[SOLVED] Automatically hand over my password to a server using sftp

Pedroski · 06-19-2019, 07:23 PM

Fixed it!

goDaddy wants rsa keys!

In the beginning I was recommended to use ed25519 because that will replace other key types in future.

This line in the debug gave me the idea to make rsa keys.

Quote:

debug1: Server host certificate: ssh-rsa-cert-v01@openssh.com SHA256:HRNiV8mP/erMipONmcEcpBEqYGX4LE7RpOQdhmA2hXg, serial 0 ID "sg3plcpnl0194" CA ssh-rsa SHA256:/rQIvLr7xvz+/zIt0O2xP7rRFMu+0lLV1w1FJNQZRco valid forever

Now I can sftp and get the files I want automatically.

Turbocapitalist · 06-19-2019, 10:07 PM

Interesting. It seems they might be modifying the keys into certificates. If you ever find out more, it would be great to know what is going on there.

Pedroski · 06-20-2019, 05:38 AM

Thanks for your help!

I successfully used sftp to collect files, download them, then delete them on the server. Exactly what I wanted!

So simple, I am still amazed! I will need this next term.

If, and only if, you have time:

I'd like to know what this line you gave me does:

Quote:

sed -i.bak 's/^/command="internal-sftp" /;q' ~/.ssh/webpage_ed25519_key.pub

Turbocapitalist · 06-20-2019, 05:55 AM

Sure. You can compare ~/.ssh/webpage_ed25519_key.pub and ~/.ssh/webpage_ed25519_key.pub.bak

All that sed script does is prepend command="internal-sftp" to the public key, while keeping a backup copy. The -i.bak renames the original by appending .bak to the name. The pattern ^ is an anchor to the beginning of the line. s/// is, of course, the substitute command. I figured it was less complicated than saying to find any method you like to prepend command="internal-sftp" to the public key.

So if the public key was like this before:

Code:

ssh-ed25519 AAAAC3NzaC1lZDI1N ... oDZmcveerQq53dm/o9j pedroski's sftp login

Then it will be like this afterwards:

Code:

command="internal-sftp" ssh-ed25519 AAAAC3NzaC1lZDI1N ... oDZmcveerQq53dm/o9j pedroski's sftp login

And what that does is make that key usable only for SFTP as a first step in locking it down. If the authorized_keys file on the remote server is accessible then it can be replaced. But if nothing else, it adds an extra step for anyone who has succeeded in stealing the key.

See the manual page for sed and http://www.grymoire.com/Unix/Sed.html