Matthew Roessner
asked on
Setup SFTP for internal iSeries servers
I would like to set up SFTP for our internal iSeries servers. I have 24 iSeries servers and would like to SFTP between them all. Does anyone have a good resource for helping me to accomplish this?
Thanks
Thanks
Well, that's not sftp. That is ftp over ssl.
That said, ftps is relatively secure. It doesn't offer some of the features that sftp does, like public key authentication, easy basic automation using scp, complex scripting with Expect, ssh benefits, but it does get you a secure method of transferring files in an encrypted fashion, and retains the benefits of ftp, including remote command execution, FTP exit point processing, and compatibility with existing automated processes that you have that use FTP.
If you want to use sftp with public key authentication, here's a good article that explains the setup needed
http://www-01.ibm.com/support/docview.wss?uid=nas8N1012710
sftp has some complexities on IBM i. You may want to read these:
http://iprodeveloper.com/rpg-programming/ssh-scp-and-sftp-tools-openssh
http://www.ibmsystemsmag.com/ibmi/administrator/systemsmanagement/sFTP-Tips/
One problem is that it is tricky to use interactive password authentication in a 5250 session. I usually connect with ssh rather than green-screen when I need to use sftp with password authentication..
- Gary
That said, ftps is relatively secure. It doesn't offer some of the features that sftp does, like public key authentication, easy basic automation using scp, complex scripting with Expect, ssh benefits, but it does get you a secure method of transferring files in an encrypted fashion, and retains the benefits of ftp, including remote command execution, FTP exit point processing, and compatibility with existing automated processes that you have that use FTP.
If you want to use sftp with public key authentication, here's a good article that explains the setup needed
http://www-01.ibm.com/support/docview.wss?uid=nas8N1012710
sftp has some complexities on IBM i. You may want to read these:
http://iprodeveloper.com/rpg-programming/ssh-scp-and-sftp-tools-openssh
http://www.ibmsystemsmag.com/ibmi/administrator/systemsmanagement/sFTP-Tips/
One problem is that it is tricky to use interactive password authentication in a 5250 session. I usually connect with ssh rather than green-screen when I need to use sftp with password authentication..
- Gary
ASKER
I attempt to set up SFTP with the instructions you sent Gary (I had previously found this article as well). I create a RSA key and FTP both the public and private key to the remote iSeries I am trying to connect to.
If, from within CALL QP2TERM, I attempt to connect via SFTP:
sftp serveruid@somehost
I get the following errors:
Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,password,keyboa rd-interac tive).
Connection closed
Any ideas?
If, from within CALL QP2TERM, I attempt to connect via SFTP:
sftp serveruid@somehost
I get the following errors:
Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,password,keyboa
Connection closed
Any ideas?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the help Gary. That got me pointed in the right direction. I will post my instructions in case anyone else is wanting to get this set up.
One last question. Do you have any idea how to setup and/or view logging for SFTP?
Thanks again for your help
One last question. Do you have any idea how to setup and/or view logging for SFTP?
Thanks again for your help
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Gary helped point me in the right direction and I wanted to re-post the full solution
FTP RMTSYS(ftp.MyServer.com) SECCNN(*SSL) DTAPROT(*PRIVATE)
HTH,
DaveSlash