An sftp cmd line client. Allows syncing of entire directories to or from a remote sftp server.
- optionally remove files on remote side after transfer
- optionally archive/copy transferred files to a local archive directory
- openpgp encryption and decryption of files
- http connect proxy support (no auth)
- optional alert email on failure or success
- optionally check file size after a period to ensure size is stable before transfer
Usable.
-
clone the repo
-
pull in golang dependencies
make deps
- build the binary
make
- create the config file
cp config.example config.ini
- edit the config to suit your needs
Take a look in config.example for what configuration is available.
In the config file, you can define multiple "profiles". A single invocation of the sftpsyncr command must specify a single profile to use. A profile defines the connection sftp settings such as remote host, remote port, username etc. The defaults section is where you can define configurables that will apply to all profiles, if said configurable is not defined within the specific profile.
Password or ssh public key authentication can be used. ssh-agent can also be used by setting the environment SSH_AUTH_SOCK appropriately and disabling the password and key configurables.
Files can be encrypted prior to transfer, and decrypted after transfer. Use the public key ID only to identify the key to use.
An HTTP connect proxy can also be used (such as squid or apache). No proxy authentication methods are supported.
A single encryption key can be defined to encrypt ALL files to be transferred. Multiple decryption keys keys can be used to decrypt files with a specific suffix.
You can specify multiple decryption keys and passphrases within a profile. But they MUST be specified in their correct matching order. The reason is that the configuration package reads multiple values in to an array. So the passphrase for a key must have the same array index. It's easier for me this way - I am lazy. But it works fine if your config is correct.
Example config for multiple decryption keys:
decrypt = true
decryptsuffix = ".gpg"
decryptkeyid = 641E9413
decryptpassphrase = passphrase_for_key_641E9413
decryptkeyid = 3D0A8209
decryptpassphrase = passphrase_for_key_3D0A8209
In the above, only files with suffix of .gpg will be decrypted (or attempted to be decrypted). The order of key id's and passphrases is critical.
The following config will fail to decrypt files as the passphrases will be set to the wrong key.
decrypt = true
decryptsuffix = ".gpg"
decryptkeyid = 641E9413
decryptpassphrase = passphrase_for_key_3D0A8209
decryptkeyid = 3D0A8209
decryptpassphrase = passphrase_for_key_641E9413
Only a single encryption key (recipient) is supported. You can also specify the suffix for the resulting encrypted file using the encryptsuffix configurable. The default encryption suffix is .pgp.
ians@module:~/work/sftpsyncr$ ./sftpsyncr --help
usage: sftpsyncr [--version] [--help] <command> [<args>]
Available commands are:
pull synopsis: pull files from a remote sftp server
push synopsis: push files to a remote sftp server
ians@module:~/work/sftpsyncr$
ians@module:~/work/sftpsyncr$ ./sftpsyncr pull --help
Usage of pull:
-config string
config file in git config ini format (default "config.ini")
-profile string
sftp session profile to use (default "default")
ians@module:~/work/sftpsyncr$
ians@module:~/work/sftpsyncr$ ./sftpsyncr pull --config config.ini --profile tester
2016/01/05 21:36:13 start tester
2016/01/05 21:36:13 connect to localhost:22
2016/01/05 21:36:13 pull file remote/wunderbike.png, 231903 bytes in 15.939313ms
2016/01/05 21:36:13 pull file remote/hosts.gpg, 1524 bytes in 820.43µs
2016/01/05 21:36:13 pull decrypted file /tmp/local/hosts.gpg to /tmp/local/hosts
2016/01/05 21:36:13 pull directory remote/subdir
2016/01/05 21:36:13 pull file remote/subdir/wordpress-logo-notext-rgb.png, 18399 bytes in 1.259507ms
2016/01/05 21:36:13 3 files successfully pulled
2016/01/05 21:36:13 pulled: wunderbike.png
2016/01/05 21:36:13 pulled: hosts.gpg
2016/01/05 21:36:13 pulled: subdir/wordpress-logo-notext-rgb.png
2016/01/05 21:36:13 end tester
ians@module:~/work/sftpsyncr$
http connect proxy supportset filemode same as source fileoptional encrypt/decrypt of filesremove files after transferarchive files after transferemail logfile after success and/or failure- run an optional custom script after transfer session
Google group discussion here Uncomment the cipher here: https://github.com/golang/crypto/blob/master/ssh/cipher.go#L120
Using SciptRock/ssh and ScriptRock/sftp for now to support dodgy algos.
Neither sftp library appears to support compression atm.
Golang GPG examples (here)[http://julianyap.com/2014/07/04/gnu-privacy-guard-gpg-examples-using-golang.html]. Thanks Julian!