Strange problem in SFTP script

Any IBM i topic that does not fit in another forum
Post Reply
moti
Posts: 4
Joined: Tue Aug 17, 2021 12:37 pm

Strange problem in SFTP script

Post by moti »

HI,
I'm using a SFTP script for some time, encountering no problems.
The script is as follows:
#!/usr/local/bin/expect -f
set timeout 500
spawn sftp $env(SSH_USER)@$env(SSH_HOST)
expect {
default {exit 2}
"continue connecting (yes/no/)?" {send "yes\n"; exp_continue}
"password:" {send "$env(SSH_PASS)\n"; exp_continue}
"sftp>" }
send "put $env(SSH_FILE_IN) $env(SSH_FILE_OUT)\n"
expect {
default {exit 2}
"not found" {exit 3}
"sftp>" }
send "quit\n"
exit 0


The usual response I get from the server (as appears in the log) is as follows (details were changed by Xs or random digits...):
spawn sftp xxxxxxxxxx@XXXXXXXXXX
........
The authenticity of host 'XXXXXXXXXX (01.002.003.04)' can't be established.
RSA key fingerprint is SHA256:xxxxxxxxxxxxxx.
Are you sure you want to continue connecting (yes/no)? yes
............
xxxxxxxxxx@XXXXXXXXXX's password:
Connected to XXXXXXXXXX.
etc.....

The important line is the one written in blue....

From about a week ago, I started to get a new response from the SFTP server:
Are you sure you want to continue connecting (yes/no/[fingerprint])?
The new addition ([fingerprint]) causes the script to get stuck and the "yes" answer does not get the response expected (to continue the script).
I tried to add the new text ([fingerprint]) to the script as follows:
expect {
default {exit 2}
"continue connecting (yes/no/[fingerprint])?" {send "yes\n"; exp_continue}

but the response I get is:
invalid command name "fingerprint"
while executing
"fingerprint"
invoked from within
"expect {
default {exit 2}
"continue connecting (yes/no/[fingerprint])?" {send "yes\n"; exp_continue}
"password:" {send "$env(SSH_PASS)\n"; ex..."


Have you encountered such a problem?
Do you have any idea as to how I can overcome this so the script will continue working as usual?
The problem is somewhat urgent, so I would be grateful for a response ASAP.

TIA.
Have a nice day.
Moti.
Scott Klement
Site Admin
Posts: 636
Joined: Sun Jul 04, 2021 5:12 am

Re: Strange problem in SFTP script

Post by Scott Klement »

Why not use something like this, so it doesn't matter if it offers the fingerprint option?

Code: Select all

expect {
   default {exit 2} 
   "continue connecting (yes/no" {send "yes\n"; exp_continue}
   "password:" {send "$env(SSH_PASS)\n"; exp_continue}
   "sftp>" }
   
Why do you refer to this a a "strange problem"?
moti
Posts: 4
Joined: Tue Aug 17, 2021 12:37 pm

Re: Strange problem in SFTP script

Post by moti »

Scott hi,

That's the way i originally found out about the addition of the [fingerprint] text....
The original script was indeed like that:
expect {
default {exit 2}
"continue connecting (yes/no)?" {send "yes\n"; exp_continue}
"password:" {send "$env(SSH_PASS)\n"; exp_continue}
"sftp>" }

and then (by looking at the log) the script just stopped working after this statement:
Are you sure you want to continue connecting (yes/no/[fingerprint])?

I refer to it as a strange problem, first because the script is sending a specific statement and the log shows a different one, and second it turns out that the TEST server is returning the "new" statement but the PRODUCTION one is still returning the old one and the script works as intended. I tried to find out if the provider changed version or something like that and the reply was negative.

I tried it again just now and it's still stuck, at the same statement....
Do you have any inkling as to what causes the problem? Why does the new text ([fingerprint]) appear?
How I can (if at all) ignore it or solve the problem?

Thanks for the prompt response.
Have a nice day.
Moti.
moti
Posts: 4
Joined: Tue Aug 17, 2021 12:37 pm

Re: Strange problem in SFTP script

Post by moti »

Scott hi,

I tried to change the statement to "continue connecting (yes/no/fingerprint)?" {send "yes\n"; exp_continue} (without the "[ ]"), but it still stops...
I just looked at the log again.
After the "spawn" statement I see a line as follows:
RSA key fingerprint is SHA256:YZ1tnZNGc7gfuEVxu9Ee31/T29p/9NbcKMtYLt3ll1g.
Looking back, I see that it's the same key as before, long before the [fingerprint] text appeared and the script was working as intended.
Can this be the problem? If so, how can I change (if at all) the key? Or is it something the server initiates and I have no say in it....

Moti.
Scott Klement
Site Admin
Posts: 636
Joined: Sun Jul 04, 2021 5:12 am

Re: Strange problem in SFTP script

Post by Scott Klement »

It needs to be a string that will actually appear on the screen!

"continue connecting (yes/no/fingerprint)?" won't work, because this never appears on the screen. likewise, "continue connecting (yes/no)?" won't work since the new version no longer contains "(yes/no)" with the closing parenthesis like that.

That is why I suggest "continue connecting (yes/no" (without the closing parenthesis).
moti
Posts: 4
Joined: Tue Aug 17, 2021 12:37 pm

Re: Strange problem in SFTP script

Post by moti »

Scott,

YOU'RE THE GREATEST !!!!!

I changed the script as you suggested and it worked beautifully.....

Thank you VERY MUCH.

Have a nice day.
Moti.
Post Reply