My weathercam has been running well now for over two and a half years (see this post for my setup).
This all came to a stop last week when the camera images stopped uploading to my website. For some reason, the Raspberry Pi wouldn’t connect to the web server via ftp. For the past couple of years, I’ve been successfully uploading a jpg file from a Raspberry Pi to my web server every 15 minutes using wput. The command I used was:
wput -B -u -nc /home/pi/camera/weathercam.jpg ftp://myusername:firstname.lastname@example.org/public_html/weather/weathercam.jpg
This is the error I now get:
--19:48:11-- `/home/pi/camera/weathercam.jpg' => ftp://myusername:email@example.com:21/public_html/weather/weathercam.jpg Connecting to xxx.xx.xxx.xxx:21... connected! TLS handshake failed SSL_ERROR_ZERO_RETURN-Bug Logging in as myusername ... Receive-Error: read() failed. Read '' so far. (errno: Broken pipe (32)) Receive-Error: Connection broke down. Waiting 10 seconds... Receive-Error: read() failed. Read '' so far. (errno: Broken pipe (32)) Receive-Error: Connection broke down. Connecting to xxx.xx.xxx.xxx:21... connected! TLS handshake failed SSL_ERROR_ZERO_RETURN-Bug
I tried for a short time to fix this but as I have never been happy having my password in a text file, I started thinking about another way to upload the camera image to the web server. SFTP (secure FTP) seemed to be the way to go. It is a command-line program for transferring files securely over a network connection.
One issue with SFTP running as part of a CRON job, I won’t be around to enter the password every fifteen minutes when it goes to upload the file. Therefore I needed to look for a secure way to automate this. Enter Public Key Authentication
Public Key Authentication lets you to log into a remote server securely without the need for a password. To get it to work, you generate a private key and a public key on your system. The public key gets copied to the remote server with the private key staying on the local machine. The two files are compared when you log into the remote machine and if they match, you are connected without typing in a password.
A good example on how to set this up is given on Computer Hope’s page ‘Linux sftp command’. But basically, this is what I did:
First off I generated the public and private keys by running the command:
ssh-keygenThis creates the files
id_rsa.pubin the folder
/home/username/.ssh/. I then changed the attributes of these files so only I could access them.
chmod 700 ~/.ssh/id_rsa* chmod 700 ~/.ssh
The next step is copying the public key to the server. The contents of the file
id_rsa.pub need to be appended to the file
authorized_keys in the folder
/home/username/.ssh/ on the server. If this file doesn’t exist, you just need to create it.
First, I opened
id_rsa.pub. It should look something like this (this example isn’t mine, just one I found on the web):
ssh-rsa AAAB3NzaC1yc2EAAAADAQABAAABAQDTiP0LXi74qgpp6VBqzro67QOGtum10t2epYsOm6kKncf62JVMSlwYH7QwAskxkA6ripvo+TlwRBqqLaF2ACX4CivQkoabqsdFAduGcKVICUFZaexUmw2eIEKF4qCOvRDP/uol1S+ID1glYJRSqDcmAb3jApTRDMXM/w7Tl3qz5/cp3MINKM3+apBfe7F7iDezjQ/U0HqtH2+Np83u4X2G+LIFnpV0RdalkqCuM6tSv2Cm4FdPazsIwSmFptBKnw00IdIqYpnkQmOJMk47cGDzqczii7KMCy3wRNqkaLwefRB0MZeJipz4+a27kQEqerAIHt37/MMT5XNqn3mqbI myuser@myhostname
I copied this text into my clipboard. Then I logged into the web server and opened the file
/home/username/.ssh/authorized_keys in a text editor and pasted the above text at the end of the file as a new line. Note, this text all goes on one line below any existing text. I saved the file and closed it.
Everything is now set up to upload files. The
SFTP command takes the list of files to upload from a batchfile. I created this file by simply typing the following into a new file
Then I just needed to modify my bash file
#1/bin/bash #Upload images to web server sftp -P 9999 -b /home/pi/imgList.txt firstname.lastname@example.org:/public_html/weather/Note, the -P argument is the port with 9999 being the port number (not the real number) and -b is the batchfile.
My CRON job calls the file
upimg.sh every fifteen minutes after taking a new photo and the image is copied to the webserver ready for it to be available to me webpage.
This has worked well and is much more secure than simple FTP so I am just going to run with this from now on.