Using sftp in a Script (with RSA Authentication)

Answer

This document applies to AIX Versions 5.2 & 5.3 and above.

To use sftp in a script without user interaction, you will need to set up RSA Authentication and then pass a batch file containing the transfer commands to sftp.

In this example, the local machine's hostname is machineA, and the remote machine's hostname is machineB. The username of the user who will be doing the sftp is sftpuser.

NOTE: Bold text indicates user input.

1. Generate RSA key pair and verify that the keys are there.

      sftpuser@machineA# ssh-keygen -t rsa
      Generating public/private rsa key pair.
      Enter file in which to save the key (/home/sftpuser/.ssh/id_rsa): 
   <ENTER>
      Enter passphrase (empty for no passphrase): <ENTER>
      Enter same passphrase again: <ENTER>
      Your identification has been saved in /home/sftpuser/.ssh/id_rsa.
      Your public key has been saved in /home/sftpuser/.ssh/id_rsa.pub.
      The key fingerprint is:
      b7:95:f7:a0:e1:52:01:d5:ec:48:e3:73:f7:45:40:46 sftpuser@machineA
      sftpuser@machineA# cd ~/.ssh
      sftpuser@machineA# ls -l
      total 32
      -rw-------   1 sftpuser     staff          883 Nov 07 11:41 id_rsa
      -rw-r--r--   1 sftpuser     staff          222 Nov 07 11:41 id_rsa.pub
      -rw-r--r--   1 sftpuser     staff          915 Nov 06 12:30 known_hosts
      -rw-------   1 sftpuser     staff         1024 Nov 07 11:40 prng_seed
   

2. Copy the public key to the remote machine.

      sftpuser@machineA# scp id_rsa.pub 
   sftpuser@machineB:.ssh/id_rsa.pub.machineA
      sftpuser@machineB's password: <password>
      id_rsa.pub            100% |*****************************|   222       
   00:00    
   

   NOTE: The $HOME/.ssh must exist on the remote machine for the above scp to work. Also, the directory should have permissions of 700 and be owned by the user.

3. Log in to remote machine to add key to authorized_keys file.

      sftpuser@machineA# ssh sftpuser@machineB
      sftpuser@machineB's password: <password>
      sftpuser@machineB# cd ~/.ssh
      sftpuser@machineB# ls -l
      total 16
      -rw-r--r--   1 sftpuser     staff          222 Nov 07 11:57 
   id_rsa.pub.machineA
      -rw-r--r--   1 sftpuser     staff          677 Oct 31 09:52 known_hosts
      sftpuser@machineB# cat id_rsa.pub.machineA >> authorized_keys
      sftpuser@machineB# ls -l
      total 24
      -rw-r--r--   1 sftpuser     staff          222 Nov 07 12:03 authorized_keys
      -rw-r--r--   1 sftpuser     staff          222 Nov 07 11:57 
   id_rsa.pub.machineA
      -rw-r--r--   1 sftpuser     staff          677 Oct 31 09:52 known_hosts
      sftpuser@machineB# rm id_rsa.pub.machineA
      sftpuser@machineB# exit
      Connection to machineB closed.
   

4. Test the RSA Authentication.

      sftpuser@machineA# ssh sftpuser@machineB
      sftpuser@machineB#
   

   NOTE: You should not be prompted for the password.

      sftpuser@machineB# exit
      Connection to machineB closed.
   

5. Create batch script to test sftp.

      sftpuser@machineA# echo "put /etc/motd /home/sftpuser/motd.txt" > 
   /tmp/test.batch
      sftpuser@machineA# cat /tmp/test.batch
      put /etc/motd /home/sftpuser/motd.txt
   

6. Test sftp.

      sftpuser@machineA# sftp -b /tmp/test.batch sftpuser@machineB
      Connecting to machineB...
      sftp> put /etc/motd /home/sftpuser/motd.txt
      Uploading /etc/motd to /home/sftpuser/motd.txt
      sftp> 
      sftpuser@machineA# 
   

7. Verify that the file was transferred.

      sftpuser@machineA# ssh sftpuser@machineB
      sftpuser@machineB# ls -l /home/sftpuser/motd.txt
      -r-xr--r--   1 root     staff         1441 Nov 07 13:08 
   /home/sftpuser/motd.txt
      sftpuser@machineB# exit
      Connection to machineB closed.
   

Related documentation

Further information on generating RSA key pairs can be found in Chapter 4 of the IBM Redbook, "Managing AIX Server Farms".