I am trying to write a script to back up a file over SFTP. The problem is, it requires a password, and I see no way to manually specify a password to SFTP. I've heard about requiring no password by using public keys, but that requires being able to ssh into the remote server and modify some configuration files, which I cannot do.

Currently my solution is to use cURL, but that is insecure (uses normal FTP). I also looked at the .netrc file, but that seems to be for FTP instead of SFTP. How do I manually specify a password for sftp?

cURL can support sftp, as documented by the manual:

USING PASSWORDS

 FTP

   To ftp files using name+passwd, include them in the URL like:

        curl ftp://name:[email protected]:port/full/path/to/file

   or specify them with the -u flag like

        curl -u name:passwd ftp://machine.domain:port/full/path/to/file

 FTPS

   It is just like for FTP, but you may also want to specify and use
   SSL-specific options for certificates etc.

   Note that using FTPS:// as prefix is the "implicit" way as described in the
   standards while the recommended "explicit" way is done by using FTP:// and
   the --ftp-ssl option.

 SFTP / SCP

   This is similar to FTP, but you can specify a private key to use instead of
   a password. Note that the private key may itself be protected by a password
   that is unrelated to the login password of the remote system.  If you
   provide a private key file you must also provide a public key file.

Lftp allows specifying passwords for both ftp and sftp and does not require public keys at all. Your sh sync script may look like this:

#!/bin/sh
# Define folders
THEFOLDER='/mnt/my/folder'
# List files
THEFILES=`ls -p $THEFOLDER | grep -v "/"`

for file in $THEFILES
do
  echo "Processing $file"
  lftp -u login,password -e "put $THEFOLDER/$file;quit"  theftp/sub/folder
done

You might also want to consider using python (the paramiko module), as it can quickly be called from the shell.

Install the Module

pip install paramiko

Example FTP Upload Script

import paramiko

username = 'my_username'
password = 'my_password'

transport = paramiko.Transport((server, 22))
transport.connect(username=username, password=password)
sftp = paramiko.SFTPClient.from_transport(transport)    

local_filename = '/tmp/filename'
remote_filename = 'MyFiles/temp.txt'

sftp.put( local_filename, remote_filename )

Bash program to wait for sftp to ask for a password then send it along:

#!/bin/bash
expect -c "
spawn sftp username@your_host
expect \"assword\"
send \"your_password_here\r\"
interact "

Put that in a file called sftp_autologin.sh. The \r sends an to sftp to execute the command. I don't include the 'p' in password because on some systems it's uppercase, others lowercase. expect spawns the sftp command. Waits for the string 'assword' to be seen and sends a command. Then ends.

To get this to work:

1. Install expect, I'm using 5.44.1.15
2. Make sure you can sftp to your box in interactive mode and supply a password.
3. Make sure this bash script has executable permissions.

Then run it:

chmod +x sftp_autologin.sh
./sftp_autologin.sh

It should drop you into the sftp commandline without prompting you for a password.

Is it insecure?

It's about the most unsecure command you can run. It exposes the password to the commandline history, to anyone else who can read 'ps' output, and basically defeats the entire purpose of passwords all together.

But hey what's another log on the fraud fire, it's only about 250b dollars in victim losses per year. Lets go for 500b.

This automatically runs some commands with the sftp shell and exits automatically when done:

#!/bin/bash
expect -c "
spawn sftp [email protected]
expect \"assword\"
send \"yourpassword\r\"
expect \"sftp\"
send \"get your_directory/yourfilename.txt\r\"
expect \"sftp\"
send \"exit\r\"
interact "

In order to use public keys you do not need to modify any "configuration files". You merely need to leave a copy of your public key in a place where ssh knows to look (normally ~/.ssh/authorized_keys). You can do this with sftp. If you haven't established any authorized_keys file on the server, you can simply put your id_rsa.pub file in its place.

You can't specify a password to ssh / scp or sftp from the command line. The only way to connect without prompting for a password is to use public key authentication.

You say that you can't ssh to the server to modify configuration files but if you can sftp to the server you can probably upload your public key.

Your public key just has to go under the .ssh directory in your home directory.