SFTP (SSSH Transfer Protocol, or, Secure File Transfer Protocol) is an extension of the SSH (Secure Shell Protocol) protocol for file management. SFTP supports multiple authentication mechanisms including basic authentication (user & password). SFTP allows executing multiple consecutive commands by supplying an SFTP batch file like.
cd /the/directory
ls
Unfortunately, the SFTP command line client that comes with Ubuntu doesn’t allow us to use basic authentication in combination with batch files in a straight forward manner. The fix is shown below.
export SSHPASS="verysecret"
sshpass -e sftp -P 22 -o BatchMode=no -o PubkeyAuthentication=no -b - user@sftp.example.com <<EOF
cd /the/directory
ls
exit
EOF
This is, admittedly, a bit hacky. We are disabling batch mode while supplying a batch file. But it seems to work nonetheless.
Key points:
sshpassis used to add non-interactive user & password authentication- the user is specified in the url
user@sftp.example.com - the
-eflag tosshpasstells it to read the password from the environment variableSSHPASS - we tell
sftpto disable batch mode (BatchMode=no) and to not check host keys (PubkeyAuthentication=no, we could of course also add the host key toknown_hostsfor improved security) - the batch file is supplied from standard in via
-b -and using a Heredoc after thesftpcommand
For GitHub CI/CD, the community action milanmk/actions-file-deployer is available which conveniently strips away the complexity of the approach outlined above.