#Bash | shell script to connect SFTP server

The regular SSH/SFTP login prompt should appear when the remote side asks for authentication, and that should be accepting input as usual.

If you have the option you may also want to setup passwordless authentication using SSH keys.

Yeah my SFTP ask me for the password but I want the script to enter it for me

So when I launch the script it's already log in the sftp

That's a rather bad idea from a security standpoint.
But I'm sure you're aware of that.

You'll probably want to have a look at ssh-agent.
That will store login credentials in memory so non-interactive programs can safely use them.
It's also applicable here, since SFTP is built on top of SSH.

The script can't type something for me ?

It could.
But that is a really bad idea when dealing with passwords/authentication.

Yeah but this will only be on my phone so no problem

Just asking
test.bash
echo "test"
But when I use it with shortcuts it didn't print test why ?

In an abstract sense, no.
But practically speaking there is no excuse for intentionally using terrible security practices.

echo, cat, printf and other commands that print something to the terminal usually print to the "standard output", also referred to as stdout or fd/1.
stdout in turn gets printed on its connected terminal.
Ordinarily the Termux app interface.

Shortcuts are not connected to the standard Termux app interface, and as such can't print out text to stdout.
Although you could probably redirect that into a notification or something.
I'd need to think about it some more.

Into a notification?

Termux has the ability to send Android notifications through termux-notification.

It's part of the Termux:API add-on and termux-api package

Of and what I will do with that ?

It was a hypothetical

It's bad but if I use the termux-fingerprint to secure that ? It is less bad no ?

The issue is, you're putting an authentication token, in this case a password.
In plain text.
In your script.

Which is a huge no no.
Passwords ideally never touch the disk.
And if they must, then they should never be on the disk in an unencrypted state.

But no one can access it

Only me

Because its my phone

Do as you see fit.

sftp user@host <<< 'password'

Should in theory work.
But I want to reiterate that storing passwords in plain text is a really bad idea.

sftp may also simply refuse non-interactive input like that.

Thanks I will try

That didn't work

That is strictly a good thing.
That just means sftp is protecting you from a really basic security mistake.

And how to use ssh_agent

We'll need to initialize it first.
You'll need to add the following in your ~/.bashrc or equivalent start up file for your shell.

eval "$(ssh-agent)" # This will print a confirmation message on startup along the lines of
# Agent pid 1234

# if you want to discard that confirmation message use
eval "$(ssh-agent)" > /dev/null

# either way, a ssh-agent is now running for this session.

To store the login credentials for a remote host simply try to login on it, the credentials will then be stored for the duration of the active session.

There is a couple caveats to this.
By default there is no sharing of the ssh-agent between sessions, and the ssh-agent exits when its parent process does.
So credentials are stored per session, and do not persist past that point.

So it's useless if its only for a session

Because if I have a new session I need to put my password again

Which is where keybased authentication slots in.

?

I can generate a new pair of SSH keys.
Don't give those a passphrase.
Then add the public key of the pair on the remote side with ssh-copy-id.
It'll ask me to authorize doing that with the password.

Then afterwards as long as I specify the location of the private key from the pair in the config or on the command with the -i flag I can log in without a password
because I'm able to prove my identity by the fact that I have the Private Key that corresponds to the public key I gave the remote site.

Ok how I can do that

It just store the password with encryption

Somewhere

All of that is user side ? Not server side ?

The only thing that has to get added to the remote side is the Public Key of the key pair.
And only the public key.
ssh-keygen spits out two files.
A Public and a Private key.

The Public key is what you give the remote side so they can identify you.
The Private key, is the corresponding authentication.

But can I have the same private key on 2 device

Or 1 private key per device

And does the server can get multiple public key ?

Yes, you can use the same private key to authenticate with multiple different servers.

Not for multiple server

Oh you meant can you use one key pair for both directions.

Like my phone as the same private key than my tablet to access the same server

You can use the same private key on multiple devices.
Just keep it, well, private.

Well that sounds possible

So how can I create key ?

And where I found them ?

Oh I need to ask my host if he can add the key to authorize me to log in

Nope, that can be done automatically using ssh-copy-id

Sounds great

Can you explain me step by step how to do so ?

Like the command I need to run and how to find the key to put on my second device ?

You can make a key pair using ssh-keygen.
I use this command as a general template for my keys.

ssh-keygen -t rsa -b 4096 -f "$PWD/rsa-4096_key_name" -C "Key Comment - ${USER}@${HOST:-$HOSTNAME} $(date -I)"

Let's break it down.
ssh-keygen - we wanna make a new key pair

• -t rsa - of type RSA
• -b 4096 - make it 4096 bits long, that's reasonably secure
• -f "$PWD/rsa-4096_key_name" - put the resulting keys in the current directory and name them rsa-4096_key_name (you can pick your own key name obviously) I just like specifying the key type in the name.
• -C "Key Comment - ${USER}@${HOST:-$HOSTNAME} $(date -I)" - add a comment, and then the username and system where I generated the keys and the time.

