How create FTP script on UNIX (HP) to send a file with encryption, SSH, Kermit, etc...

Posted on 2002-05-30
Medium Priority
Last Modified: 2013-12-06
As of today, we have a customer (receiving point) that would like us to FTP (we send) the EDI files (ship notices) across the Internet.

On our side we have an HP-UX UNIX box. I believe the customer has Windows
2000 on the other end. If forced we could use a Windows box as the sender.

The customer would like us to FTP a file to them on a periodic basis over the
Internet. I have no issue with this.

*We also need to do this in an Unattended mode or on a schedule.

*My issue is one of security--how can we send a Secure FTP, with SSH, Kremit, SSL, etc.?
-I know nothing about how to do this or configure this, including any software we will need.
-I do know how to send a file via FTP though a command line.
-I also know how to set up an FTP server but doubt we will need that on our end as we are the sender and I hope we can get by without such.

But perhaps you have some comments on the above and below.

1. Do we use Kermit on our end to send from our Unix box?

2. Do we use SSH or something else?

3. How do we set these up on our end?

4. Then how do we do encrpty the file and send it in an unattended mode on a scheduled basis (perhaps through a CHRON job on UNIX (HP))

5. How do they (the receiver on Windows) unencrypt it?

6. What do they need on their (Windows) end in terms of software to handle our transmission?

Any other options of ease and low cost with security?

Another Scenario
We were told that a possible option is to consider sending the file
from our Unix or a Windows box on our end via SSL over the Internet
(instead of FTP).

BUT>>>>>>>>>>>>>>>>>>>>>>>We have no idea how to do this in an
unattended mode on Unix or on Windows.

In other words I have no clue if this is even possible in concept in a
batch or scheduled mode....................

Thanks for your time

Respectfully, Peter
Question by:pacumming
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
LVL 14

Expert Comment

ID: 7046794
FTP is totally insecure by itself.  If you're going to send things via FTP, then you should encrypt the payload with something like PGP or S/MIME.

Sending via HTTP/SSL is probably going to be easier.  There are various Perl modules (www.cpan.org) that talk HTTP, and you can combine these with OpenSSL to talk HTTP/SSL.

There's also the W3C's wget/wput, which is a command-line interface to HTTP/HTTPS.

Author Comment

ID: 7047182
Can you elaborate on the above in terms of the below, keeping in mind we need to run unattended and that we do not have a web server or browser on the sending box. If we need one we can get one.

1. How PGP would work. The process.
Is it-get PGP software. Encrypt the file, then FTP it?
They unencrypt it?

2. How would S/MIME work and what is needed in terms of software, scripts, etc.. on both ends.
I thought S/MIME was an Internet protocol so I am dumb when it comes to how to send data over the Internet without a browser on your system. Not sure how this could work unattended on UNIX or Windows.

3. Probably this is related to the above when you perhaps "Sending via HTTP/SSL"--again how do this on an HP UNIX box that has no web server or has any browser on it. Of course it does have IP access to the Internet and we can FTP anywhere. Thus it is exposed to the Internet.

4. I will look into this but perhaps you could elaborate while I go look at W3C on this:
There's also the W3C's wget/wput, which is a command-line interface to HTTP/HTTPS.
(again how run unattended)

What is the easiest, cost effective way?

Thanks, Peter
LVL 14

Accepted Solution

chris_calabrese earned 800 total points
ID: 7047582
1:  Both parties get PGP software (or GPG [www.gnupg.org], since PGP is no longer available for commercial use), both parties create keys, both parties exchange keys.  When sending a file, the file is encrypted/signed with GPG, sent, and then decrypted on the other side.

2:  S/MIME is very similar to PGP/GPG except that you purchase X.509 keys from Verisign, generate them with the Apache key generator, or some such, and you use slightly different softwrare (verisign sells this software, but there's also free software available).

3:  You don't need a web browser to talk HTTP.  There are several Perl modules on www.cpan.org that can do this, and there's also wget/wput, which is a command-line interface to HTTP and FTP.

HP-UX binaris for wget are available from http://hpux.cs.utah.edu/hppd/hpux/Gnu/wget-1.8/, but this doesn't really help.

wput, which has been renamed winie, is Java based and is available from http://jigsaw.w3.org/Winie/.  The site doesn't say for sure that it supports SSL, but I'd be extremely surprised if it doesn't given that it's from the w3c.

4:  See 3: for pointers to download locations.  Easiest way is probably going to depend on what the other side can do.  All can be done for zero cost.  Hmm, and my original post totally forgot another option which is sftp (SSH version of FTP).  Free version of this would be to use OpenSSH on both sides (www.openssh.com).
LVL 51

Expert Comment

ID: 7049819
all said what you asked for ..
I suggest using scp (or sftp, if you like more) with a public key authentification, that solves aour "unattendend" script too.

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction Regular patching is part of a system administrator's tasks. However, many patches require that the system be in single-user mode before they can be installed. A cluster patch in particular can take quite a while to apply if the machine…
I promised to write further about my project, and here I am.  First, I needed to setup the Primary Server.  You can read how in this article: Setup FreeBSD Server with full HDD encryption (http://www.experts-exchange.com/OS/Unix/BSD/FreeBSD/A_3660-S…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Suggested Courses
Course of the Month9 days, 2 hours left to enroll

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question