PDA

View Full Version : Passing an scp/ssh password


pkohler
01-04-2006, 03:05 PM
Hi..

How do you pass along a password when using applescript to automate an scp process?

I have this

property app104 : "cd /Users/dev/Documents/ |scp my.server@my.domain:/export/home/me/filename.bz2"

tell application "Terminal"
run
do script app104
end tell

now, when i mod this to target an unsecure test box, it works fine. but the server i need to get the file from is secure and requires password authentication. I tried :

cd /Users/dev/Documents/ |scp my.server@my.domain:/export/home/me/filename.bz2 |mypassword

but it didnt work

I need to pass the password off as a second command but, when i do this, a second terminal window launches to receive only the password.

Some background on me: I really dont know anything about applescript or Terminal, I'm really just in desperate need of automating this as I need to leech a single file off a bunch of machines daily. I dont know what a shell or a bash is; I'm kind of drowning here pending the replacement of two staff members who have gone on to better things

pkohler
01-04-2006, 03:06 PM
err...

cd /Users/dev/Documents/ |scp my.server@my.domain:/export/home/me/filename.bz2

should read

cd /Users/dev/Documents/ |scp my.server.account@my.domain:/export/home/me/filename.bz2

dmacks
01-04-2006, 03:12 PM
Generate a pair of keys, store the public one on the remote machine, and then you won't need to use a password in the local ssh/scp command.

frankko
01-04-2006, 03:19 PM
If you don't do the keys thing mentioned above, you can try

cd /Users/dev/Documents/ ; echo 'mypassword' | scp my.server.account@my.domain:/export/home/me/filename.bz2

pkohler
01-05-2006, 09:25 AM
Thanks! I can do the keys thing but, will try the last response this afternoon!

I really appreciate the help! You guys are saints!

pkohler
01-05-2006, 10:39 AM
Hi Again!

I tried the line you provided above but got the following error:

"Applescript Error
Terminal got an error: Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,password,keyboard-interactive)."

:(

pkohler
01-05-2006, 11:03 AM
I suppose what I really need to do is pass two scripts into the same terminal window

as if the following would work:

tell application "Terminal"
run
do script "cd /Users/dev/Documents/ | scp filename me@my.server:/export/home/me/filename"
delay 1
do script "my password"
end tell

frankko
01-05-2006, 11:10 AM
I'm not 100% sure what you are trying to accomplish; my only goal was to provide a solution for passing a password to scp. But let's get down to it.

What exactly are you trying to upload from your Documents folder? Because I'm not seeing a source file anywhere in what you've provided. Are you uploading a file called "filename.bz2"? You're probably better off dropping the cd step and just doing something like this:

echo 'password' | scp /Users/dev/Documents/filename.bz2 user@server:/export/home/me/filename.bz2

pkohler
01-05-2006, 11:21 AM
I'm trying to cd to a specific local directory and then scp a file from user@server:/export/home/me/ and stick it in that specific local directory and, while scp'ing, pass the password for user@server off through the same script.

the local machine is a g4 mac, the remote server is a linux box.

I've been accomplishing this manually by cd'ing to the local directory and entering scp user@server:/export/home/me/filename . and then entering the password.

once I enter the scp command, the password prompt pops up a second or two later.

dmacks
01-05-2006, 11:34 AM
echo 'password' | scp /Users/dev/Documents/filename.bz2 user@server:/export/home/me/filename.bz2
ssh interacts with the terminal directly, rahter than reading from stdin. You can't pass the password via a pipe...you'd have to use 'expect' (or some AppleScript or customized fork solution).

frankko
01-05-2006, 11:39 AM
Okay, I see the problem. It wasn't clear to me that you were trying to get something from the server. It looked to me like you were trying to put something up. You want something like so:

echo 'password' | scp user@server:/export/home/me/filename.bz2 /Users/dev/Documents/filename.bz2

At the office, scp/ssh is blocked, so I can't test this myself, but let me know if that works. You might be able to leave off that last "filename.bz2" bit to force scp to keep the original filename on the server, but like I said, I can't test it now.

Also, for the record, for stringing all these commands together, there's a difference between a ';' and a '|'. The ; separates a series of commands, while the | passes the result of the command on the left to the command on the right.

So you may not have noticed, but in my first revision to your script, I changed your | after the cd command to a ;, as you want the script to cd, then do something else. You aren't passing the result of the cd command to scp. But you are passing the result of the echo command to scp to get scp to grab the password. Make sense? (dmacks, echoing a password to scp does work, at least in 10.3.9. I wrote an AppleScript/PHP solution to automate uploading to a server and that's how I did it. I'm not saying what you said won't work, but my way did [I haven't had to use it in Tiger, since I don't work at the job that required the script].)

pkohler
01-05-2006, 12:33 PM
Thank you for all your help!

if I do this:

scp user@server:/export/home/me/filename /Users/dev/Documents/filename | echo 'password'

the password is spewed out towards the end but still not when prompted to


if I do this:

echo 'password | scp user@server:/export/home/me/filename /Users/dev/Documents/filename

the password doesnt seem to be spewed out

is there any easier way of doing this? am I going about this the wrong way?

frankko
01-05-2006, 12:41 PM
The "easy way" would be to do what was suggested earlier, about generating the key pairs. That makes the whole 'passing the password to scp' bit we've been discussing moot.

Also, putting the echo after, although it shows the password, isn't correct. It needs to be before the scp command, because it has to be sent to scp (when it's after, scp has to finish first). And in the case of the "correct way", it shouldn't actually display the password. If it works, the download will just happen and there won't be any errors (note that when you normally enter a password into scp it isn't displayed).

dmacks
01-05-2006, 01:15 PM
On my 10.3.9 machine using Apple's 'scp', echo "pass" | scp user@host:remote-file . still prompts for a password. When I add -v to that scp, that prompt is the first time the keyboard-interactive method is tried (i.e., the piped pass is not being tried and rejected, it's not even seen). I wonder if there's a local ssh config setting that enables it for you?

frankko
01-05-2006, 01:33 PM
I don't know. Maybe it was something that wasn't ever supposed to work and got fixed? I don't remember the last version of 10.3 that I had used the script on (I've since moved on to the key pair method in 10.4), but this was the relevant bit from the PHP script:

$scp = "echo 'password' | scp -r !file! user@server:public/!dest!";
The two things that are noticably different: the -r recursive option, and I was uploading, not downloading.