You can send and retrieve files using public/private key pair authentication for passwordless SFTP. This automates delivery of files to OCLC and eliminates the need to manually enter a password when using an SFTP account. It also allows your institution to change the key on a regular basis for added security.
For security reasons, OCLC does not support passing of the SFTP password via a script, but offers the public/private key pair solution instead to allow fully automated scripts to be written for uploading and downloading to our server.
This procedure is for Linux systems. Although similar methods would be used for other systems, OCLC has tested this method using Linux as the SCP and SFTP client machine. A password is requested while uploading the public key, but once replaced, future logins and file transfers do not require a password.
Generate and upload your public key
To generate and upload your public key to your SFTP account:
- Generate a private/public key pair on your client machine and put it in a file called /home/user1/.ssh/id_rsa.pub on your local machine.
If you are unsure how to generate a private/public key pair, you can use the method described here: https://askleo.com/how_can_i_automate_an_sftp_transfer_between_two_servers/ (this method puts the private/public key file in the correct place on your local machine automatically).
- Upload your public key to .ssh/authorized_keys in your SFTP account.
Do not delete the existing .ssh/authorized_keys file before uploading the new one. The new file you upload automatically replaces the existing file while retaining its permissions and ownership properties. If you delete the existing file before uploading the new file, you will have insufficient rights on the system to set the necessary group ownership for .ssh/authorized_keys and therefore will continue to be asked for a password.
The examples below indicate more than one space to illustrate where a space is needed. When entering your commands, please use only one space.
If using a Linux-based system, you can use either of these commands to upload the public key file to the correct location (both commands presuppose you generated the private/public key using the method in the note to step 1 above).