Midrange News for the IBM i Community


Posted by: Chris Proctor
Programmer Analyst
Columbia Sports Company
Portland, OR
Using a passphrase in a public key in batch....
has no ratings.
Published: 10 Aug 2012
Revised: 23 Jan 2013 - 1582 days ago
Last viewed on: 24 May 2017 (2622 views) 

Using IBM i? Need to create Excel, CSV, HTML, JSON, PDF, SPOOL reports? Learn more about the fastest and least expensive tool for the job: SQL iQuery.

Using a passphrase in a public key in batch.... Published by: Chris Proctor on 10 Aug 2012 view comments(4)

Happy Friday. Everything I've been reading says not to use a passphrase in a private/public key for an SSH connection if the job is going to run in batch, because someone has to answer it manually. The users that I'm developing the SFTP process for want a passphrase for additional security. Is there a way to automate the entry of the passphrase? Maybe in the script file or something like that? I know that kind of defeats the purpose for "additional security".

Maybe I just need to tell them that unless they want to run the job and enter the passphrase every time it comes up a passphrase can't be used.

Thoughts?????

Return to midrangenews.com home page.
Sort Ascend | Descend

COMMENTS

(Sign in to Post a Comment)
Posted by: BrianR
Premium member *
Green Bay, WI
Comment on: Using a passphrase in a public key in batch....
Posted: 4 years 9 months 13 days 12 hours 3 minutes ago

Let me refer you again to Scott Klement's presentation and read the part about the EXPECT utility which emulates a Unix terminal in batch (starts on page 35).  That may or may not work depending on your requirements, but it's worth a look.

Posted by: chrisp
Premium member *
Portland, OR
Comment on: Using a passphrase in a public key in batch....
Posted: 4 years 9 months 13 days 11 hours 44 minutes ago

Hi Brian. Yeah, I looked at it, but don't think it will work for us. I also tried installing it and it had numerous "file or directory in the path name does not exist" errors.

Posted by: DaleB
Premium member *
Reading, PA
Comment on: Using a passphrase in a public key in batch....
Posted: 4 years 9 months 10 days 17 hours 59 minutes ago

I'm curious, did you try it in the !--script-- file (-b xxx)? What happened?

Posted by: ssonntag
Premium member *
Port Washington WI
Comment on: Using a passphrase in a public key in batch....
Posted: 4 years 9 months 3 days 11 hours 55 minutes ago
Edited: Mon, 20 Aug, 2012 at 17:03:28 (1738 days ago)

Brian,

 

I too just went through the process of setting up sFTP and found that trying to use a passphrase was too much of a hassle and really does provide that extra level of security if someone has to run the process from a terminal session.

The extra time and effort of having to install and use EXPECT in the !--script-- didn't make sense for a process that is already secure.

Unless they really insist, I would not go through the effort.

 

Scott Sonntag