Tutorials

Automating SFTP in AIX 5L

This document talks about Automating SFTP in AIX 5L:

I First step is to install openssh installed in your Unix server.

(If you already have SSH installed, skip and move to step II)

 

IBM's openssh software for AIX V5L (e.g. 5.1,5.2 & 5.3) can be downloaded from the following web site:

http://sourceforge.net/projects/openssh-aix

Select: openssh-aix51 openssh-3.8.1p1_51.tar.Z

Save file openssh-3.8.1p1_51.tar.Z to disk.

There is also a link to the openssl download web site:

https://www6.software.ibm.com/dl/aixtbx/aixtbx-i?S_PKG=dlaixww&S_TACT=&S_CMP=

Summary: Download latest OpenSSL rpm image. Openssl-0.9.7d-2.aix5.1.ppc.rpm <---works with all releases of AIX 5L

Before using OpenSSH, you will need the OpenSSL cryptographic library on your system. You can download the rpm image for the OpenSSL library from: https://www6.software.ibm.com/dl/aixtbx/aixtbx-i?S_PKG=dlaixww&S_TACT=&S_CMP=(Quick, 3 minute registration is required).

Installing the software: You MUST install the openssl rpm before installing the openssh file set. Use the rpm command to install openssl

# rpm \-i openssl-0.9.7d-2.aix5.1.ppc.rpm    <---this version of openssl will work with AIX 5.1,5.2 & 5.3

# /usr/sbin/updtvpkg    <---This command syncs up AIX ODM with rpm database. It will take several minutes to finish.

To list the installed rpms.

# rpm \-qa

Use smit to install the openssh software: Uncompress and untar the openssh-3.8.1p1_51.tar.Z

  1. uncompress openssh-3.8.1p1_51.tar.Z
  2. tar -xvf openssh-3.8.1p1_51.tar
  3. smitty install_all

(Accept the license agreement for openssh)

After the installation successfully completes it should have started the sshd daemon.

To list the installed openssh software

# lslpp \-l \|grep ssh

To check if the sshd daemon is active

# lssrc \-s sshd

To start the sshd daemon if inoperative.

# startsrc \-s sshd

To stop the sshd daemon if needed.

# stopsrc \-s sshd

After a successful installation, by default the sshd daemon is configured to start now and on every reboot.

Testing your OpenSSH installation:

# ssh root@server_name

Or

# sftp root@server_name

II Using sftp in a script (with RSA/DSA Authentication)

To use sftp in a script without user interaction, we will need to set up RSA Authentication and then pass a batch file containing the transfer commands to sftp.

For this explanation, we will assume that the local machine's hostname is machineA, and the remote machine's is machineB. We will also assume that the username of the user who will be doing the sftp is 'sftpuser'. Required user input is denoted by bold monospaced text.

1) Generate RSA key pair and verify that the keys are there

sftpuser@machineA# ssh-keygen \-t dsa

Generating public/private dsa key pair.

Enter file in which to save the key (/home/sftpuser/.ssh/id_rsa): <ENTER> Enter passphrase (empty for no passphrase): <ENTER> Enter same passphrase again: <ENTER> Your identification has been saved in /home/sftpuser/.ssh/id_rsa. Your public key has been saved in /home/sftpuser/.ssh/id_rsa.pub. The key fingerprint is: b7:95:f7:a0:e1:52:01:d5:ec:48:e3:73:f7:45:40:46 sftpuser@machineA

sftpuser@machineA# cd \~/.ssh sftpuser@machineA# ls \-l total 32 \-rw----\--\-   1 sftpuser     staff          883 Nov 07 11:41 id_rsa \-rw-r--r-\-   1 sftpuser     staff          222 Nov 07 11:41 id_rsa.pub \-rw-r\--r-\-   1 sftpuser     staff          915 Nov 06 12:30 known_hosts \-rw------\-   1 sftpuser     staff         1024 Nov 07 11:40 prng_seed

2) Copy the public key to the remote machine

sftpuser@machineA# scp id_rsa.pub sftpuser@machineB:.ssh/id_rsa.pub.machineA sftpuser@machineB's password: <password> id_rsa.pub            100% \|*****************************\|   222       00:00

3) Login to remote machine to add key to authorized_keys file

sftpuser@machineA# ssh sftpuser@machineB sftpuser@machineB's password: <password>
sftpuser@machineB# cd /.ssh sftpuser@machineB                           # ls \-l                               total 16 \-rw-r\--r-\-   1 sftpuser     staff          222 Nov 07 11:57                               id_rsa.pub.machineA \-rw-r\--r-\-   1 sftpuser     staff          677 Oct 31 09:52                                known_hosts

sftpuser@machineB# cat id_rsa.pub.machineA >> authorized_keys sftpuser@machineB# ls \-l                               total 24 \-rw-r\--r-\-   1 sftpuser     staff          222 Nov 07 12:03                               authorized_keys \-rw-r\--r-\-   1 sftpuser     staff          222 Nov 07 11:57                               id_rsa.pub.machineA \-rw-r\--r-\-   1 sftpuser     staff          677 Oct 31 09:52                               known_hosts
sftpuser@machineB# rm id_rsa.pub.machineA sftpuser@machineB# exit Connection to machineB closed.

4) Test the Authentication

sftpuser@machineA# ssh sftpuser@machineB sftpuser@machineB# (You should not be prompted for the password)

sftpuser@machineB# exit Connection to machineB closed.

5) Create batch script to test sftp

sftpuser@machineA# echo "put /etc/motd /home/sftpuser/motd.txt" > /tmp/test.batch sftpuser@machineA# cat /tmp/test.batch put /etc/motd /home/sftpuser/motd.txt

6) Test sftp

sftpuser@machineA# sftp \-b /tmp/test.batch sftpuser@machineB Connecting to machineB...     sftp> put /etc/motd /home/sftpuser/motd.txt             Uploading /etc/motd to /home/sftpuser/motd.txt     sftp> sftpuser@machineA#

7) Verify that the file was transferred

sftpuser@machineA# ssh sftpuser@machineB sftpuser@machineB# ls \-l                               /home/sftpuser/motd.txt \-r-xr\--r-\-   1 root     staff         1441 Nov 07 13:08                               /home/sftpuser/motd.txt sftpuser@machineB# exit Connection to machineB closed.

You can now use the sftp command, similar to the one in Step 6, in your script.