Automating SFTP access with a protected password file

Applies to

• Hosted EZproxy

Answer

Passwordless private/public key access to SFTP is not available. To script automatic access to SFTP to upload or download files, follow these instructions. This works like private/public key pairs except you will pass the password via a hidden protected password file, very similar to using id_rsa.

This process does not use any environment variables or expose the password on the command line, both of which are unsafe.

Overview

This process requires three files:

1. Hidden Password File: Stored in your .ssh directory, this file contains the SFTP password and will have very restrictive permissions.
2. SFTP Response File: Contains the SFTP commands to execute.
3. Shell Script: Executes the SFTP session using the password and response files. This script can be run manually or automated via a cron job.

Step-by-Step Instructions

Step 1: Create the hidden password file

1. Create the Password File:

echo 'your-password-here' > ~/.ssh/.passwd

2. Set file permissions:

Ensure only the user can read the password file:

chmod 0400 ~/.ssh/.passwd

Step 2: Create the SFTP response file

1. Create the response file:

This file will contain the commands to be executed once logged into the SFTP server. Below is an example response file, with comments:

# Change to the local files directory

lcd /home/username/files

 

# Change to the pickup directory on the SFTP server

cd pickup

 

# Copy files starting with 't' to the local files directory

mget t*

 

# Exit SFTP and return to the shell

exit

Save the above content in a file called download-my-files.sftp.

Step 3: Create a shell script to run the response file

1. Create the Shell Script:

From the command line, create a shell script file and make it executable:

touch ~/daily-file-download.sh

chmod 0700 ~/daily-file-download.sh

2. Edit the shell script:

Add the following content to the daily-file-download.sh script:

#!/bin/bash

 

# Connect to the SFTP server and execute the response file

sshpass -f ~/.ssh/.passwd sftp -oBatchMode=no -b download-my-files.sftp user@scp.oclc.org

Running the script

• Manual execution:

Run the script manually by executing:

./daily-file-download.sh

• Automated execution:

To run the script on a schedule, add it to your cron jobs. For example, to run the script daily at midnight, add the following line to your crontab file (crontab -e):

0 0 * * * /home/username/daily-file-download.sh

Conclusion

By following these steps, you can automate SFTP file transfers securely without exposing your password on the command line or using unsafe environment variables. This method ensures your password is stored securely and your SFTP sessions can be automated.

 

Page ID

58512