I can think of a couple of ways to do this but I highly recommend setting up passwordless ssh
access, you'll thank me later.
1. Set up passwordless access to your machines.
This is by far the best method since you are bound to want to connect to the machines again and this will make your life much easier. It is also way, way safer than the other options even if you choose to use an empty passphrase since you won't be throwing passwords around unencrypted.
First, create a public ssh
key on your machine:
ssh-keygen -t rsa
You will be asked for a passphrase which you will be asked to enter the first time you run any ssh command after each login. This means that for multiple ssh
or scp
commands, you will only have to enter it once. Nevertheless, you can leave it empty to have completely passwordless access.
Once you have generated your public key, copy it over (as user1
) to each computer in your network :
while read ip; do
ssh-copy-id -i ~/.ssh/id_rsa.pub user1@$ip
done < IPlistfile.txt
You will have to manually enter the password for each IP (unless you use one of the solutions below for this step as well) but once you've done that, you will be able to copy files to any of these machines with a simple:
while read ip; do
scp /home/user1/Desktop/filetobesent.txt user1@$ip:~/Desktop
done < IPlistfile.txt
If you have sshpass
installed, you can automate this so you don't need to type your password for each machine:
SSHPASS='password'
while read ip; do
sshpass -e scp /home/user1/Desktop/filetobesent.txt user1@$ip:~/Desktop
done < IPlistfile.txt
This is a nifty little program that allows you to pass an ssh
password as a command line parameter. This is, obviously, not a very secure solution and I highly recommend you read the "Security Consideretions" section of man sshpass
.
Anyway, it is probably available in your distribution's repositories, on Debian-based systems it can be installed with
sudo apt-get install sshpass
I can't check since I don't have a RedHat based machine but as far as I can tell from searching here, it should be installable on Fedora with
sudo yum install sshpass
Once you have it installed, you can simply run
SSHPASS='password'
while read ip; do
sshpass -e scp /home/user1/Desktop/filetobesent.txt user1@$ip:~/Desktop
done < IPlistfile.txt
The -e
option tells sshpass
to get the password from the SSHPASS
variable. This is a bit more secure than giving it as a parameter with the -p
option.
IMPORTANT:
This will fail silently if the server you are connecting to is unknown, if its public key is not stored in your machine. If this does not seem to be working, just connect once (ssh
or scp
) to the remote machine and accept its public key.
3. Use pscp
instead
pscp
is an alternative to scp
that accepts the password as a commandline parameter. On Debian-based systems, this can be installed with
sudo apt-get install putty-tools
As I said before, I can't check but it should be installable on Fedora with
sudo yum install putty
You can then copy your files with
while read ip; do
pscp -pw password /home/user1/Desktop/filetobesent.txt user1@$ip:~/Desktop
done < IPlistfile.txt
Best Answer
If you want all setup all the limiting stuff you mention I would suggest to use ProFTPd.
Using the
sftp_module
you are able to only allow a secure session. See http://www.proftpd.org/docs/contrib/mod_sftp.html for details about thesftp
functionality. Near the bottom of the page an example configuration is listed.Using the
DefaultRoot
directive you can isolate the granted user into his/her own directoryUsing the
<LIMIT>
structure you are able to limit the FTP commands you want to allow, i.e.READ
so the user can not retrieve files. See http://www.proftpd.org/docs/howto/Limit.html for details.When you setup the
sftp
configuration in ProFTPd you probably want to have it to listen on another port thanssh
, for example 2222. Configure your firewall and/or router to allow traffic coming fromstranger
to the port you choose for ProFTPd. Another possibility is to run ProFTPd'ssftp
module on port 22 and reconfiguressh
to listen on another port.A sample configuration can look like:
Note: This is not a complete configuration of ProFTPd, you should review and modify the ProFTPd default configuration to have it fits your need.
There is another possibility to just use OpenSSH for this:
Create the user
stranger
and set a password for the user:Edit the file
/etc/ssh/sshd_config
and check if the following line exists, add it if it does not exists:Next add a Match block at the bottom of
/etc/ssh/sshd_config
:Note: the user will be able to overwrite an existing file.
Restart the
sshd
daemon.Set the owner of the directory
/home/stranger
toroot
:Note:
root
must be the owner and may be the only one to have write permission if ChrootDirectory is used. An alternative might be to add-d %u
to theForceCommand internal-sftp
line and setChrootDirectory /home
but a user will be able tocd /
and see other usernames withls
Create an upload directory for the user:
Now you can logon as user
stranger
using:When you upload a file it should be ok: