Hi,
I've been using an automated script with our trading partner for at least 5 years without any issues. The TP recently updated their site (changed their protocol from DNS to HTTPS) and now I cannot run my scripts without getting sFTP "usage" error.

The command I'm using is
sftp id@hostinformation.com <<eoftp >${LOGDIR}/${SFTPMSG} 2>${LOGDIR}/${SFTPERR}
cd ${SFTPDIR}
get ${FILE}
bye
eoftp

I can manually access without any issues but the script wouldn't run.
All the logs I have are coming empty except the one that contains the usage error.
Any help would be greatly appreciated.
Thank you.

It isn't clear why you're talking about DNS vs HTTPS - they are 2 completely different things and the latter wouldn't be used for lookups where the former would for sftp.

Your script suggests you were using default port 22 and had an ssh trust established with the TP.

When it works manually now are you having to input a password?

Did the TP whitelist your outbound IP on their new server?

Did the TP import your ssh key into the user, id, on their new server?

When I checked the only port I see open on hostinformation.com is 80 which is http NOT https. Port 22 (ssh/sftp) will not allow connection nor will port 443 (https). However, it may be I can't connect due to lack of whitelist at the TP for the address I came from. They don't need to whitelist my IP but they do need to whitelist yours.

If in fact they have moved from sftp (not DNS) to https you'd have to modify your script to do something like wget or curl. However, it would be extremely unusual for them to try to force B2B file transfers over https instead of something like ftp, ftps or sftp.

You can do that with SFTP in batch mode, that would be the -b option. The prerequisite for that is key-based authentication.

Sorry, I just had to put something in there as far as the host address goes.
Since I'm connecting to one of the major banks, I couldn't really show you the hostname, etc.
The port we are using is 22 for sure (I've confirmed this.)

So, here is a back story.
The bank and we had .ssh non-interactive connection previously. I was able to run my script and retrieve files as well as send them files.
However, they are planning on updating to this new site where I can only interactively connect and carry out the commands while non-interactive scripts are failing.
When I asked the bank about the changes and directory permission levels, the only answer I heard from them is "those two sites sit in the same Linux server and all set up has been migrated over. so, we don't need to exchange any ssh except, I had to accept a new host key for the site."

It's really confusing that I can type in commands and fetch the files without any issues but the script with the exact same commands will fail...
Do you think I will have to use "curl" or some other commands with the existing script commands?

When you connect "interactively" is it giving you a password prompt?

Are you able to login because you know the password when doing it "interactively"?

If not prompting for password are you seeing any other prompts (e.g. is it asking you to accept new key/fingerprint from the remote)? if so what are the prompts and what are your responses?

When you do it "interactively" are you doing it from the same source USER and SERVER that your script runs as?

The way ssh/sftp work is based on the keys and fingerprints of same for the users involved. To enable a "trusted" connection (i.e. one that works without a password) you have to send the partner a public key (e.g. rsa or dsa) from the user on your side. The user on your side would also have the private key but you don't send that to the partner.
The partner stores the public key in the setup of whatever user on their side you're attempting. When the user on your side attempts the connection it identifies itself to the partner and on verifying it is the user they imported the key for they allow the connection.

It is important that you provide enough detail for people to help you with this.

We've had many partners (including banks) make changes and they almost always provide a document regarding what is changing.

If they've changed the user on their side they'd need to import your key into that new user's setup.

If they've changed the physical server you're attaching to, even if it has the same internet address and user they would need to import the key on the new server into the user.

If they've changed the protocol (e.g. from sftp to ftps) you'd have to work with the new protocol. Although sftp and ftps sound similar, they're completely different. ftps uses SSL certificates rather than keys. Some partners offer both and you should insist on sftp if they do. You can do ftps but would have to research how to do it.

No Prompts what so ever...
I think I solved this problem.
With the new site, I had to add a space between sftp command and cd command.
like:
sftp id@hostinformation.com <<eoftp >${LOGDIR}/${SFTPMSG} 2>${LOGDIR}/${SFTPERR}

cd ${SFTPDIR}
get ${FILE}
bye
eoftp

It seems like having that blank space basically worked as an "enter key" to clear it out to the next command line.
Not sure how and why... never had to do this before... but it still works.

1 members found this post helpful.

What about using the batch mode with keys, as mentioned in #3 above?

From "man sftp"

batch mode worked.
I had an unnecessary line at the very top of my batch file and that's how I figured out needing the space in between sftp command and cd command.
Thanks again for your help!

1 members found this post helpful.

Ok but I did not see the -b in your examples.