160 likes | 342 Vues
Automated SFTP. Windows and SUN Linux and SUN. Vocabulary. Client = local=the machine generating the SFTP request Server = remote = the machine willing and ready to accept the SFTP request. Why. Security! Why since all traffic is behind the firewall?.
E N D
Automated SFTP Windows and SUN Linux and SUN
Vocabulary • Client = local=the machine generating the SFTP request • Server = remote = the machine willing and ready to accept the SFTP request
Why • Security! • Why since all traffic is behind the firewall? “only 14% of network security breaches originate outside the network “ Steve SolomonPresident and CEO of Citadel
WinSCP • Install WinSCP • Run WinSCP • Cache the host key • Answer “Yes”
Command Line on Windows • Path to the executable • Log communication • Helps with troubleshooting • Name of the script • Run at the DOS command prompt "Program Files\WinSCP\WinSCP.exe" /log="C:\sftplog" /script="C:\suntransfer.txt"
Script Windows to SUN The below script will place a copy of a file currently in the c:\ folder on the Windows machine, on to the user’s home directory on the SUN # Automatically answer all prompts negatively not to hang # the script on errors option batch on # Disable overwrite confirmations option confirm off # Connect using a password open username:password@172.19.13.10 # Change remote directory cd /home/username # Set mode transfer option transfer ascii # Upload file from the local directory C:\ to $HOME put “C:\MYFILE” MYFILE # Disconnect close # Exit WinSCP exit
Script SUN to Windows The below script will place a copy of a file currently in the user’s home directory on the SUN, on to the c:\ folder on the Windows machine. # Automatically answer all prompts negatively not to abort # the script on errors option batch on # Disable overwrite confirmations option confirm off # Connect using a user name and password open username:password@172.19.13.10 # Change remote directory cd /home/username # Set mode transfer option transfer ascii # Download file to the local directory C:\ from $HOME get MYFILE "C:\MYFILE" # Disconnect close # Exit WinSCP exit
SUN to Linux Basics • Linux must be running SFTP client/server • Network must allow traffic on port 22 • Generate Key pairs • Place public key • Allows passwordless authentication • Command line scp • sftp with a batch file
Generate Key Pairs • On the client (linux) run: • Hit enter to answer all the prompts • This generated 2 files in your $HOME/.ssh directory: • Chmod on .ssh to 700 • Chmod on id_dsa to 600 • /opt/security/openssh3.1/bin/ssh-keygen -t dsa id_dsa id_dsa.pub
Place Public Key on Server (Sun) • copy the contents of id_dsa.pub to a file in your .ssh directory on to the Sun machine to a file named authorized_keys • Use interactive sftp initiated on the client to do this • Be sure contents is copied as one continuous line. • Be sure the last part of the line is the string passed when you connect, such as: $ sftp username@123.123.123.222 Connecting to 123.123.123.222... Warning: Permanently added '123.123.123.222' (DSA) to the list of known hosts. mylinuxname@123.123.123.222's password: sftp> mkdir .ssh sftp> cd .ssh sftp> put /home/mysun/.ssh/id_dsa.pub authorized_keys Uploading /home/mysun/.ssh/id_dsa.pub to /home/mylinuxname/.ssh/authorized_keys /home/mysun/.ssh/id_dsa.pub 100% 602 0.6KB/s 00:00 sftp> bye myname@linuxbox or myname@123.123.123.123
Command scp • Enter this command on the Linux System to transfer a file from the SUN to the Linux: • Enter this command on the Linux machine to get a file on the Linux box and place it on the SUN System • Or use SFTP with a batch file on the Linux box • Batch file contents: • Command to activate the batch file: scp mysunname@123.123.123.222:myfile /home/mylinuxname/myfile scp /home/mylinuxname/myfile mysunname@123.123.123.222:myfile get /home/mysunname/myfile /home/mylinuxname/myfilebye sftp –b /path/to/mybatchfile mylinuxname@123.123.123.222
Helpful Tip • If another version of SFTP is used on a windows machine, it may not deal with end of line very well. • Run dos2unix command on the SUN dos2unix badfile > goodfile