Automate iSeries SFTP to a remote SFTP host

Does anyone know how to SFTP data from an iSeries to a remote host that requires username, password, and the public key to be accepted?

I've reviewed the following articles, but there still seems to be something missing for my particular problem:
https://www-304.ibm.com/support/docview.wss?uid=nas8N1014104

http://www.experts-exchange.com/Programming/System/AS_-_400/Q_28632312.html

I need to automate this because it's going to be a daily process. I thought the first IBM link using the CL program was answer, but there's a few missing details.
LVL 8
LajuanTaylorAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Gary PattersonVP Technology / Senior Consultant Commented:
ssh password authentication isn't intended to be used with batch processes, since it requires you store the password - usually in an insecure way.  Password authentication is intended for interactive file transfer processes.  Automated processes usually use public key authentication.

There is no way to specify a password on the sftp command line, and I don't think sftp starts sending commands from a "-b" batch file until authentication is completed.  So that means your process will probably just hang on the interactive password request.  IBM i has particular problems with interactive sftp authentication that I won't go into.

Using password authentication for batch sftp processes is a bad practice, and violates good security practices.  Best thing to do is to talk to the person managing the sftp server, and ask them to switch to the correct authentication method for batch , which is public key.  Who knows, maybe a miracle will happen.  You can refer them to this article:

https://www.ibm.com/developerworks/community/blogs/brian/entry/when_to_use_expect_scripting_and_when_to_avoid_it10?lang=en

So when they tell you "no", your best alternative is to use Expect.  We use this with backward, uninformed trading partners who can't be bothered to implement public key authentication for sftp and insist we use password authentication.

Expect lets you perform interactive "conversations" in batch.

Scott Klement explains all this in this presentation:

http://www.scottklement.com/presentations/Setting%20up%20and%20Scripting%20the%20OpenSSH,%20SFTP%20and%20SCP%20Utilities%20on%20IBM%20i.pdf

Take a look and let me know if you have any questions.

- Gary
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
LajuanTaylorAuthor Commented:
Thank You Gary.

This is exactly what I needed to know.
0
Gary PattersonVP Technology / Senior Consultant Commented:
I've set up IBM i sftp many, many times (several times in the past two weeks, for that matter), so post back if you need anything else.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
IBM System i

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.