Saturday, October 5, 2013

SFTP auto login without keys / without password

sftp command doesn't have option to specify password for auto login.

Recently faced this issue while writing a script on SUSE Linux for transferring system performance report to a central location, which is also a SuSE system.

We can accomplish this with "lftp" or "expect" command, but SLES doesn't install those binaries default.

I've to live with what I got, so let’s try how we can accomplish this with sftp command.

---------------------------------------------------------------------------------------------------------------------
The idea is

1.Set "SSH_ASKPASS" environment variable and force "sftp" command to read password from there.

2."sftp" will always ask password if its executing from a terminal, so we need to daemonize sftp command with "setsid" command

---------------------------------------------------------------------------------------------------------------------
Below code snippets will give some idea how we get it to the solution

pathnames.h
=========
/* Default path to ASKPASS program */

#define _PATH_SSH_ASKPASS_DEFAULT   "/usr/X11R6/bin/ssh-askpass" 

ssh.h
=============
/*
 * Environment variable for overwriting the default location of askpass
 */
#define SSH_ASKPASS_ENV         "SSH_ASKPASS"

readpass.c
=============
...
...

if (use_askpass && getenv("DISPLAY")) {
               if (getenv(SSH_ASKPASS_ENV))
                       askpass = getenv(SSH_ASKPASS_ENV);
...
...

                execlp(askpass, askpass, msg, (char *) 0);         
...
...

---------------------------------------------------------------------------------------------------------------------

So here we have all parts in place and we need to assemble it.

Now let’s start the real work

1.User name is "testvsftp" and password is "pass123"
2.echo "echo pass123" >/tmp/pass.sh
3.chmod 755 /tmp/pass.sh
4.export SSH_ASKPASS=/tmp/pass.sh
5.export DISPLAY=":0"  # As mentioned in readpass.c code , askpass = getenv(SSH_ASKPASS_ENV); will execute only if we have "DISPLAY" variable set.
6.setsid sftp -o StrictHostKeyChecking=no testvsftp@hostname << EOF
pwd
ls
EOF

That’s it..!!!..Now you know how to automate sftp login in scripts

Note:-  “StrictHostKeyChecking=no” option in sftp command is to accept keys from SFTP server automatically , otherwise if you are accessing the server first time, it may wait and ask for accepting the keys , eventually your script won’t continue from there.