How to send password using sftp batch file

Question

I'm trying to download a file from sftp site using batch script. I'm getting the following error:

Permission denied (publickey,password,keyboard-interactive).
Couldn't read packet: Connection reset by peer

When running the command:

sftp -b /home/batchfile.sftp <user>@<server ip>:<folder>

the batchfile.sftp includes these data:

password
lcd [local folder]
cd [sftp server folder]
get *
bye

Note: It's working when running at the prompt as

sftp <user>@<server ip>:<folder>

But I need the ability to enter the password automatically.

Is it working, by removing the password from the batchfile ? Does the remaining functionality work well, by entering the password manually? — mtk, Aug 01 '12 at 08:03
Storing the password in plain text in a file is obviously not secure - if you don't want to type in a password every time I strongly suggest using RSA key authentication. — lindhe, Nov 01 '14 at 00:15
@lindhe Storing the password in a plain text file is obviously going to be just as secure as using RSA key authentication without a password on the key. Which is really the only option if you're going to automate things. Just make sure the plain text file is only readable by the owner of the file (just like what is required for ssh keys) — Ferry Boender, Dec 31 '16 at 15:24
just a thought, but one approach I use that seems as secure as local private ssh keys is to put the file in the ~/.ssh directory with same perms as .ssh/{your_private_keyfile_name}. I do not recommend the approaches below that put the password in .bashrc, especially putting it in an export variable. .bashrc gets read by soooo many processes, and the password is in "plain text" in your environment variables. When in doubt, do it .ssh style :) — jatal, Mar 03 '18 at 20:41

score 61 · Answer 1 · answered Feb 01 '14 at 04:56

61

You'll want to install the sshpass program. Then:

sshpass -p YOUR_PASSWORD sftp -oBatchMode=no -b YOUR_COMMAND_FILE_PATH USER@HOST

Obviously, it's better to setup public key authentication. Only use this if that's impossible to do, for whatever reason.

answered Feb 01 '14 at 04:56

Joe Van Dyk

6,828
8
57
73

2

Thank you! This is the only comment that actually answers the question. There are times it's simply not possible to get a keyfile. – jbrown Apr 29 '15 at 14:40
2

To do this safer put `export SSHPASS='your_password'` to `~/.bashrc` and run with `-e` flag. I have used this cmd in some project like this: `echo 'ls -t upload/*.xml' | sshpass -e sftp -oBatchMode=no -b - user@example.com | grep -v "sftp>" | head -n1` – Lev Lukomsky Nov 25 '15 at 17:38
1

Taking @Lev Lukomsky's a step further you'd want to remove group and world read permissions from ~/.bashrc. – RegularlyScheduledProgramming Feb 01 '16 at 13:24
1

I recommend "not" putting in .bashrc because that is a promiscuous file read all the time. And especially don't put your password in an exported variable or anywhere that shows up in .bash_history... both are basically going to put it in plain text and keep it resident in memory... no good. put it in your .ssh/ directory, in a file with same permissions as your ssh private key, and never use it in a way that keeps it resident in memory, displayable by 'ps', or in your environment. Stay ssh'y ! – jatal Mar 03 '18 at 20:46
Also see https://stackoverflow.com/questions/5386482/how-to-run-the-sftp-command-with-a-password-from-bash-script using sshpass -e and the SSHPASS env var is a safer way to go rather than passing the password on the command line which is visible to all users on the host. – DogBoneBlues Jul 10 '18 at 20:36
Thanks for this! It never ceases to amuse me how one program uses an option but in order to use that option you have to tell the helper program not to use that option... use SFTP with a batch file but tell SSH not to use a batch file. Brilliant :-) – Paul Littlefield May 12 '23 at 16:03

score 24 · Answer 2 · answered Feb 06 '14 at 00:47

If you are generating a heap of commands to be run, then call that script from a terminal, you can try the following.

sftp login@host < /path/to/command/list

You will then be asked to enter your password (as per normal) however all the commands in the script run after that.

