using sftp with ssh script scheduled by a cron

Discussion in 'Server Operation' started by GioMBG, Sep 1, 2011.

  1. GioMBG

    GioMBG New Member

    Hi ALL,
    this is my first ssh script to automate some backup via sftp:

    echo "OK, starting now..."
    tar -zcvf binary404.tar.gz /var/www/vhosts/binary404
    sftp [email protected]
    put /root/binary404.tar.gz /
    echo "OK, all work done..."
    - the script make the tar
    - after regular connect to but...
    - put comand don't happens :|

  2. Ben

    Ben ISPConfig Developer ISPConfig Developer

    The problem you will face is the password dialog. If sftp does not allow you (like scp doesn't) to directly add the password as parameter you need to "capture" it and send the password.

    I tried sth similar some years ago and I think to remember I used "expect" or "autoexpect" to solve this. But as you need to store the password hardcoded anyway, you might think of key based authentication. Just keep in mind that you have a kind of trust which may aid an attacker to access your backup machine as well, once compromised your source machine. (But this would be the case when storing the password as well).

    By this time then I ended up using ftps as the access is at least "jailed" to the users dir in the ftp server, whereas it needs much more work to jail an ssh user just for transferring encrypted backups.

    Another solution could be to use samba, and place a truecrypt container on that share. So when the backup starts, mount the smb share, then mount the truecrypt container and store your backup there. With this you have at least encrypted data packets (truecrypt) on an unencrypted channel (samba), eventhough you need to decrypt when trying to access the backup from wherever.
  3. GioMBG

    GioMBG New Member

    Hi Ben

    Hi Ben,
    I just follows a procedure to save my id_rsa onto my machine and sftp server properly to not save my sftp credentials to my script and go VERY WELL!:
    take from:
    For automatic authentication in an interactive context, you should use public-key authentication with ssh-agent, hostbased authentication, or Kerberos if available. To use ssh-agent, first get public-key authentication working without it, so that SSH works but you must enter your key passphrase each time you connect. Then simply type:
      % eval `ssh-agent`
      % ssh-add <private key file> # e.g. ~/.ssh/id_RSA
      % ssh-add -l
    thx to hetzner tutorial:
    echo mkdir .ssh | sftp [email protected]
    scp backup_authorized_keys [email protected]:.ssh/authorized_keys
    in fact to be sure about this I run the script that regive me the ssh console and I try directly to input via ssh the cmd
    put /var/www/vhosts/binary404/config.php /pippo/config.php
    and go (without digit any paswd) on other machine via sftp

    my problem is only that I don't know how to write the script to run the second (textarea) sftp cmd

  4. Ben

    Ben ISPConfig Developer ISPConfig Developer

  5. GioMBG

    GioMBG New Member

    RESOLVED! using sftp with ssh script scheduled by a cron

    Hi Ben,
    I search for two days, as always I do before ask help... but the problem was another...
    I have try to check if I have sftp in my installed package and this was the error because when I install ftp everythink go to the solution.

    Thanks for EOF now I have errors = 0 in my script!

    HOST='[email protected]'
    sftp $HOST <<EOF
    cd /backup
    put $FILE


Share This Page