How to run the sftp command with a password from Bash script?

Another way would be to use lftp:

lftp sftp://user:password@host  -e "put local-file.name; bye"

The disadvantage of this method is that other users on the computer can read the password from tools like ps and that the password can become part of your shell history.

A more secure alternative which is available since LFTP 4.5.0 is setting the LFTP_PASSWORD environment variable and executing lftp with --env-password. Here's a full example:

export LFTP_PASSWORD="just_an_example"
lftp --env-password sftp://user@host  -e "put local-file.name; bye"

# Destroy password after use
export LFTP_PASSWORD=""

LFTP also includes a cool mirroring feature (can include delete after confirmed transfer --Remove-source-files):

lftp -e 'mirror -R /local/log/path/ /remote/path/' --env-password -u user sftp.foo.com

EXPECT is a great program to use.

On Ubuntu install it with:

sudo apt-get install expect

On a CentOS Machine install it with:

yum install expect

Lets say you want to make a connection to a sftp server and then upload a local file from your local machine to the remote sftp server

#!/usr/bin/expect

spawn sftp [email protected]
expect "password:"
send "yourpasswordhere\n"
expect "sftp>"
send "cd logdirectory\n"
expect "sftp>"
send "put /var/log/file.log\n"
expect "sftp>"
send "exit\n"
interact

This opens a sftp connection with your password to the server.

Then it goes to the directory where you want to upload your file, in this case "logdirectory"

This uploads a log file from the local directory found at /var/log/ with the files name being file.log to the "logdirectory" on the remote server

You can use lftp interactively in a shell script so the password not saved in .bash_history or similar by doing the following:

vi test_script.sh

Add the following to your file:

#!/bin/sh
HOST=<yourhostname>
USER=<someusername>
PASSWD=<yourpasswd>

cd <base directory for your put file>

lftp<<END_SCRIPT
open sftp://$HOST
user $USER $PASSWD
put local-file.name
bye
END_SCRIPT

And write/quit the vi editor after you edit the host, user, pass, and directory for your put file typing :wq .Then make your script executable chmod +x test_script.sh and execute it ./test_script.sh.

The easiest way I found to accomplish this, without installing any third-party library like Expect, SSHPASS...etc, is by using a combination of CURL, and SFTP. Those two are almost in every Linux machine.

This is the command you should execute, after changing the values.

curl  -k "sftp://SERVER_IP:SERVER_PORT/FULL_PATH_OF_THE_FILE" --user "SERVER_USER:SERVER_PASSOWRD" -o "THE_NAME_OF_THE_FILE_AFTER_DOWNLOADING_IT"

Example:

curl  -k "sftp://10.10.10.10:77/home/admin/test.txt" --user "admin:123456" -o "test.txt"

Explanation:

We are connecting to the server 10.10.10.10:77 using the username admin and password 123456, to move the file /home/admin/test.txt from that server to the server you are using currently to execute the above command.

I was recently asked to switch over from ftp to sftp, in order to secure the file transmission between servers. We are using Tectia SSH package, which has an option --password to pass the password on the command line.

example : sftp --password="password" "userid"@"servername"

Batch example :

(
  echo "
  ascii
  cd pub
  lcd dir_name
  put filename
  close
  quit
    "
) | sftp --password="password" "userid"@"servername"

I thought I should share this information, since I was looking at various websites, before running the help command (sftp -h), and was i surprised to see the password option.

You can override by enabling Password less authentication. But you should install keys (pub, priv) before going for that.

Execute the following commands at local server.

Local $> ssh-keygen -t rsa 

Press ENTER for all options prompted. No values need to be typed.

Local $> cd .ssh
Local $> scp .ssh/id_rsa.pub user@targetmachine:
Prompts for pwd$>  ENTERPASSWORD

Connect to remote server using the following command

Local $> ssh user@targetmachine
Prompts for pwd$> ENTERPASSWORD

Execute the following commands at remote server

Remote $> mkdir .ssh
Remote $> chmod 700 .ssh
Remote $> cat id_rsa.pub >> .ssh/authorized_keys
Remote $> chmod 600 .ssh/authorized_keys
Remote $> exit

Execute the following command at local server to test password-less authentication. It should be connected without password.

