Secure FTP Client Setup for Windows
- Download SFTP2 Client
- Download Expect for Windows
- How to Automate SFTP
- How to Setup a Scheduled Task
This page contains all the downloads and installation instructions that are needed to access our secure FTP services from a Microsoft Windows System. Unix users should contact firstname.lastname@example.org for assistance.
For normal SFTP services, users will only need to download the "sftp2.exe" client, but for more advanced users that plan to use scripts and scheduled tasks to access the SFTP services, there is an additional download and further instructions following the sftp2 client instructions.
Download SFTP2 Client
To access the secure ftp server, all uses must first download this free SSH Secure FTP client: sftp2.exe (1 Mb)
How to Download the SFTP Client
- Download "sftp2.exe"
A warning message will appear when downloading, but save anyway. It is recommended to save this file in you "C:\windows" directory by traversing the path in the window. If you are not logged into the system that the SFTP services will be used from, you should then copy this file to that system's c:\windows directory.
NOTE: After the file has been saved, another window may appear asking you to "Open" the file, do NOT choose to open the file. This file is not a zip file and doesn't need to be opened. Simply click "Close".
- Once the file is saved, you can test accessing the secure ftp server.
Open a command prompt on the system that you saved the file.
(To open a command prompt: click on "Start", "Run" and enter "cmd").
At the command prompt, you will need to type in the client "sftp2", the LSUHSC NT ID that you were assigned and the domain name as per the example below:
Note the space between sftp2 and the username.
If you have entered the command correctly, you will see a message that this is your first time accessing the secure FTP server and would you like to save the host key to your local system. By entering "yes" to save this key, will prevent displaying this message in the future. Note: you must enter "yes", not just "y".
Next, you will be prompted for the password of the special account assigned to you.
If you enter the correct password, the sftp prompt will display:s
- You have successfully accessed SFTP, and can enter "quit" to exit.
Accessing SFTP via Scripts (For Advanced Users)
When automating SFTP transfers, the SFTP client should first be downloaded as per the instructions above.
To automate the SFTP session using scripts, an authentication method to communicate with the SFTP server is needed. We have decided to use "Expect for Windows" to provide this method. Expect (1.5 MB) is a freeware program that was created by Gordon Chaffe (http://expect.nist.gov/). Expect must be downloaded and installed on the system that the script will run on.
How to Download and Install "Expect for Windows".
- Since the scripts that we create use the "Sftp2" client above, please follow the instructions above and install sftp2 first.
Click on "Expect.exe" download link here
- A window will appear asking to save the file, click on "Save". Since Expect will be installed, you should save it in a temporary directory such as, c:\temp or c:\windows\temp.
- After the file has been saved, another window will appear asking you to "Open" the file. Click open to start the install of Expect.
- The Expect install will default to the C:\Program Files\Expect directory. We recommend to accept all the defaults during the install by clicking "Next" at each prompt. When the install is complete, click "Close". (The Expect program installs two other small programs, "TCL80" and "Wish80", that are used to test scripts.)
Now that Expect has been successfully installed, we need to map the "tcl" file extension to use the "Wish80" program installed by Except.
- Open your Windows Explorer by "Right" clicking on "Start" and then choosing "Explore".
- In the left-side pane, traverse to the directory path, "c:\program files\expect-5.21". Note: If you installed Expect to a different location, traverse to that location.
- The right-side pane should now be displaying the Expect directories: "bin", "include", and "lib". If so, right click your mouse in the right-side pane and a menu will appear. Chose "New" then "Text Document".
- Name the new document "test.tcl". You may be prompted that changing the file name may no longer allow it to work, click "Yes" or "OK".
- Next, hold down the shift key and right click on the new document file "test.tcl". A menu you will display, choose "Open With", and then "Choose Program".
- The Open With Window will appear, click the "Other" button at the bottom of the window and traverse to the Expect Bin Directory: "C:\program files\expect\bin".
- In the Expect\Bin directory choose the program "Wish80.exe" and then "OK" to accept.
- To test the "tcl" mapping, double click on the "test.tcl" that you created. If your mapping was successful, a small window will appear with the name Test. If the window appears, the mapping was successful, simply click the "X" to close it. If the window does not appear, contact email@example.com for assistance.
Before working with script files, you should already:
- Installed the sftp2 client
- Tested accessing the SFTP server manually
- Accepted the SFTP server host key
- Installed the Expect program, and
- Mapped the "tcl" extension to the "Wish80.exe" program
First we will describe a small overview of why and how the script file works, then give an example script file, and finally give other commands that can be added to the script.
Script files are used to automatically access the Secure FTP services (SFTP). Because the SFTP services require a user id and password to login, there must be a method in place that will pass the user id and password when prompted by the SFTP. Since the sftp2 client doesn't provide a method to pass this information, we will use the "Expect / Wish80" programs to provide this process.
- First, start by creating a script file (a text file) using Notepad, you will need this file with the ".tcl" extension. Actually, you can open the "test.tcl" that you created in the steps above.
The first line of the script file will start the connection to the SFTP server:
spawn sftp2 UserID@sftp.lsuhsc.edu
The next line will use an Expect statement to tell the script how the server is going to reply :
expect -exact "UserID's password: "
After the script has received this reply, it will then send the UserID's password:
You must include the "\r" which sends a return key.
At this point you are logged into the SFTP server. In your script, you can use normal ftp commands to change directories, get / put files, etc... Just use the "send" and "\r" around the commands:
To change a directory: send "cd /directorypath\r"
To upload a file: send "put filename.extension\r"
VERY IMPORTANT: The script file can contain many commands, but must end with these three statements:
spawn kill wish80.exe
(This command kills the process that the script is running under. Because the Expect and Wish80 applications were converted from Unix modules, the script process will continue to run even after your commands have been completed, and each time you run the script, a new process will be created.)
Example script file: The User ID is "John, the password is "12345", the SFTP server IP is 123.456.789.10 and we want to upload the file "tool.dat" to the directory "support":
spawn sftp2 John@sftp.lsuhsc.edu
expect -exact "John's password: "
send "cd /Support\r"
send "put tool.dat\r"
One additional phase can be setup to help automate the SFTP process. Specific times can be scheduled when the script should run, (hourly, daily, weekly, bi-weekly, etc.)
- Open the Microsoft Scheduled Tasks by clicking "Start", "All Programs", "Administrative Tools", "Task Scheduler"
- Start the Scheduled Task Wizard by double clicking on "Add Schedule Task".
- After the Wizard starts, click on "Next" to confirm that you want to begin..
- The wizard will take about minute to start and then display a list of available programs on your system.
- Click on the "Browse" button located on the bottom of the window and traverse to your script file. If we use the "test.tcl" from the example above, this file would be located at "C:\program files\expect\test.tcl".
- Next, you will be prompted for a name for the task and when the task should run. By clicking next, you will be allowed to enter specific time and start date of process. All these options can be changed at a later dated if needed.
- By clicking next, you will be prompted to enter the User ID that the task needs to run as. You should NOT use your User ID, because once your password expires, you will need to change it here every month. If not, the task will fail and your account will eventually get locked out. You should use the system account issued to you by Information Security. Also, this account will need to be added to the proper local system account that is allowed to run scheduled tasks. Contact your local computer supporter for assistance with this.
- Click Finished. You can now test your schedule task by right-clicking on the Schedule Task and choosing "Run".