Something like that ? Or I filled it in the wrong way ? And with the pwd line that mean my key will be on the folder I'm when I execute the command right ?

ssh-keygen -t rsa -b 4096 -f "$PWD/rsa-4096_key_name" -C "Key Comment - ${geekman}@${HOST:-$geekman.com} $(date -I)"```

(that's not my real sftp adresse)

mmmh if you wanna manually specify a username and hostname Just replace the ${USER}@${HOST:-$HOSTNAME}.
${USER} is the environment variable USER, which contains the username of the current user.
So if you want [email protected] you just put that in as literal text.

That mean I can just copy paste your code ?

No need to enter user and password

Because you said if I want to do it manually that mean it's doing it automatically?

You will need to copy over your new public key to the server with ssh-copy-id but after that you should be able to log in without a password if you provide the private key as authentication.

But where do I paste that ? On termux consol or when I am log in the SFTP ?

ssh-copy-id -i ./rsa-4096_key_name.pub user@server

I'm talking about the first one

This one

Oh, on the Termux console.

Ok

What I put for passphrase?

@vale lance

nothing

just enter

Ok

If you put a passphrase we're right back to needing to enter a password.
Just for the key this time.

So I get my key

What's next

You still need to add your public key on the remote side.

see here

How do I specify the port ?

I just run the command but when I enter password I got a error that permissions denied and I done that to me last time when I didn't put the port

You can do user@server:port

Ok

That don't work

Before I was connecting it with this command
sftp -P 2022 [email protected]

That'll need to be a small p for ssh-copy-id.
According to ssh-copy-id --help

Ok

Error
exec request failed on channel 0

You can also set up a Host section in your ~/.ssh/config if you prefer.
SFTP and ssh-copy-id will read that as a side effect of using SSH.
Should look something like this.

Host Termux Phone termux phone
    User u0_a294
    Hostname 192.168.111.3
    Port 8022
    IdentityFile ${HOME}/.ssh/keys/local/rsa-4096_Termux

each name on the Host line will be a valid alias for the connection.

So I can just do sftp Termux for example.

Ok

But I will do that after

But I got that. :/

You can try adding -s to the ssh-copy-id command.
That way it will use SFTP to transfer your key.

Where I put the -s ?

Yeah because I have SFTP access but not ssh

Ah that would do it.

Forgot to tell you sorry

You can put it just after ssh-copy-id, the order doesn't generally matter for command flags unless they take additional arguments.

`/data/data/com.termux/files/usr/bin/ssh-copy-id: ERROR: invalid option (-s)

Usage: /data/data/com.termux/files/usr/bin/ssh-copy-id [-h|-?|-f|-n] [-i [identity_file]] [-p port] [[-o <ssh -o options>] ...] [user@]hostname
-f: force mode -- copy keys without trying to check if they are already installed
-n: dry run -- no keys are actually copied
-h|-?: print this help`

Are you sure ? 🤔

That is generally how argument parsing works.
-a "flags" and --opt " long options", don't usually have to go in any specific order.
--file /path/to/location or -o /put/that/here, options that take additional (positional) arguments usually expect them right after though.
You can usually tell from the --help option of a command.

Yeah but -s don't exist

Let's take ssh-copy-id's --help output as an example.

# ssh-copy-id --help
/usr/sbin/ssh-copy-id: illegal option -- -
Usage: /usr/sbin/ssh-copy-id [-h|-?|-f|-n|-s] [-i [identity_file]] [-p port] [-F alternative ssh_config file] [[-o <ssh -o options>] ...] [user@]hostname
        -f: force mode -- copy keys without trying to check if they are already installed
        -n: dry run    -- no keys are actually copied
        -s: use sftp   -- use sftp instead of executing remote-commands. Can be useful if the remote only allows sftp

Anything in brackets [] is optional.
So what's required is only ssh-copy-id hostname
Any other options can be specified in whatever order you like.

So why I got error ?

huh...

Termux's version does not have -s

I just checked.

That's weird.

So what's it ?

I am guessing Termux's version doesn't support sending the key via SFTP.

💀

So I can't do that

Yep just found it in the build script.

So I can't

Not from Termux.

And with proot ?

Ubuntu proot

Should be doable.

I can install openssh and do it no ?

Should work.

Nice

How can I access termux key from proot ?

I don't use proot personally, but I think there's like a --no-sandbox option or something like that to let the proot access the host file system.

I just find it

Just doing cd /data/data/com.termux/files/home

When I run it I got a error

/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "./rsa-4096_HostyKey.pub" mktemp: failed to create directory via template ‘/root/.ssh/ssh-copy-id.XXXXXXXXXX’: No such file or directory /usr/bin/ssh-copy-id: ERROR: failed to create required temporary directory under ~/.ssh

So u tried the command but with -i /my_key

/usr/bin/ssh-copy-id: ERROR: failed to open ID file '/rsa-4096_HostyKey.pub': No such file

/rsa-4096_HostyKey.pub would indicate a keyfile in the root directory, which isn't correct.

I tried removing the / but still don't work

How can I access with the key in the same directory that I am

You will need the actual location of the public key.
If it's in your current directory you can use ./rsa-4096_HostyKey.pub
. is shorthand for the current directory.

That erro

With that

You might have to ask your host to add your key then.

Ok what I should ask him

Like precisely

The entire content of your public key will need to be added to the .ssh/authorized_keys file in your user's home directory.
That file should contain your entire public key.

Sadly it's a no 😔