Hi Guys,

Hope this is in the correct section! Sorry if not..

This one is driving me nuts! I've been trawling through the Forums in various places and I can't seem to find the answer..

All I want to do is set up a script to make an sFTP connection (ie. to run from CRON, no user interaction) to a customer using key-pair authentication and Password, download some files and then delete them from the remote location. The download and delete should be fairly easy but I'm struggling on the connection..

Everywhere seems to be saying use key_pair on it's own but this customer requires the password in addition to that (this is NOT a password on the key BTW..!). We don't have SSHPASS installed (and I'd like to avoid that if possible) and it is running on CentOS (as far as I am aware).

Any help would be greatly appreciated!

Thanks

What do you mean by it, client or server?

sshpass or an expect script would be a couple of ways to automatically enter a ssh password.

is sshfs a possibility ?

Huh?

I've not tried but I assume the OP's customer is using two factor authentication. Since version 6.2 you can use the AuthenticationMethods directive whereby you can require multiple methods. As the OP stated this is not the same thing as a passphrase. I am guessing this is how the server is configured.

AuthenticationMethods publickey,password

There is also RequiredAuthentications2 directive which is available in Redhat/CentOS in version 6 but not sure where else.

RequiredAuthentications2 publickey,password

1 members found this post helpful.

Sorry - a mistype there! Should have read "we are using CentOS".

So, we need to connect to their server which is running 2 factor authentication. I've not used an expect script before - how do they work?

Just read a bit more on "expect" - so, like SSHPASS, is something that would need to be installed.

Is there any way to accomplish this scripting without having to install anything more - ie. in native scripting (such as BASH)? I have limited access to the server I am using and installing new software would need to go through significant internal processes (and therefore delays)..

Unfortunately, no

Not really. The easy way in that regard is to have expect or sshpass do their thing.

https://github.com/openssh/openssh-portable

Perhaps you could write directly to the relevant tty but that's just a guess.

Because ssh passwords are not entered using a standard tty it can not be done using plain bash as far as I know.

1 members found this post helpful.

OK. I suspected this was the case (due to the lack of stuff on the web about it) but thought I'd try anyway.

Thanks for the updates and suggestions though - I'll see if we can get something through on SSHPASS..

Cheers

A client that allows the specification of both the password and the key might serve. I would try psftp from the putty-tools, or lftp.