Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm still playing around with some FTP Scripts that I have been working on for some time.
I have needed to adapt my original script to use SFTP. However many other things have changed as a result.
I've got the script working using Expect to pass the password (keys aren't an option unfortunately) I do understand that Expect is not secure, and therefore negates the need for SFTP but unfortunately there's no other option I think.
As it stands the scripts work.. but I want to add some logging.
I've read lots about this, and I know that you can examine the return code of the SFTP Session, however to do this you have to run SFTP in batch mode? However, can you run SFTP in batch mode and still pass the password using Expect?
Code so far:
Code:
D=$(date +%d%m%y)
HOST=XX.XX.XX.XX
USER=ftpxfer
PASS=xxxxx
FTPLOG=/tmp/ftplogfile2
FILES=*$D*.csv.pgp
PORT="Port=10022"
#Change into the working directory
cd /sitsimp
#Download all *.csv.pgp files that contain today's date
/usr/bin/expect <<!
spawn sftp -o$PORT $USER@$HOST
expect "password:"
send "$PASS\r"
expect "sftp>"
send "mget $FILES \r"
send "bye \r"
!
for i in $FILES; do
gpg --batch --passphrase-file /root/.gpgpass --output /storage/${i%.pgp} --decrypt $i
done
I've tried just adding:
Code:
spawn sftp -b -o$PORT $USER@$HOST > $FTPLOG
But unfortunately it does not work.
I've also tried adding some of the SFTP Commands into a batch file, however it does not work either, assuming this is to do with the session being run within expect?
I think I have found a rough way of doing it.. it seems to work okay. However I now have another problem! I'm now running two FTP Sessions, one to capture the list of files and then another to download the files if they exist.
When I run the IF statement on the variable that holds the list of files it seems to return nothing even though the list contains a valid file:
Code:
#!/bin/bash
D=$(date +%d%m%y)
HOST=X.X.X.X
USER=ftpxfer
PASS=xxxxxx
FTPLOG=/tmp/ftplogfile2
FILES=*$D*.csv.pgp
PORT="Port=10022"
FTPLIST=/tmp/ftplist
cd /sitsimp
/usr/bin/expect <<! > $FTPLIST
spawn sftp -o$PORT $USER@$HOST
expect "password:"
send "$PASS\r"
expect "sftp>"
send "ls\r"
send "bye\r"
expect eof
!
if grep "$FILES" $FTPLIST ; then
/usr/bin/expect <<! > $FTPLOG
spawn sftp -o$PORT $USER@$HOST
expect "password:"
send "$PASS\r"
expect "sftp>"
send "mget $FILES \r"
send "bye \r"
expect eof
!
for i in $FILES; do
gpg --batch --passphrase-file /root/.gpgpass --output /storage/${i%.pgp} --decrypt $i
done
if fgrep "100%" $FTPLOG ; then
else
echo -e "File did not download, send email!"
fi
else
echo "No file today"
fi
The bit that seems to have the problem is:
Code:
if "$FILES" $FTPLIST; then
It returns no file every time.
If I add:
Code:
cat $FTPLIST
I can see the list of files, so they are there to be searched.
I got over the original problem by using a similar method, by redirecting the whole session to a file and searching for 100% which seems to work, albeit not elegant.
that sux. you can continue to try to hax something up but it mite be less time consuming and energy to schedule a meeting with your executive manager, development manager and automation manager and convince them that using keys will be easier and more secure (you will probably need to cook up some numbers on cost savings for programming/maintenance as well as in the event your company gets sued for privacy breaches).
However, can you run SFTP in batch mode and still pass the password using Expect?
Yep, rather counterintuitively you want to set -oBatchMode=no in addition to -b. Quickly scanning your first post, I would just use sshpass instead of expect but each to their own. Another thing, you want to "get" your files. No need for "mget" with sftp, in fact on MacOS and Slackware sftp has no mget command, just use get with wildcards in the filename. I think you could probably do something like this to achieve what you desire:
Your other option would be to use a different client that supports the sftp protocol and can be scripted, e.g. lftp or curl (when compiled with libssh2 present). In my experience curl is very slow when using sftp (though that might just be for uploads), so I would personally go for lftp. Unless speed is not an issue because curl does work nicely in all other aspects.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.