I'm using WinSCP to interact with a remote server that supports only SFTP and doesn't allow SSH access.
My interaction involves moving/deleting a subset of files (identified by file names) in a certain directory.
To simplify this, I would typically synchronize [ Remote -> Local ], delete the files locally using the cygwin commandline (so that I can specify a list of file names instead of selecting files in the GUI) and then synchronize [ Local -> Remote ] to push the deletes to remote.
But, now, I want to further simplify the process so I can hand this over to an operations person. I went looking and was delighted to find that WinSCP supports 'commands'.
It would be great if I could enter something like this in the 'Command' field at the bottom in the 'Commander' view of WinSCP:
get queue-queue-from-DLQ-ID-69703273-db51-11e1-ba9f-005056010165 \
queue-queue-from-DLQ-ID-3d64697a-db51-11e1-b86e-005056010166 \
queue-queue-from-DLQ-ID-76fdb365-db50-11e1-b78d-005056010164 \
queue-queue-from-DLQ-ID-76ed3836-db50-11e1-ba9f-005056010165
But when I enter this in the 'Command' field, I get the following error:
Current SFTP-3 session does not support command you request. Separate shell session may be opened to process the command. Do you want to open separate shell session?
When I hit ok, I get the following error:
Error skipping startup message. Your shell is probably incompatible with the application (BASH is recommended).
The latter one is probably due to the fact that SSH is not supported.
But my question is, since get is an SFTP command, why am I getting the first error? Doesn't WinSCP itself use that command under the covers to support a GUI 'copy to local' operation?
How can I configure either WinSCP or the Linux box so that I can do what I have shown above?
I guess this answers my question: http://winscp.net/eng/docs/remote_command
Apparently, the 'Command' feature is only supported for SCP.
I wonder why WinSCP can't expose a commandline interface for SFTP operations that are generally supported during an sftp interactive session.
You can use WinSCP command-line scripting interface to run the get command.
https://winscp.net/eng/docs/scripting
The 'Commands' feature (remote commands execution) is supported even for SFTP protocol. But this feature executes the command on remote server. You cannot use this feature to automate WinSCP. And there's no remote command that you can easily use to download file.
See https://winscp.net/eng/docs/remote_command
Related
I'm able to connect and interact with a hive database on the Putty terminal. But I'm clueless about how to do it on Datagrip.
These are the steps that I'm using for Putty:
Starting a session through SSH-type on the host(HostName) and port(22), which opens a terminal, and there I feed my login details.
Then, I invoke a batch script on the remote server ssh session which then calls other .sh scripts, this step sets the path for various environment variables and defines a lot of hive configurations. At completion of this batch file I can see a "hive>" on the terminal, indicating I can run sql queries now.
Is there any way, I can get Datagrip working in this environment and setup driver location, work directory, home directory, everything on the remote server. And call this batch script from Datagrip itself.
We're deploying our application using SSH scripts. For the production stage we need to figure out which out of two clusters is currently active. This can only be achieved reliably by running a command on a remote host and interpreting its output. Unfortunately there's no SSH plugin that does that AFAIK.
They only seem to be able to interpret if the SSH script return value was different from zero.
Currently I only see two undesirable solutions:
use SSH in a script like Python, Groovy, etc. (means, we would have to provide SSH authentication to it somehow)
Let the SSH-command write to a file, that is then copied to Jenkins and interpreted there (unelegant and cumbersome)
Ok based on what you mentioned in the comment, I think you can try something like given in here and then copy back that file to jenkins using ftp and then read the file contents.
Or you can have the whole process orchestrated in an Ant script by using SSHExec task and get the output in Ant
I can call Remote Command by local file from console(-m option) in putty.
Is it possible to do the same from Putty GUI(Connection->SSH->Remote command, or elsewhere)?
So, to put it more clearly, the question is can we set a file as the source of the remote command in the gui.
Not directly, no - it explicitly takes only a string. Possibly one of the various putty forks has it added (although I can confirm kitty does not).
