|
I need to build a program on the i5 in REXX or C to automate the sending of files via SFTP or some secure method native on the i5 but also native to a UNIX environment. Again, all this without using any QSHELL or other "called" environment. Yes, QP2TERM and SFTP work but I don't find any way to use SFTP in a batch i5 environment.
The SFTP command accepts a switch of -b to let you run a batch script.You can use the QP2SHELL API to run a PASE program from a native program. It should work just fine in batch.
As some background...The UNIX site I need to send files to asked me to use SSL. I thought great... that exists in the i5 FTP command. But, no go. The best I could get is logged on to their site and thrown into Passive Mode. That's as far as I could go; not even LS worked. Their site just seemed to hang at that point. Even trying to force to Active mode didn't work. This after trying to get certificates to match, exchange of public keys, etc.
That's very common because so many people use NAT. Even ISPs are using NAT more and more these days. The problem is, FTP sends the IP address to connect to via the control channel. Since NAT changes the actual IP address of the packets, the one that's sent through the control channel won't match. That is, if NAT gives you a private ip address of 192.168.0.1 and a public address of 1.2.3.4, then FTP will say (over the control channel) "Connect to be at 192.168.0.1 on port 1234". PRoblem is, for things to work, the connection really needs to be on address 1.2.3.4 since that's the public address.
With non-encrypted FTP, the NAT router can fix this. It simply looks for the IP address that's sent (192.168.0.1) and changes it to 1.2.3.4. No problem.
But with encrypted FTP (SSL) it can't do that, because the data is encrypted, it has no way of knowing where the IP address is sent in the stream. And even if it did, SSL provides protection against changes in the stream, so you can't change the data without triggering an error.
So this is a very common problem with SSL FTP. Many times, people will disable encryption on the control channel for this reason.
I need a way to do batch file transfers via a secure means directly from the i5 to a UNIX environment using something commonly found in both environments.
Now, SFTP is not SSL. And it's (technically) not FTP, either. IT's just a means of using the SSH protocol's file transfer ability with an interface that looks similar to FTP.
Unlike FTP, it uses one connection for the whole process. There's no need to negotiate a second connection by sending an IP address through the control channel, so there's no issue with the IP address needing to change. Therefore, it works fine through an encrypted channel.
SSH is ubiquitous in Unix environments. I wouldn't expect any trouble on the Unix end, the tricky part will be the System i end of things.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.