sftp connectivity check in a automated way
Hi
I automate SFTP server setup on a linux server....all good so far.
Now, from a remote server (linux) would like to check my sftp connectivity through scripting. Could you suggest me a way to test SFTP connectivity in a automated way please
Right now, connectivity works fine manually
I automate SFTP server setup on a linux server....all good so far.
Now, from a remote server (linux) would like to check my sftp connectivity through scripting. Could you suggest me a way to test SFTP connectivity in a automated way please
Right now, connectivity works fine manually
sftp -P 2049 -i ~/.ssh/mykey.pem ec2-user@<hostname>
The authenticity of host '[<hostname>]:2049 ([10.20.51.39]:2049)' can't be established.
ECDSA key fingerprint is SHA256:5yOYwhKTHWhG99dYoHjtAxE9Vn1klppNS25KZJ5OcL8.
ECDSA key fingerprint is MD5:7f:c4:8a:c8:54:cc:02:0a:70:d4:31:37:00:dd:2d:d5.
Are you sure you want to continue connecting (yes/no)? yes
All you are looking is to test whether port 22 is open.
Which scripting language are you familiar that can do a socket connection.
The prompt deals with an new host, once the key is added , the prompt will go away.
You could use expect if you need to interact ...
Which scripting language are you familiar that can do a socket connection.
The prompt deals with an new host, once the key is added , the prompt will go away.
You could use expect if you need to interact ...
ASKER
Thanks omarfarid, arnold,
as arnold pointed out, it is prompting, is there a way to avoid that pls? in SSH we use -o StrictHostKeyChecking=no
Is there a similiar thing available for sftp?
omarfarid, if we bypass this prompt, then we might establish a connection and check the status. Not sure, if it will endup with sftp> prompt
as arnold pointed out, it is prompting, is there a way to avoid that pls? in SSH we use -o StrictHostKeyChecking=no
Is there a similiar thing available for sftp?
omarfarid, if we bypass this prompt, then we might establish a connection and check the status. Not sure, if it will endup with sftp> prompt
The only way you can do this is doing a full login, because sshd handles both ssh + sftp connections.
A full login is required to determine 100%, if sshd is both listening + correctly processing sftp connections.
Also to fully automate this test, you'll require an empty passphrase key. Otherwise, sftp will prompt for a password in a non-interactive script, which will hang, then eventually timeout.
A full login is required to determine 100%, if sshd is both listening + correctly processing sftp connections.
Also to fully automate this test, you'll require an empty passphrase key. Otherwise, sftp will prompt for a password in a non-interactive script, which will hang, then eventually timeout.
If you set trust between the two accounts then you can avoid username and password.
Also, you can simply pass exit as command.
Also, you can simply pass exit as command.
ASKER
Thanks David,
I think, thats exactly my issue now.
@omarfarid, how to set the trust other than sshkeys please. as we can see manual login works after responding to prompt. is there a way in the OS, disable this prompt for this specific user?
I think, thats exactly my issue now.
@omarfarid, how to set the trust other than sshkeys please. as we can see manual login works after responding to prompt. is there a way in the OS, disable this prompt for this specific user?
You need to exchange keys.
Other way is to use expect to response to sftp prompts.
Other way is to use expect to response to sftp prompts.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
It can even be simpler: use scp part of ssh that uses sftp internaly and ONLY needs a commandline.
(Prompting can be avoided if you have a certificate logon).
(Prompting can be avoided if you have a certificate logon).
ASKER
Thanks @noci, I didnt know that. Good trick :)
Just to correct, the first attempt to a new device will always prompt to add the new host to a list of known_hosts.
So one presumes that to copy one's SSH-keygen public key, one has to manually initiate a transfer where the new host is added to the known_hosts list.
note the host can have their SSH server keys regenerated. meaning the prompt will now be a conflict.
I know host A as 324325324525 but now it presents as 09890788798
Do you want to proceed? or hard disconnect, requiring removal of host A from the known_hosts with the old information so that it can be addedd again with the new information.
So one presumes that to copy one's SSH-keygen public key, one has to manually initiate a transfer where the new host is added to the known_hosts list.
note the host can have their SSH server keys regenerated. meaning the prompt will now be a conflict.
I know host A as 324325324525 but now it presents as 09890788798
Do you want to proceed? or hard disconnect, requiring removal of host A from the known_hosts with the old information so that it can be addedd again with the new information.
"Setting Trust" - new term to me.
All ssh keys are equivalent, or rather strength is determined by bit length.
To create an empty passphrase keypair...
All ssh keys are equivalent, or rather strength is determined by bit length.
To create an empty passphrase keypair...
# Generate a strong, empty passphrase key
ssh-keygen -q -N "" -b 4096 -t rsa -f ~/.ssh/sftptest.rsa -C "SFTP Login Test Key"
# Deploy the pub keypair part to your remote ~$user/.ssh/authorized_keys file
ssh-copy-id -i ~/.ssh/sftptest.rsa.pub $user@$ip
Set trust is letting access without password, similar to rlogin :)
for ssh passwordless logon is a ssh certificate without a keyphrase.
You can always check the command exit status.
This is $?
If its 0 then command was sucessfull, otherwise there was an isdue/error