The only way I can think of to do it is to wrap putty in a script which reads the content of the file (whatever it is) and puts that value into the windows registry at HKEY_CURRENT_USER/Software/SimonTatham/PuTTY/Sessions/NAMEOFSESSION/RemoteCommand before executing putty.
I need to allow a PHP script on my local web server, to SSH to another machine to perform a specified task on some files. My httpd runs as _www with low permissions, so setting up direct passwordless SSH is difficult, not to say ill-advised.
The way I do it now is to have a minimal PHP script that sudo-exec's (as me) a shell script which is outside of the document root. The shell script in turn calls (as me) the PHP code that does the actual SSH work, and prints its output. Here's the code.
read_remote_files.php (The script I call from my browser):
exec('sudo -u me -n /home/me/run_php.sh /path/to/my_prog.php', $results);
print $results;
/home/me/run_php.sh (Runs as me, calls whatever it's given):
php $1 2>&1
sudoers:
_www ALL = (me) NOPASSWD: /home/me/run_php.sh
This all works, as my_prog.php is called as me and can SSH as me. It seems it's not too insecure since run_php.sh can't be called directly from a browser (outside document root). The issue I'm having is that my_prog.php isn't called as an HTTP program so doesn't have access to the HTTP environment variables (DOCUMENT_ROOT etc).
Two questions:
Am I making this too complicated?
Is there an easy way for my final script to get the HTTP variables?
Thanks!
Andy
Many systems do stuff like this using a (privileged) cron job that frequently checks for the existence of a file, a database record or some other resource, and then performs actions if there are any.
The huge advantage of this is that there is no direct interaction between the PHP script and the privileged script at all. The PHP script leaves the instructions in a resource, the privileged script fetches it. As long as the instructions can't lead to the system getting compromised or damaged, it's definitely more secure than sudoing.
The disadvantage is that you can't push changes whenever you like; you have to wait until the cron job runs again. But maybe it's an option anyway?
"I need to allow a PHP script on my local web server, to SSH to another machine to perform a specified task on some files."
I think that you are phrasing this in terms of a solution that you have difficulty in getting to work rather than a requirement. Surely what you should be saying is "I want to invoke a task on machine B from a PHP script running under Apache on Machine A." And then research solutions to this -- to which there are many from a simple 'roll-your-own' RPC tunnelled over HTTP(S) to using an XMLRPC or SOA framework.
Two caveats:
Do a phpinfo(); on both machines to check what extensions are available and
Also check your php.ini setting to make sure that your service provider hasn't disabled any functions that you expect to use (or do a Q&D script to echo 'disable_functions = ' . ini_get('disable_functions') . "\n"; ...)
If you browse here and the wider internet you'll find many examples. Here is one that I use for a similar purpose.
Is it possible to use CRON to upload a file via FTP? If yes how can I call FTP to run an upload?
Assuming a UNIX-like operating system you could setup a cron job that pointed to a shell script like the following:
#!/bin/sh
cd [source directory]
ftp -n [destination host]<<END
user [user] [password]
put [source file]
quit
END
Depending on your ftp client defaults and the source file type you may need to specify binary prior to the put.
You may use ncftp -- they have an handy tools called "ncftpput"
It is easier then using expect -- it is just a single command with useful return code.
You probably are looking for a program called "expect" which is designed for dealing with interactive processes.
http://expect.nist.gov/
If you have "cron", you likely already have "expect" as well, these days.
Schedule a script call from cron.
In the script,
Use Public Key Authentication to open a Secure FTP communication with your server
Execute a batch file of PUTs to your server (there is a -b option in sftp)
For this,
you will need to setup the public key authentication between the server and your client,machine.
you will need a sftp client on the client machine (there are clients for all platforms -- PuTTY, Winscp.net, unix variants usually have this already installed).
finally, try the PUT manually with public key authentication and note down the commands -- you can write them down in to the batch file for automation
Some other notes.
expect is an overkill for this requirement.
More over, any scheme that requires the password to be scripted is bad
ncftp is good for an interactive session (not such automation)
I do not know if wput allows public key authentication (probably not), in which case its not good for such automation either
Just create your CRON jobs to call WGET to upload or download your file via FTP!