AutoSFTP

If you are working in a data center environment, you probably have already encountered the requirement for program initiated file transfer (such as in EAI application) or for a person being able to transfer files to a server but not to access the command line on that server.
If you still don't have solution for these tasks, our AutoSFTP should be the right choice for you; if you are using some other software to do these, you'd better to compare that software with AutoSFTP, in terms of cost effectiveness, security, flexibility and easy of use.

AutoSFTP ( or simply asftp ) is a Linux based package to allow user to use batch mode to transfer files between Linux machine and other systems through SFTP service without compromising the security of the password or private key/passphrase.

It also enables you to allow a person to transfer files with a server but not log on to that server to access the command line.

AutoSFTP provides the most secure way for you to automate SFTP process: the strong and sophisticated password/passphrase encryption algorithm gives you much better protection than using Hostbased authentication, using PubkeyAuthentication with null passphrase for private key, using "expect" to auto feed password or passphrase, and even more secure than using ssh-agent. And AutoSFTP will also protect you from system call tracing attack and better protect you from sftp/ssh program trojan horse attack, which is even more secure than you manually run sftp program.

How AutoSFTP works
 

Lets assume that you are on an Linux machine Munix with accout Ua, and want to download file from or upload file to a machine Mftp with SFTP server running and using Uftp as sftp account to connect. First, setup the encrypted password/passphrase file on Munix machine use Ua account:
 
/usr/local/bin/asftpkey Mftp Uftp


This command will ask you the password for Uftp on Mftp or passphrase for the private key, depending on what authentication methods you will use, and then it will encrypt the password/passphrase using DES and save to a file which can only be used by Ua account. After that, Ua can run
 

/usr/local/bin/asftp


to transfer files using SFTP service without need to key-in the password or passphrase.

And to prevent Trojan horse attack, when you run asftp, it will first check both ssh and sftp programs to make sure they are properly certified by asftpcreg program, if not, asftp will not continue to decrypt the encrypted password/passphrase file.
This built-in program file verification is much more secure then ways that depend on external security program's (such as tripwire) periodic check: by temporaryly disable the check, a person with root privilege can easily use Trojan horse to capture secret password or passphrase without being detected.


Usage
 

• /usr/local/bin/asftpkey SFTP-Server Account-on-SFTP-Server
To setup/update the encrypted password/passphrase file for asftp use.
When running asftpkey to update the encrypted password/passphrase file, you will need to key in old password/passphrase for verification. If you forgot it, you need to ask system administrator to login as root to remove the /usr/local/etc/asftp/server.account.your_uid file first before you can successfully run asftpkey to update encrypted file.
 
• /usr/local/bin/asftp put server user remote-dir file...
To upload files.
 
• /usr/local/bin/asftp get server user remote-dir file...
To download files.
 
• /usr/local/bin/asftp rdel server user remote-dir file...

To delete files on SFTP server.
 
• /usr/local/bin/asftp ls server user remote-dir [file...]

To list files on SFTP server.
 
• /usr/local/bin/asftp cmd server user cmd-file

To run SFTP tasks defined by cmd-file.
Here, you can put in cmd-file any SFTP commands which the SFTP server process on server understands, for example
cd /tmp
put myfile
mget UNIX*
cd /etc
get passwd
bye