A few days back we needed to copy some files around in the production environment and the task was given to me.\u00a0 It was one of those rather simple tasks as in the email was some examples from a colleague how I should use scp to get those files copied across.<\/p>\n
I have to admit the syntax was a bit obscure but in general it seemed harmless enough.<\/p>\n
sftp -o IdentityFile=id_rsa_somekey someuser@somemachine.ourdomain.com\r\n<\/code><\/pre>\n<\/div>\nIndeed if I ran that command from my terminal it worked like a champ, well it did after they copied the id_rsa_somekey to our ~user\/.ssh directory.<\/p>\n
This was a great way to connect to the other machine to manually put a file but not all that great for batch copying.\u00a0 I discussed this with my colleague who agreed and suggested that we simply use scp instead – after all it is the same general protocol family.<\/p>\n
So a script was born.\u00a0 It was an awesome script.\u00a0 It was a powerful script.<\/p>\n
\nOPTIONS=\"-o IdentityFile=~batchuser\/.ssh\/id_rsa_somekey\"\r\nEXTSYS_USER=bob\r\nEXTSYS_HOST=somemachine.ourdomain.com\r\nEXTSYS_PUTDIR=\/to_dropoff\r\n\r\nscp $OPTIONS $1 $EXTSYS_USER@$EXTSYS_HOST:\/$EXSYS_PUTDIR\r\n<\/code><\/pre>\n<\/div>\nWell, it at least did get the job done.<\/p>\n
Well, this script actually didn’t get very far when Dave from accounting (wish it was accounting and not IT) decided rather than to fool around with using an internal service that works and has been paid for, we should simply connect directly to the vendor and put the file there instead.<\/p>\n
It wasn’t the technical portion that was the issue for me but rather that John from support was asked to put this together instead of me.\u00a0 I watch John struggle with this for quite a few hours until he realized that it is just not possible to use a key in this manner in a batch script when it is protected by a passphrase.<\/p>\n
Things got a lot easier for John once he decided to remove the passphrase.<\/p>\n
\necho put $1 > batch_file\r\nsftp -b batch_file -o IdentityFile=~batchuser\/.ssh\/id_rsa_key -o Port=20022 -o PreferredAuthentications=publickey externaluser@machine.someotherdomain.com\r\n<\/code><\/pre>\n<\/div>\nI guess I am a bit of a snob.\u00a0 I think that the program directory should contain programs or at least static configuration files.\u00a0 John decided that he would simply create the batch_file in the current working directory.<\/p>\n
I may be a snob, but other than that, Johns script was pretty good.\u00a0 I just kept wondering why he would do it this way instead of using secure copy.\u00a0 I tried it and despite working on our internal machines it failed when I did it to our vendor’s machine.<\/p>\n
exec request failed on channel 0<\/p>\n
\nexec request failed on channel 0 \r\n<\/code><\/pre>\n<\/div>\nI did some research and it seems that the problem is more one of setup.\u00a0 The destination machine was probably setup to accept sftp but not ssh.<\/p>\n
Well, it turns out that the scp command line tool in OpenSSH is implemented using the secure copy protocol which is implemented more like running secure shell commands.\u00a0 It is (apparently) possible to have sftp but not scp configured on your server.<\/p>\n
I did learn a few things about sftp by watching John’s progress, but I did learn with certainty it is impossible to use a private key with a passphrase without entering it interactively.\u00a0 There are other programs such as ssh-agent which can help out but that is a topic for another day.<\/p>\n","protected":false},"excerpt":{"rendered":"
A few days back we needed to copy some files around in the production environment and the task was given to me.\u00a0 It was one of those rather simple tasks as in the email was some examples from a colleague … Continue reading