Solved

How create FTP script on UNIX (HP) to send a file with encryption, SSH, Kermit, etc...

Posted on 2002-05-30
4
573 Views
Last Modified: 2013-12-06
As of today, we have a customer (receiving point) that would like us to FTP (we send) the EDI files (ship notices) across the Internet.


On our side we have an HP-UX UNIX box. I believe the customer has Windows
2000 on the other end. If forced we could use a Windows box as the sender.

The customer would like us to FTP a file to them on a periodic basis over the
Internet. I have no issue with this.

*We also need to do this in an Unattended mode or on a schedule.

*My issue is one of security--how can we send a Secure FTP, with SSH, Kremit, SSL, etc.?
-I know nothing about how to do this or configure this, including any software we will need.
-I do know how to send a file via FTP though a command line.
-I also know how to set up an FTP server but doubt we will need that on our end as we are the sender and I hope we can get by without such.

But perhaps you have some comments on the above and below.

1. Do we use Kermit on our end to send from our Unix box?

2. Do we use SSH or something else?

3. How do we set these up on our end?

4. Then how do we do encrpty the file and send it in an unattended mode on a scheduled basis (perhaps through a CHRON job on UNIX (HP))

5. How do they (the receiver on Windows) unencrypt it?

6. What do they need on their (Windows) end in terms of software to handle our transmission?

Any other options of ease and low cost with security?


________________________
Another Scenario
________________________
We were told that a possible option is to consider sending the file
from our Unix or a Windows box on our end via SSL over the Internet
(instead of FTP).


BUT>>>>>>>>>>>>>>>>>>>>>>>We have no idea how to do this in an
unattended mode on Unix or on Windows.

In other words I have no clue if this is even possible in concept in a
batch or scheduled mode....................



Thanks for your time

Respectfully, Peter
0
Comment
Question by:pacumming
  • 2
4 Comments
 
LVL 14

Expert Comment

by:chris_calabrese
Comment Utility
FTP is totally insecure by itself.  If you're going to send things via FTP, then you should encrypt the payload with something like PGP or S/MIME.

Sending via HTTP/SSL is probably going to be easier.  There are various Perl modules (www.cpan.org) that talk HTTP, and you can combine these with OpenSSL to talk HTTP/SSL.

There's also the W3C's wget/wput, which is a command-line interface to HTTP/HTTPS.
0
 

Author Comment

by:pacumming
Comment Utility
Can you elaborate on the above in terms of the below, keeping in mind we need to run unattended and that we do not have a web server or browser on the sending box. If we need one we can get one.

1. How PGP would work. The process.
Is it-get PGP software. Encrypt the file, then FTP it?
They unencrypt it?

2. How would S/MIME work and what is needed in terms of software, scripts, etc.. on both ends.
I thought S/MIME was an Internet protocol so I am dumb when it comes to how to send data over the Internet without a browser on your system. Not sure how this could work unattended on UNIX or Windows.


3. Probably this is related to the above when you perhaps "Sending via HTTP/SSL"--again how do this on an HP UNIX box that has no web server or has any browser on it. Of course it does have IP access to the Internet and we can FTP anywhere. Thus it is exposed to the Internet.


4. I will look into this but perhaps you could elaborate while I go look at W3C on this:
There's also the W3C's wget/wput, which is a command-line interface to HTTP/HTTPS.
(again how run unattended)


What is the easiest, cost effective way?

Thanks, Peter
0
 
LVL 14

Accepted Solution

by:
chris_calabrese earned 200 total points
Comment Utility
1:  Both parties get PGP software (or GPG [www.gnupg.org], since PGP is no longer available for commercial use), both parties create keys, both parties exchange keys.  When sending a file, the file is encrypted/signed with GPG, sent, and then decrypted on the other side.

2:  S/MIME is very similar to PGP/GPG except that you purchase X.509 keys from Verisign, generate them with the Apache key generator, or some such, and you use slightly different softwrare (verisign sells this software, but there's also free software available).

3:  You don't need a web browser to talk HTTP.  There are several Perl modules on www.cpan.org that can do this, and there's also wget/wput, which is a command-line interface to HTTP and FTP.

HP-UX binaris for wget are available from http://hpux.cs.utah.edu/hppd/hpux/Gnu/wget-1.8/, but this doesn't really help.

wput, which has been renamed winie, is Java based and is available from http://jigsaw.w3.org/Winie/.  The site doesn't say for sure that it supports SSL, but I'd be extremely surprised if it doesn't given that it's from the w3c.

4:  See 3: for pointers to download locations.  Easiest way is probably going to depend on what the other side can do.  All can be done for zero cost.  Hmm, and my original post totally forgot another option which is sftp (SSH version of FTP).  Free version of this would be to use OpenSSH on both sides (www.openssh.com).
0
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
all said what you asked for ..
I suggest using scp (or sftp, if you like more) with a public key authentification, that solves aour "unattendend" script too.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Using libpcap/Jpcap to capture and send packets on Solaris version (10/11) Library used: 1.      Libpcap (http://www.tcpdump.org) Version 1.2 2.      Jpcap(http://netresearch.ics.uci.edu/kfujii/Jpcap/doc/index.html) Version 0.6 Prerequisite: 1.      GCC …
Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now