Re: IBM i as an sFTP Client -- MIDRANGE-L

Do you mean the OpenSSH 'sftp' program? Or do you mean FTP over SSL? Or something else?

FTP over SSL requires certificates, because SSL cannot operate without certificates. However, last I checked, client-side certificates were not supported in the IBM i implementation of FTP over SSL, so you'll almost certainly also need a userid/password.

OpenSSH's 'sftp' program, is completely incapable of using certificates, but has a somewhat similar thing in it's support for digital key pairs. But they are not required, they are an option to improve security.

What you might be thinking of is the fact that some of the openssh tools (including sftp) will not accept a password to be typed in a 5250 terminal. This is not because it doesn't support passwords, it's because it does not consider a 5250 terminal to be secure, because it's designed for Unix terminals. You can easily bypass this problem by using a Unix terminal emulation program to log on to PASE in IBM i, and run your sftp tool from there.

If you need to script a password (this is something that OpenSSH explicitly tries to stop you from doing because that's very insecure) you can bypass it with the Expect tool running in PASE.

On 5/22/2013 8:07 PM, Kirk Goins wrote:

I miss used certificate... but that answers the question. You must
pre-share keys.. bummer I was hoping for something a little more Dynamic...

Thanks

On Wed, May 22, 2013 at 5:45 PM, <brad.lovelady@xxxxxxxxxxxxxx> wrote:

No password or certificates, rather authentication and encryption is
function of your RSA or DSA key pair. It works just like SSH when you
exchange a public and private key between two hosts. Once the key pairs are
situated in the .SSH directories on each host the client will simply issue
the "sftp <userID>@<receiving host>".

***********************************
Bradford Lovelady

Operating Systems Engineer
Technology Infrastructure Services

Wells Fargo Bank l 200 Wildwood Pkwy l Birmingham, AL 35209
MAC W2691-010
Tel 205-938-1999 l Cell 205-826-2834

brad.lovelady@xxxxxxxxxxxxxx

Wells Fargo Confidential

This message may contain confidential and/or privileged information. If
you are not the addressee or authorized to receive this for the addressee,
you must not use, copy, disclose, or take any action based on this message
or any information herein. If you have received this message in error,
please advise the sender immediately by reply e-mail and delete this
message. Thank you for your cooperation.

-----Original Message-----
From: midrange-l-bounces@xxxxxxxxxxxx [mailto:
midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Kirk Goins
Sent: Wednesday, May 22, 2013 7:29 PM
To: Midrange-L
Subject: IBM i as an sFTP Client

Will the sFTP client do just plain old ID/PASSWORD authentication or MUST
I pre-install certificates? I think I must use certificates.

--
Kirk
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at http://archive.midrange.com/midrange-l.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.