You can send files using public/private key pair authentication for passwordless SFTP. This automates delivery of files to OCLC and eliminates the need to manually enter a password when using an SFTP account. It also allows your institution to change the key on a regular basis for added security.
For security reasons, we do not support passing of the SFTP password via a script, but offer the public/private key pair solution instead to allow fully automated scripts to be written for uploading and downloading to our server.
This procedure is for Linux systems. Although similar methods would be used for other systems, OCLC has tested this method using Linux as the SCP and SFTP client machine. A password is requested while uploading the public key, but once replaced, future logins and file transfers do not require a password.
Generate and upload your public key
To generate and upload your public key to your SFTP account:
- Generate a private/public key pair on your client machine and put it in a file called /home/user1/.ssh/id_rsa.pub on your local machine.
If you are unsure how to generate a private/public key pair, you can use the method described here: https://askleo.com/how_can_i_automate_an_sftp_transfer_between_two_servers/ (this method puts the private/public key file in the correct place on your local machine automatically).
- Upload your public key to .ssh/authorized_keys in your SFTP account on scp.oclc.org.
.ssh/authorized_keys file before uploading the new one. The new file you upload automatically replaces the existing file while retaining its permissions and ownership properties. If you delete the existing file before uploading the new file, you will have insufficient rights on the system to set the necessary group ownership for .ssh/authorized_keys and therefore will continue to be asked for a password.Do not delete the existing
The examples below indicate more than one space to illustrate where a space is needed. When entering your commands, please use only one space.
If using a Linux-based system, you can use either of these commands to upload the public key file to the correct location (both commands presuppose you generated the private/public key using the method in the note to step 1 above).
Replace user1 below with the username you use to login to your local machine. Replace xxx with your SFTP username.
- First command
- scp /home/user1/.ssh/id_rsa.pub firstname.lastname@example.org:.ssh/authorized_keys
- Second command
- sftp email@example.com
- put/home/user1/.ssh/id_rsa.pub .ssh/authorized_keys