Key based authenication with net-sftp in Ruby

Asked 9/11, 2009 at 13:7 Answered 23/9, 2014 at 22:24

I want to be able to use SFTP to login into a number of servers and download certain files to help debug issues as and when they arise. While we could use a client, we wanted to start automating the process to streamline everything.

My first attempt looks something like this:

def download(files_to_download, destination_directory)
    Net::SFTP.start(@server, @username, :password => @password) do |sftp|
        files_to_download.each do |f|
            local_path = File.join(destination_directory, File.basename(f))
            sftp.download!(f, local_path)
        end
    end
end

While this works, it means we need the password. Ideally, I want to be using public key authentication however I can't see any reference to this in the documentation or online - is this possible?

I would prefer not to use chilkat.

Thanks

Phane answered 9/11, 2009 at 13:7 Comment(0)

If you want to directly specify the key (or other SSH options) you can first open a Net::SSH connection, and then do SFTP operations from there.

Net::SSH.start("localhost", "user", keys: ['keys/my_key']) do |ssh|
  ssh.sftp.upload!("/local/file.tgz", "/remote/file.tgz")
  ssh.exec! "cd /some/path && tar xf /remote/file.tgz && rm /remote/file.tgz"
end

This also works for Net::SCP

Net::SSH.start('localhost', 'user', keys: ['keys/my_key'] ) do |ssh|
  ssh.scp.download("/local/file.txt", "/remote/file.txt")
end

Walston answered 23/9, 2014 at 22:24 Comment(2)

Thanks but We're getting below error when I tried your above sysntax, do you know the solution of it? SCP did not finish successfully (1): (Net::SCP::Error) – Radiophone 5/12, 2023 at 8:47

There are a lot of possible things which could produce an error like that. You might be best off posting a new question, with the rest of the error message and the code you ran. – Walston 8/12, 2023 at 18:44

It's automatically done, just upload your public key and should work out of the box.

Connecting using public/private keys

Public/private keys are always tried before the explicit password authentication, even if you provide a password. Thus, if you only want to use public/private key authentication, simply remove the password from the argument list. If you can successfully obtain a session handle, then your keys are set up correctly!

http://net-ssh.rubyforge.org/ssh/v1/chapter-2.html#s2

Marshallmarshallese answered 9/11, 2009 at 13:48 Comment(3)

Awesome! Thank you. I tried that and I'm now getting: c:/ruby/lib/ruby/gems/1.8/gems/net-sftp-2.0.2/lib/net/sftp.rb:43:in start': und efined method shutdown!' for nil:NilClass (NoMethodError) from C:/sourcecode/log_downloader/sftp.rb:7:in `download' from C:/sourcecode/log_downloader/sftp.rb:24 From the SSH logs, it looks like it doesn't do the Accepting public key, requesting signature step which winscp did where it asked me to accept the key? Or does the client take care of that for me? – Phane 9/11, 2009 at 14:17

Does this work with Net::SFTP as well? or is it only with Net::SSH ? – Bahuvrihi 7/8, 2012 at 21:36

Yes, this works with Net::SFTP as well. And if you're using Net::SSH/SFTP v2, you can pass the private key into .start as the :key_data option, if saving it to a file is not a good option for you. – Suricate 11/1, 2013 at 22:52

Recommended topics

Hot tags