$> ssh user@targetmachine

Combine sshpass with a locked-down credentials file and, in practice, it's as secure as anything - if you've got root on the box to read the credentials file, all bets are off anyway.

Bash program to wait for sftp to ask for a password then send it along:

#!/bin/bash
expect -c "
spawn sftp username@your_host
expect \"Password\"
send \"your_password_here\r\"
interact "

You may need to install expect, change the wording of 'Password' to lowercase 'p' to match what your prompt receives. The problems here is that it exposes your password in plain text in the file as well as in the command history. Which nearly defeats the purpose of having a password in the first place.

You can use sshpass for it. Below are the steps

1. Install sshpass For Ubuntu - sudo apt-get install sshpass
2. Add the Remote IP to your known-host file if it is first time For Ubuntu -> ssh user@IP -> enter 'yes'
3. give a combined command of scp and sshpass for it. Below is a sample code for war coping to remote tomcat sshpass -p '#Password_For_remote_machine' scp /home/ubuntu/latest_build/abc.war #user@#RemoteIP:/var/lib/tomcat7/webapps

A few people have mentioned sshpass but not many clear coding examples...

This is how we are doing it with bash scripts for rsync backups:

sshpass -p "${RSYNC_PASSWORD}" sftp "${RSYNC_USER}"@"${RSYNC_REMOTE_HOST}"

Keep in mind you will have to sudo apt install sshpass before this works properly.

curl --netrc-file NETRC --upload-file LOCALPATH sftp://HOST:PORT/REMOTEPATH

LOCALPATH may be - for stdin. The NETRC file has lines with format:

machine HOST login USERNAME password PASSWORD

(It's also possible to use --user USER:PASSWORD instead of --netrc-file but that reveals the password to anyone running ps locally at the same time, so don't do that.)

If the NETRC file does not exist permanently, your script can create a temporary file (possibly with the help of mktemp).

Thanks to @ASammour for pointing out that curl speaks SFTP.

or without prior installing of sshpass and the advantage of encoding the password (e.g. with base64 or gpg) (i use this in CICD).

export SSH_ASKPASS_REQUIRE=force
export SSH_ASKPASS=/usr/local/bin/ssh_askpass_helper_env

sudo tee <<'EOF' /usr/local/bin/ssh_askpass_helper_env
#!/bin/bash

base64 -d <<<"${SSH_PW}"
EOF

sudo chmod +x /usr/local/bin/ssh_askpass_helper_env

sftp \
  -C \
  -o BatchMode=no \
  -o PasswordAuthentication=yes \
  -o PubkeyAuthentication=no \
  -o PreferredAuthentications=password \
  -o StrictHostKeyChecking=accept-new \
  -b - \
  -- \
  kitchen@your_mum \
  <<<$'ls\nbye'

You can use a Python script with scp and os library to make a system call.

1. ssh-keygen -t rsa -b 2048 (local machine)
2. ssh-copy-id user@remote_server_address
3. create a Python script like:

    import os
    cmd = 'scp user@remote_server_address:remote_file_path local_file_path'
    os.system(cmd)

4. create a rule in crontab to automate your script
5. done

@ASamour inspired me to put this in my .bashrc:

sshpass()
{
        server=$1
        file=$2
        userpass=$3
        outfile=${4:-$file}

        curl \
                --insecure sftp://${server}/${file} \
                --user "${userpass}" \
                --output ${outfile}
}

I came here only to get the auth trick, and then run the commands manually in the terminal. This solution is ONLY ABOUT the authentication part:

I had to install sshpass.

sshpass -p thepassword sftp [email protected]

Then you will be logged on sftp to run commands manually, without having to type the password.