SFTP isn't working through unix shell script

-1

1

I am trying to do sftp through a unix shell script and getting the error

Host key verification failed. Connection closed

However when I do sftp manually like below, its working

sftp -b batch_file user@remoteserver

batch_file contains lcd, cd and put commands.

Script:

#get inputs parameters
file=$1
dir=$2
sftp_node=$3
dest_dir=$4
dol=$

original_dir='eval echo $dol$dir'
dest_dir='eval echo $dol$dest_dir'

cd $original_dir
sfile='ls -lt ${file}* | head -1'

#To execute sftp in batch mode

rm $SCRIPTDIR/sftp_batch_file.txt

echo "lcd $original_dir" > $SCRIPTDIR/sftp_batch_file.txt
echo "cd $dest_dir" >> $SCRIPTDIR/sftp_batch_file.txt
echo "put $sfile " >> $SCRIPTDIR/sftp_batch_file.txt

sftp -oPort=56050 -b $SCRIPTDIR/sftp_batch_file.txt user@servername
s=$?

if [ $s -eq 0]
then 
echo "$original_dir/$sfile sent to $dest_dir/$sfile  on server"
exit 0
fi

Manual run Log:

OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug1: Connecting to server [123.456.789.000] port 12345. debug1: Connection established. debug1: identity file /home/.ssh/id_rsa type 1 debug1: identity file /home/.ssh/id_rsa-cert type -1 debug1: identity file /home/.ssh/id_dsa type -1 debug1: identity file /home/.ssh/id_dsa-cert type -1 debug1: identity file /home/.ssh/id_ecdsa type -1 debug1: identity file /home/.ssh/id_ecdsa-cert type -1 debug1: Remote protocol version 2.0, remote software version SFTP Server debug1: no match: SFTP Server debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.3 debug1: Unspecified GSS failure. Minor code may provide more information Credentials cache file '/tmp/krb5cc_3732' not found

debug1: Unspecified GSS failure. Minor code may provide more information Credentials cache file '/tmp/krb5cc_3732' not found

debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-cbc hmac-sha1 none debug1: kex: client->server aes128-cbc hmac-sha1 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY debug1: Host '[server]':12345 is known and matches the RSA host key. debug1: Found key in /home/.ssh/known_hosts:24 debug1: ssh_rsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: password,publickey,keyboard-interactive debug1: Next authentication method: publickey debug1: Offering public key: /home/.ssh/id_rsa debug1: Server accepts key: pkalg ssh-rsa blen 277 debug1: read PEM private key done: type RSA debug1: Authentication succeeded (publickey). debug1: channel 0: new [client-session] debug1: Entering interactive session. debug1: Sending environment. debug1: Sending env LANG = en_US.UTF-8 debug1: Sending subsystem: sftp sftp> lcd sftp> cd sftp> put filename Uploading filename to /filename debug1: client_input_channel_req: channel 0 rtype exit-status reply 0 debug1: channel 0: free: client-session, nchannels 1 debug1: fd 0 clearing O_NONBLOCK Transferred: sent 4832, received 2696 bytes, in 0.6 seconds Bytes per second: sent 8159.3, received 4552.4 debug1: Exit status 0

Script run Log:

OpenSSH_7.5p1, OpenSSL 1.0.2m 2 Nov 2017 debug1: Reading configuration data /etc/ssh/ssh_config debug1: init_func_ptrs success debug1: Value of krb5 is 1 debug1: Value of gssapi is 1 debug1: Connecting to server [123.456.789.000] port 12345. debug1: Connection established. debug1: key_load_public: No such file or directory debug1: identity file /home.ssh/identity type -1 debug1: key_load_public: No such file or directory debug1: identity file /home.ssh/identity-cert type -1 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_7.5 debug1: Remote protocol version 2.0, remote software version SFTP Server debug1: no match: SFTP Server debug1: Authenticating to server:12345 as 'user' debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: algorithm: diffie-hellman-group-exchange-sha256 debug1: kex: host key algorithm: ssh-rsa debug1: kex: server->client cipher: aes128-cbc MAC: hmac-sha2-256 compression: none debug1: kex: client->server cipher: aes128-cbc MAC: hmac-sha2-256 compression: none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(2048<8192<8192) sent debug1: got SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: got SSH2_MSG_KEX_DH_GEX_REPLY debug1: Server host key: ssh-rsa SHA256:U2JlOXEu69uw4l+TGqDBRxnaH+Mjf12WeHc4IGd6lcI debug1: checking without port identifier Host key verification failed. Connection closed

Please help me to identify and fix the issue.

Mr BB

Posted 2018-10-22T13:55:36.853

Reputation: 1

If you expect an answer, you should provide more details. – RalfFriedl – 2018-10-22T14:19:25.387

When you "do sftp manually", you do not use -oPort=56050. – Martin Prikryl – 2018-10-23T14:24:38.373

if i don't see oPort, it throws error as that port# is onlu allowed. even manually, i used oPort – Mr BB – 2018-10-23T14:39:57.150

So edit your question to show that. There's no oPort in your manual command in the question. – Martin Prikryl – 2018-10-24T05:42:51.783

Also add -v switch to both manual and script sftp and show us their output. – Martin Prikryl – 2018-10-24T05:43:41.500

Updated my question with the -v logs. Please check. I see there are some differences – Mr BB – 2018-10-24T11:58:23.100

Are you even running it manually and in a script on the same machine? Because each run uses a different version of OpenSSH. – Martin Prikryl – 2018-10-24T12:03:40.280

Yeh, I found that difference in Versions. However, I am running on the same machine both manually or script. Will it make any difference with .sh and .ksh scripts ? – Mr BB – 2018-10-24T13:05:17.063

What do you get from which sftp in shell and in script? – Martin Prikryl – 2018-10-24T13:15:19.110

Yeah..! I checked again now. the machines are different and the shebang line also needed a correction. – Mr BB – 2018-10-24T13:56:08.683

Answers

0

how do you authenticate with the server? sftp batch mode can't work with interactive authentication methods (it wan't prompt for user and password, you must supply credentials on the command line)

if your sftp uses password run:

sftp -b batch_file user:password@remoteserver

Ohad Cohen

Posted 2018-10-22T13:55:36.853

Reputation: 239

I wanted to do the sftp without hard-coding the password in the script. I changed my script like this sftp user@server << EOF; lcd source_dir ; cd dest_dir; put file; EOF – Mr BB – 2018-10-22T14:28:03.680

Asked: 2018-10-22T13:55:36.853

Viewed: 235 times

Active: 2018-10-24T11:57:35.250