Saturday, October 5, 2013

SFTP auto login without keys / without password

sftp command doesn't have option to specify password for auto login.

Recently faced this issue while writing a script on SUSE Linux for transferring system performance report to a central location, which is also a SuSE system.

We can accomplish this with "lftp" or "expect" command, but SLES doesn't install those binaries default.

I've to live with what I got, so let’s try how we can accomplish this with sftp command.

The idea is

1.Set "SSH_ASKPASS" environment variable and force "sftp" command to read password from there.

2."sftp" will always ask password if its executing from a terminal, so we need to daemonize sftp command with "setsid" command

Below code snippets will give some idea how we get it to the solution

/* Default path to ASKPASS program */

#define _PATH_SSH_ASKPASS_DEFAULT   "/usr/X11R6/bin/ssh-askpass" 

 * Environment variable for overwriting the default location of askpass


if (use_askpass && getenv("DISPLAY")) {
               if (getenv(SSH_ASKPASS_ENV))
                       askpass = getenv(SSH_ASKPASS_ENV);

                execlp(askpass, askpass, msg, (char *) 0);         


So here we have all parts in place and we need to assemble it.

Now let’s start the real work

1.User name is "testvsftp" and password is "pass123"
2.echo "echo pass123" >/tmp/
3.chmod 755 /tmp/
4.export SSH_ASKPASS=/tmp/
5.export DISPLAY=":0"  # As mentioned in readpass.c code , askpass = getenv(SSH_ASKPASS_ENV); will execute only if we have "DISPLAY" variable set.
6.setsid sftp -o StrictHostKeyChecking=no testvsftp@hostname << EOF

That’s it..!!!..Now you know how to automate sftp login in scripts

Note:-  “StrictHostKeyChecking=no” option in sftp command is to accept keys from SFTP server automatically , otherwise if you are accessing the server first time, it may wait and ask for accepting the keys , eventually your script won’t continue from there.