Is there an option to put the password on the line as well with sftp?
linux~ $ sftp USERNAME@FTP.WEBSITE.COM:/DIRECTORY_TO_GO_TO/
Like this
linux~ $ sftp USERNAME@FTP.WEBSITE.COM:/DIRECTORY_TO_GO_TO/ -p PASSWORD?
Asked
Active
Viewed 3e+01k times
7 Answers
61
As others have mentioned, a command-line password should be the last resort.
However, if nothing else is possible; one can go for ssh pass
sshpass -p <password> sftp user@host
Yogesh Nachnani
- 711
15
Generally including a password in a command line is considered a security risk because it will show up to anyone else who can run ps/top, and it may be saved in your shell's history.
It would be a much better idea to setup key-based authentication if you are able.
Also, I don't believe it is going to be possible with sftp. It is meant to be used for secure transfers. If you really had to do something like this and you have no other choice then you probably need to be looking at automating with expect.
Márton Tamás
- 129
Zoredache
- 131,987
-
It would be a much better idea to setup key-based authentication if you are able.
That's make sense.
– Net Runner Jun 08 '17 at 17:48 -
-
1I came here because I'm trying to figure out how to sftp my public key onto my target in order to set up key-based auth... :'( – weberc2 Nov 10 '20 at 18:26
7
Just use perl, ruby or python to script what you are trying to do. In case of ruby it's just (taken from the net-sftp API docs):
require 'net/sftp'
Net::SFTP.start('host', 'username', :password => 'password') do |sftp|
# upload a file or directory to the remote host
sftp.upload!("/path/to/local", "/path/to/remote")
end
For more info http://net-ssh.rubyforge.org/sftp/v2/api/index.html
4
Don't do that - setup SSH public key authentication for automatic login.
MikeyB
- 39,673
-
-
1@Daniel, both sftp and scp are built on SSH which allows for key-based authentication. – Zoredache Oct 13 '09 at 23:19
2
As the other answers have stated, use public key authentication. There is a great, although a little dated, IBM developerWorks series that should explain everything you want to know about it, as well as some useful supplemental tools such as keychain.
rvf
- 1,605
2
For searchers that don't care that the password can be seen in the command-line command:
sftp userid:password@remoteHost is how to include the password in the sftp connect command.
UPDATE: this turned out to be incorrect... see comments
ashnazg
- 129
-
-
1This turned out to be incorrect... this method appeared to work for me because PHP and its ssh2 extension were being used earlier in my code to do actual standalone authentication... and the sftp command was being run later. It was this later piece where the syntax appeared to succeed. – ashnazg Dec 13 '18 at 15:25
-
1Could not resolve hostname user: No such host is known. It is considering ":" in username which is not the case in FileZilla CLI – P Satish Patro Jun 04 '19 at 15:10
1
I suspect that there are as many answers as there are FTP clients. An SFTP server should not accept authentication information until encryption is established, so that the user and password are protected.
I believe the FileZilla client will allow for command line passing of the user and password .. see the documentation here. Given the reputation of the FileZilla project, I would expect it to operate securely.
tomjedrz
- 5,974
brew search sshpass-- "We won't add sshpass because it makes it too easy for novice SSH users to ruin SSH's security." – oliver Apr 04 '17 at 09:22SSHPASS="MY_PASSWORD" sshpass -e sftp user@hostthis prevents the password to be visible for other user by looking intops -axf– meles Aug 20 '21 at 15:48export HISTIGNORE=' ...'and prefix your command by a single space so it isn't captured in your history file. – David C. Rankin Sep 17 '21 at 06:31