I can sftp (with password) but not sftp -b - not prompted for password! - SSH

This is a discussion on I can sftp (with password) but not sftp -b - not prompted for password! - SSH ; I am trying to sftp data to a server. I only have the option to use password authentication. I can sftp just fine to the server and do whatever I want. However, if I try to sftp with a batch ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: I can sftp (with password) but not sftp -b - not prompted for password!

  1. I can sftp (with password) but not sftp -b - not prompted for password!

    I am trying to sftp data to a server. I only have the option to use
    password authentication.

    I can sftp just fine to the server and do whatever I want.

    However, if I try to sftp with a batch file, I am not prompted for my
    password. It seems to just skip that option.

    The userid I am using has no keys in ~/.ssh (only known_hosts)

    Here is the verbose output:

    sftp -v -b sftp.batch.txt myuserid@example.com

    OpenSSH_4.4p1, OpenSSL 0.9.8d 28 Sep 2006
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Applying options for *
    debug1: Connecting to sftp.americanlafrance.com [208.3.68.147] port
    22.
    debug1: Connection established.
    debug1: identity file /home/david/.ssh/id_rsa type -1
    debug1: identity file /home/david/.ssh/id_dsa type -1
    debug1: Remote protocol version 2.0, remote software version 1.82
    sshlib: WinSSHD 4.22
    debug1: no match: 1.82 sshlib: WinSSHD 4.22
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_4.4
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: server->client aes128-cbc hmac-md5 none
    debug1: kex: client->server aes128-cbc hmac-md5 none
    debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
    debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
    debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
    debug1: Host 'sftp.americanlafrance.com' is known and matches the DSA
    host key.
    debug1: Found key in /home/david/.ssh/known_hosts:1
    debug1: ssh_dss_verify: signature correct
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: SSH2_MSG_NEWKEYS received
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug1: Authentications that can continue: publickey,gssapi-with-
    mic,password
    debug1: Next authentication method: publickey
    debug1: Trying private key: /home/david/.ssh/id_rsa
    debug1: Trying private key: /home/david/.ssh/id_dsa
    debug1: No more authentication methods to try.
    Permission denied (publickey,gssapi-with-mic,password).
    Couldn't read packet: Connection reset by peer


    This is OpenSSH_4.4p1, OpenSSL 0.9.8d 28 Sep 2006


    Does anyone know why I am not prompted for a password when trying a
    batch process?

    Thanks!

    --
    David Filmer (http://DavidFilmer.com)


  2. Re: I can sftp (with password) but not sftp -b - not prompted for password!

    In article <1182899456.855531.325420@o11g2000prd.googlegroups. com>
    usenet@DavidFilmer.com writes:
    >I am trying to sftp data to a server. I only have the option to use
    >password authentication.
    >
    >I can sftp just fine to the server and do whatever I want.
    >
    >However, if I try to sftp with a batch file, I am not prompted for my
    >password. It seems to just skip that option.


    It's a design decision, not a good one in my opinion. At some 3.x
    version, this was added to sftp.c:

    case 'b':
    ...
    >>>>>>>>>> addargs(&args, "-obatchmode yes");


    From ssh_config(5):

    BatchMode
    If set to ``yes'', passphrase/password querying will be disabled.

    It is also documented in sftp(1) (at least in current versions):

    -b batchfile
    Batch mode reads a series of commands from an input batchfile
    instead of stdin. Since it lacks user interaction it should be
    used in conjunction with non-interactive authentication.

    IMO, if a 'sftp -b' user wants to disable passphrase/password querying,
    he can just use that -o option on the sftp commandline himself - there
    are many scenarios where interactive authentication is just fine even if
    you prefer to have the sftp commands in a file.

    I guess this is unlikely to change though, and given that, it is now
    possible to do the opposite, i.e. override the "builtin" BatchMode
    setting on the sftp command line:

    sftp -o "batchmode no" -b /tmp/bat user@host

    Note that it must come *before* -b, which may be surprising - this is
    due to ssh processing -o options as if they were read from the config
    file - ssh_config(5) again:

    For each parameter, the first obtained value will be used.


    --Per Hedeland
    per@hedeland.org


  3. Re: I can sftp (with password) but not sftp -b - not prompted for password!

    On Jun 26, 10:57 pm, p...@hedeland.org (Per Hedeland) wrote:

    > sftp -o "batchmode no" -b /tmp/bat user@host


    That did it!!! Thanks very much for your extremely complete and
    helpful reply!

    > It is also documented in sftp(1) (at least in current versions):

    hmmm. Documented poorly IMHO

    > -b batchfile
    > Batch mode reads a series of commands from an input batchfile
    > instead of stdin. Since it lacks user interaction it should be
    > used in conjunction with non-interactive authentication.


    To me, the word "should" implies a recommendation. But this is more
    than a recommendation; -b flat-out does not work with interactive
    authentication unless the user specifically does something ELSE to
    make it work. It would have been nice if this had been made more
    clear (and included mention of the batchmode override).

    Anyway, thanks again for the assist!

    --
    David Filmer (http://DavidFilmer.com)


  4. Re: I can sftp (with password) but not sftp -b - not prompted for password!

    In article <1182933599.682123.161180@o11g2000prd.googlegroups. com>
    usenet@DavidFilmer.com writes:
    >On Jun 26, 10:57 pm, p...@hedeland.org (Per Hedeland) wrote:
    >
    >> It is also documented in sftp(1) (at least in current versions):

    >hmmm. Documented poorly IMHO
    >
    >> -b batchfile
    >> Batch mode reads a series of commands from an input batchfile
    >> instead of stdin. Since it lacks user interaction it should be
    >> used in conjunction with non-interactive authentication.

    >
    >To me, the word "should" implies a recommendation.


    Well, I was thinking primarily of the "lacks user interaction", which is
    pretty definitive - and it's true, but only because the developers
    decided to take away the user interaction that was possible earlier!:-)

    --Per Hedeland
    per@hedeland.org

+ Reply to Thread