Hello,

I've been searching through similar threads and can't find the scenario that I'm encountering.

We use a Windows server running an SFTP program for our external partners to access necessary files. I have a script which runs on a RedHat Linux server and generates a file that needs to be sent to the Windows server so an external vendor can pick it up.

I would like the script to take advantage of keys and avoid putting the password in the scripts. On the Linux server, I log in and run the script as user "jobsub".

Our Windows Admin set up an account for me in the Windows server SFTP program with credentials "ftpuser", "password". I do not have an actual logon account to the Windows server itself. I can successfully log in from Linux using "sftp ftpuser@WindowsServer" and then providing the password when prompted from the command line in Linux.

Our Windows Admin also supplied me with a public and private key which was generated from the Windows Server. I took the public key and added the contents on the Linux server to the authorized_keys file of the "jobsub" user in location /home/jobsub/.ssh/authorized_keys. However, this does not work and when I type sftp ftpuser@WindowsServer on the Linux command line, I'm still prompted for the password.

I'd be very appreciative if someone would advise me on the errors that I'm making.

Thank you.

Usually to avoid having to authenticate each and every time you would first run ssh-agent after logging in and load your keys. Another way would be to wrap a script around it using the expect language but that would defeat the whole authentication thing as you store your pass phrase on disk. Another way (usability depends on policies, data confidentiality, risk, etc, etc) could be to use a pass phrase-less key but then you'd have to enable auditing, logging and reporting on both sides to detect tampering, limit access by user and IP address, by commands it can execute and by chrooting it. Another way (if quite surprisingly things would be easier to set up on the mcrsft side ;-p) could be to pull the file instead of your Linux server pushing it?.. Another way (maybe too far-fetched) could be to use just plain 'ol anonymous chrooted FTP but over a VPN tunnel?