This is clearly not a completely automated option that can be used in a cron job, but it can be used from a terminal.

score 2 · Answer 3 · edited Oct 25 '18 at 18:10

2

PSFTP -b path/file_name.sftp user@IP_server -hostkey 1e:52:b1... -pw password

the file content is:

lcd "path_file for send"

cd path_destination

mput file_name_to_send

quit

to have the hostkey run:

psftp  user@IP_SERVER

edited Oct 25 '18 at 18:10

DanB

2,022
1
12
24

answered Oct 25 '18 at 14:39

user10558384

21
1

for Windows user, `psftp` is a command line tool installed together with [PuTTY](https://www.putty.org/) while `sshpass` is not available. see https://the.earth.li/~sgtatham/putty/0.52/htmldoc/Chapter6.html – Rohim Chou May 19 '23 at 03:40

akond · Answer 4 · 2013-07-21T01:04:53.647

1

I advise you to run sftp with -v option. It becomes much easier to fathom what is happening.

The manual clearly states:

The final usage format allows for automated sessions using the -b option. In such cases, it is necessary to configure non-interactive authentication to obviate the need to enter a password at connection time (see sshd(8) and ssh-keygen(1) for details).

In other words you have to establish a publickey authentication. Then you'll be able to run a batch script.

P.S. It is wrong to put your password in your batch file.

edited Jul 21 '13 at 01:04

answered Jul 21 '13 at 00:58

akond

15,865
4
35
55

6

I downvoted this answer because it is the opposite of what the question asks. The "P.S." element seems like a topic that is worthwhile to explore. Things are rarely "right" or "wrong" but compromises and tradeoffs of different factors. – greggles Aug 24 '17 at 19:47

FjodrSo · Answer 5 · 2015-05-18T16:55:26.990

You mention batch files, am I correct then assuming that you're talking about a Windows system? If so you cannot use sshpass, and you will have to switch to a different option.

Two of such options, that follow diametrically opposite philosophies are:

psftp: command-line tool that you can call from within your batch scripts; psftp is part of the PuTTY package and you can find it here http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
Syncplify.me FTP Script: a scriptable FTP/S and SFTP client for Windows that allows you to store your password in encrypted "profile files"; check it out here http://www.syncplify.me/products/ftp-script/

Either way, switching from password to PKI authentication is strongly recommended.

score 1 · Answer 6 · edited Jul 31 '20 at 09:11

You need to use the command pscp and forcing it to pass through sftp protocol. pscp is automatically installed when you install PuttY, a software to connect to a linux server through ssh.

When you have your pscp command here is the command line:

pscp -sftp -pw <yourPassword> "<pathToYourFile(s)>" <username>@<serverIP>:<PathInTheServerFromTheHomeDirectory>

These parameters (-sftp and -pw) are only available with pscp and not scp. You can also add -r if you want to upload everything in a folder in a recursive way.

score 0 · Answer 7 · answered Jul 18 '22 at 07:08

0

This command will help you

sshpass -p MYPASSWORD sftp MYUSERNAME@HOST

answered Jul 18 '22 at 07:08

Kasthuri Shravankumar

491
4
11

score 0 · Answer 8 · answered Mar 17 '23 at 14:27

One can do that by using standard expect tool:

SFTP_SERVER='myserver.com'
SFTP_USER='mysftp_user'
SFTP_PWD='12345'

SFTP_BATCH=sftp.bat  #existing batch file with sftp commands to execute

SFTP_IGNORE_PUBKEY='-o "PubkeyAuthentication=no"'   # optional param

expect <<EOF
        set timeout 120
        spawn sftp -q -o "BatchMode=no" $SFTP_IGNORE_PUBKEY -b "$SFTP_SCRIPT" "$SFTP_USER@$SFTP_SERVER"
        expect  {
            -nocase "Are you sure you want to continue connecting (yes/no)?" { send "yes\r" ; exp_continue}
            -nocase "*password:" { send "$SFTP_PWD\r"; exp_continue }
            -nocase -re "failed|invalid password|timeout" abort
        }
        catch wait result
        exit [lindex \$result 3]  #catch and forward sftp result code
EOF
    rc=$?
echo $rc

Here:

-o "BatchMode=no" to allow interaction
-q - quite execution, avoids having long 'server greetings' msg in log
expect code to answer yes and password when needed, as well as intercept exit code of sftp process.

How to send password using sftp batch file

8 Answers8

Linked

Related