SSH

Setting up Non-interactive Authentication for Automatic Scripts

When Tectia Server is used for automated file transfer, you can create separate user accounts for file transfer purposes. When such user accounts are used only for non-interactive file transfers, it is advisable to disable terminal access on the server side. See instructions in Restricting Terminal Access.

Non-interactive authentication with public keys and scripted commands can be set for the SFTP accounts. For non-interactive batch jobs, you can use public-key authentication without a passphrase.

Running the client non-interactively requires that you have already saved the server's public host key on the client, and set up a non-interactive method for user authentication. Batch mode should be used non-interactively with command-line tools.

  1. Generate an RSA key pair with an empty passphrase by giving the following command:

    Client$ ssh-keygen-g3 -t rsa -P   
    

    where:

    • -t rsa generates an RSA key pair (default is DSA)

    • -P generates the private key with an empty passphrase.

    The default key length (2048 bits) is used.

  2. For uploading the keys, see instructions in Uploading Public Key Manually.

[Caution]Caution

Make sure your private key is not accessible to others. This is especially important when the key is stored without a passphrase.

For more information on other non-interactive authentication methods, see Chapter Authentication in Tectia Server Administrator Manual.