Automating SFTP between two servers
Recently there was a requirement to schedule a cron job which would copy couple of files from server1 to server2. Both the servers have secure login enabled. Normal FTP do not work under these conditions. If sFTP is executed, it will always ask for password of the remote site. Hence, for sFTP to run successfully, without any authentication, it is required to set up private/public key authentication.
Let’s see how we can setup this particular configuration.
To start with, we need to generate the keypair on the server that you want to connect from i.e server1 in this case. Execute the following command connected as the user that you will use in sFTP.
$ ssh-keygen -t rsa Generating public/private rsa key pair. Enter file in which to save the key (/export/home/oracle/.ssh/id_rsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in .ssh/id_rsa. Your public key has been saved in .ssh/id_rsa.pub. The key fingerprint is: c1:21:e 3:01:26:0d:f7:ec:52:0e:0c:90:9b:6e:d8:47 oracle@server1
Note that we haven’t entered anything in passphrase. Its important! if you enter passphrase then you will have to enter the same in order to use the private key, which will nullify the task of automating the sFTP as it will ask for password everytime you login into remote server (server2).
The public key is generated in
/export/home/oracle/.ssh/id_rsa.pub
Once the key is generated, it has to be registered with the other server (server2) to which we will connect to. Login into any user of your choice on the remote server (server2) and check for the existance of .ssh directory in users home directory. if the .ssh directory does not exist, then create a directory .ssh in users home directory. In .ssh directory, create a text file by name “authorized_keys”. In authorized_keys file add the contents of id_rsa.pub file generated above on server1. This would look something like this :
ssh-dss AAAAB3NzaC1kc3MAAACBAN8sZDATbd8U3V6xs6kb4mKilmtqDGtPEgPESW8NiLmQOKmm14Oe51LHvGZjoTUMGXrPoeyBtFwXZQwwGdsQfNvqD6NiD1I dYfBxm2nZn+lS37qkstZErpHX9q7hGMnvF/n7TbIHGpVeUbiXSRUtYIsNki9KhzSljOmayyZ1HjXxAAAAFQDrvdmqRJKlxOykfxm6TewRwV11zQAAAIBDVvy+gA7 /0hmOS9XI7hYZgOjJXEsE+2JLC0gzN840kNtu4MgtwRsKEk8JibQvzpmHdL+myBHdRjz5JveHhp2BsJnUmXCcop5WkHyFaz3ZLICg0YDL++Oossq/mO4jqDzzBz5 RexgCLOq8caStVjZ+ORNkojVdNCOU581hj/LJYgAAAIBilErAwrInQtDHp0F6hGgNyY+avnKEMSTmZgjX0wv5Yxy1VJL4NDgmXuVQPUj8Kau64Akv4dYuhb9w9hA jdi0Njhyib3qf2kTHk2yBxEjWen91sHoGpsNOLF2m9pE60D7u7M0cW6WtwKK+BdWo312okivqhALhLpdoQKk8IvCwSg== oracle@server1
Once the above tasks are complete, the sFTP can be now automated and should not ask for authentication password.
$ sftp oracle@server2 Connecting to server2... sftp>
The private key has matched the public key, hence the sftp is authorized to login into server2.
Leave a comment
Praveen Akkivalli.
I have been working with Oracle technologies for 11 years. Have worked as developer as well as DBA. So my development skills have always helped me in writing automation unix and PL/SQL scripts for my DBA tasks. The basic reason for me getting into Oracle technology is the fascination to know how it works internally. I still have to learn many things in this technology. That's why I am here with the blog.
Recent Comments
Miracles of Oracle 
Hello there, You have performed an excellent job. I’ll certainly digg it and in my view recommend to my friends. I am confident they’ll be benefited from this web site.