized_keys
On server B logged in as Id y -
[/home/y]>ssh-keygen -t dsa
>chmod 700 .ssh
>cd .ssh
files generated-->
id_dsa
id_dsa.pub
>chmod 600 *
created file called authorized_keys
vi authorized_keys
chmod 600 authorized_keys
========================
Now, copied contents of id_dsa.pub of server A to authorized_keys of server B and vice versa.
Now, on server A I do:
[/home/x]>ssh server B
The authenticity of host 'server B (IP B)' can't be established.
RSA key fingerprint is 08:b5:98:d9:43:1a:af:dd:63
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'server B,IP B' (RSA) to the list of known hosts.
x@server B's password:
PLEASE ADVISE IF I MISSED ANY STEP . WHY IS IT STILL ASKING FOR PASSWORD?
ALSO, DO THE IDs ON BOTH THE MACHINES NEED TO BE THE SAME?
are you working on windows and aix unix systems ?
ASKER
No. I made this test between two AIX Unix systems. But in real time i will have to make it work between AIX and Windows.
try to generate keys with rsa option
ASKER
tried that too..same result..:(
Isnt there any other way without involving key generations?
Isnt there any other way without involving key generations?
please steps in the link below:
http://waelchatila.com/2005/06/06/1118124232757.html
another key for ssh with no password
http://macnugget.org/projects/publickeys/
http://waelchatila.com/2005/06/06/1118124232757.html
another key for ssh with no password
http://macnugget.org/projects/publickeys/
Maybe "copu oub to authorized" step made world-writable file due to less restrictive umask.
On both servers have you:
chmod 755 $HOME
chmod 700 $HOME.ssh
chmod 600 $HOME/.ssh/id_dsa
Checked the "/etc/ssh/sshd_config" to make sure it has the following enabled / defined?
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
Done a: ls -la $HOME/.ssh/authorized_keys
Once you have AIX ot AIX running, can loop back to the sam host if you wish, have a play with Windows.
Which SSH / SFTP Deamon (SFTP server) are you going to be running at the Windows end, and have you enabled key based authentication (Not all support it)?
If the Windows sftp server dosen't support key based authentication, then you can either upgrade the server, or convert your sftp batch script to an "expect" script, see:
http://www.perzl.org/aix/index.php?n=Main.Expect
And an example script:
#!/bin/sh
#Example 'expect' sftp script
#
EXPECT_DIR="/usr/bin"
LOG_DIR="/tmp"
LOG_FILE="expect.log"
SFTP_CMD_FILE="$HOME/test_
SFTP_USER="a-user"
SFTP_HOST="localhost"
SFTP_PASS="xxxxxxx"
$EXPECT_DIR/expect 2>&1 > ${LOG_DIR}/${LOG_FILE} <<EOF
set timeout 1000000
spawn /usr/bin/sftp -b $SFTP_CMD_FILE $SFTP_USER@$SFTP_HOST
log_file ${LOG_DIR}/${LOG_FILE}
expect "Connecting to $SFTP_HOST..." {
expect {
-re "^.*assword: " { send "$SFTP_PASS\r"
expect -re "^.assword: " { echo "ERROR SFTP password invalid\n"
exit 2 }
exit }
eof { echo "WARNING: Connected without password\n"; exit }}
echo "ERROR SFTP connection failed\n"
exit 3 }
echo "ERROR SFTP initialization failed\n"
exit 1
EOF
SFTPEXIT=$?
echo "SFTP exit code: $SFTPEXIT"
exit $SFTPEXIT
chmod 755 $HOME
chmod 700 $HOME.ssh
chmod 600 $HOME/.ssh/id_dsa
Checked the "/etc/ssh/sshd_config" to make sure it has the following enabled / defined?
RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys
Done a: ls -la $HOME/.ssh/authorized_keys
Once you have AIX ot AIX running, can loop back to the sam host if you wish, have a play with Windows.
Which SSH / SFTP Deamon (SFTP server) are you going to be running at the Windows end, and have you enabled key based authentication (Not all support it)?
If the Windows sftp server dosen't support key based authentication, then you can either upgrade the server, or convert your sftp batch script to an "expect" script, see:
http://www.perzl.org/aix/index.php?n=Main.Expect
And an example script:
#!/bin/sh
#Example 'expect' sftp script
#
EXPECT_DIR="/usr/bin"
LOG_DIR="/tmp"
LOG_FILE="expect.log"
SFTP_CMD_FILE="$HOME/test_
SFTP_USER="a-user"
SFTP_HOST="localhost"
SFTP_PASS="xxxxxxx"
$EXPECT_DIR/expect 2>&1 > ${LOG_DIR}/${LOG_FILE} <<EOF
set timeout 1000000
spawn /usr/bin/sftp -b $SFTP_CMD_FILE $SFTP_USER@$SFTP_HOST
log_file ${LOG_DIR}/${LOG_FILE}
expect "Connecting to $SFTP_HOST..." {
expect {
-re "^.*assword: " { send "$SFTP_PASS\r"
expect -re "^.assword: " { echo "ERROR SFTP password invalid\n"
exit 2 }
exit }
eof { echo "WARNING: Connected without password\n"; exit }}
echo "ERROR SFTP connection failed\n"
exit 3 }
echo "ERROR SFTP initialization failed\n"
exit 1
EOF
SFTPEXIT=$?
echo "SFTP exit code: $SFTPEXIT"
exit $SFTPEXIT
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
It is described in "man sshd"
AUTHORIZED_KEYS FILE FORMAT
AuthorizedKeysFile specifies the file containing public keys for public
key authentication; if none is specified, the default is
~/.ssh/authorized_keys. Each line of the file contains one key (empty
(because of the size of the public key encoding) up to a limit of 8 kilo-
bytes, which permits DSA keys up to 8 kilobits and RSA keys up to 16
kilobits. You don't want to type them in; instead, copy the
identity.pub, id_dsa.pub, or the id_rsa.pub file and edit it.
AUTHORIZED_KEYS FILE FORMAT
AuthorizedKeysFile specifies the file containing public keys for public
key authentication; if none is specified, the default is
~/.ssh/authorized_keys. Each line of the file contains one key (empty
(because of the size of the public key encoding) up to a limit of 8 kilo-
bytes, which permits DSA keys up to 8 kilobits and RSA keys up to 16
kilobits. You don't want to type them in; instead, copy the
identity.pub, id_dsa.pub, or the id_rsa.pub file and edit it.
I've requested that this question be deleted for the following reason:
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.
I have recommended this question be closed as follows:
Not enough information to confirm an answer.
If you feel this question should be closed differently, post an objection and a moderator will read all objections and then close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
Experts-Exchange Auto Deleter
No comment has been added to this question in more than 21 days, so it is now classified as abandoned.
I have recommended this question be closed as follows:
Not enough information to confirm an answer.
If you feel this question should be closed differently, post an objection and a moderator will read all objections and then close it as they feel fit. If no one objects, this question will be closed automatically the way described above.
Experts-Exchange Auto Deleter
#25024739 says even split between answers leading to it.
Also fair...
https://www.experts-exchange.com/questions/22919218/SFTP-from-unix-to-windows.html