SSH Tectia

Setting up Non-interactive Authentication for Automatic Scripts

When SSH Tectia Server is used for automated file transfer, we recommend creating separate user accounts for file transfer purposes. When such user accounts are used only for non-interactive file transfers, it is advisable to disable terminal access on the server side. See instructions in Restricting Terminal Access.

Non-interactive authentication with public keys and scripted commands can be set for the SFTP accounts. For non-interactive batch jobs, it is recommended to use public-key authentication without a passphrase.

Running the client non-interactively requires that you have already saved the server host key on the client and set up a non-interactive method for user authentication. Batch mode should be used non-interactively with command-line tools.

  1. Generate an RSA key pair with an empty passphrase by giving the following command:

    Client$ ssh-keygen-g3 -t rsa -P   
    

    The options have the following meaning:

    • -t rsa generates an RSA key pair (default is DSA)

    • -P generates the private key with an empty passphrase.

    The default key length (2048 bits) is used.

  2. For uploading the keys, see instructions in Uploading Public Key Manually.

[Caution]Caution

Make sure your private key is not accessible to others. This is especially important when the key is stored without a passphrase.

For more information on other non-interactive authentication methods, see Authentication in SSH Tectia Server Administrator's Manual.