I have a client that I transfer files to each night. For years the process has just been a simple FTP process using .netrc and SSH keys to handle the transfers. The client is moving everything to a new server. The new server requires both SSH keys and password authentication for "increased security". They will not drop the password authentication even though I told them I don't think it adds any security over SSH keys.
Logging into their server manually using SSH keys and password authentication works fine. I first though of using a Perl script as it can handle both the keys and the password. However, my server is about 5 years old and does not have the Perl Net::SFTP or Net:Foreign modules installed. I tried installing them but their are so many dependencies that it isn't worth the effort. I can't use CPAN because the server is behind a PCI firewall and does not have internet access.
I have come up with a solution where I have a bash script calling an expect script. That works fine but I am somewhat concerned about reliability in the case of their server being temporarily unavailable. The reason for the bash script is I need to do write status messages to a log file. I will be retrieving the status messages from the log and sending out emails with that information to several individuals.
Does anyone have a better idea of how to handle the sftp/password requirement?
This is my bash script:
Code:
#!/bin/bash
# We have to call the expect script from this script since their server
# requires both a SSH key and a username/password combination to login
# The xxxx file is placed in the myuser home directory by the
# xxxxxxx user's file_grab.sh script on myotherserver
LOG=/home/myuser/mylog.log
DATEDISP=`date +%m%d%Y`
TIMEDISP=`date +%H%M%S`
COMBO=$DATEDISP"_"$TIMEDISP".ABCD"
# rename the xxxxxx file to format required by XXXX
mv "xxxxxx" $COMBO > /dev/null 2>&1
if [ "$?" = "0" ]; then
echo "The xxxxxx file was renamed to $COMBO - `date +"%D %H:%M"`" >> $LOG
else
echo "The xxxxxx file was not found - `date +"%D %H:%M"`" >> $LOG
exit
fi
echo put $COMBO > cmdfile
sleep 2
# call the expect script to send file
/home/myuser/user_expect.sh &
sleep 2
PPID=`ps -ef |grep user_expect.sh |awk '{ print $2 }'`
wait $PPID
rm cmdfile
rm $COMBO
sleep 2
# pick the file back up to confirm it transferred
echo get $COMBO > cmdfile
sleep 2
/home/myuser/user_expect.sh &
sleep 2
GPID=`ps -ef |grep user_expect.sh |awk '{ print $2 }'`
wait $GPID
ls -l |grep $COMBO
if [ "$?" = "0" ]; then
echo "The $COMBO file was successfully transferred to XXXX - `date +"%D %H:%M"`" >> $LOG
else
echo "The $COMBO file transfer to XXXX failed - `date +"%D %H:%M"`" >> $LOG
fi
# remove all references to today's files regardless of transfer results
rm cmdfile
rm $COMBO
This is my expect script:
Code:
#!/usr/local/bin/expect
spawn sftp -b cmdfile ftp.theirserver.com
expect "password:"
send "Bad.1234\n";
expect "sftp>"
expect interact
Any ideas would be appreciated. However due to the age of my server, I will be limited as to what programs I can install.
