× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. March 2008

Re: SFTP

Steve McKay wrote:
Once again, we're attempting to use SFTP (yes, the one in SSH) to
connect to a business partner's server. I've done the ssh-keyscan
and have gotten their public key (I think) and have done ssh-keygen
and created my private/public keys (I think). Do they have to
install my public key on their server?

When I 'call qp2term' and enter 'sftp myuserid@xxxxxxxxxxxxxxx', I
get the following response:

Connecting to ftp.theirserver.com...
Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,gssapi-with-mic,password).
Connection closed

I presume that I'm connected but don't have access to something on
their end. Are the 3 'permission denied' messages a result of a
'retry' or do I not have access to 3 things or what?

As Scott Klement mentions in his article, scp (and sftp) don't recognize a
5250 screen so it can be more difficult to debug an SSH connection using scp
or sftp. A limitation of not recognizing the interactive 5250 screen is not
trying to use interactive password authentication. ssh recognizes the 5250
screen and will do interactive password authentication (if the server is set
up to allow that kind of authentication). So, if the server will allow, it
is better to use ssh instead of scp or sftp until you get things going.

My guess as to the problem is that you need to get a public key on the
server to match up with a corresponding private key on your i5/OS machine.
Scott's article mentions some ways to do this.

It could also be an issue with directory permissions or ownership on the
server. See the "If you use public-key authentication to connect" bullets
on the http://www-03.ibm.com/servers/enable/site/porting/tools/openssh.html
page (note this is talking about these directories on the server side of the
connection)

As has also been mentioned in other replies, make sure the public key is in
the correct format for the version of SSH running on the server. You can
determine what version of SSH is running on a server by using telnet to
connect to the ssh port on the server. This CL command will do that:
telnet rmtsys(theirserver.com) port(22) You'll see a bit of text on the
screen with the SSH version, provider and code base. If it doesn't say
"OpenSSH" you may need to convert the public key file to the other format
with the ssh-keygen -e option.


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.