Re: SFTP from iSeries failes to connect while Filezilla works fine -- MIDRANGE-L

Hi Scott,

You're right, it won't see your 5250 terminal as a valid terminal. If you want to use password-based logins with SFTP interactively, you shouldn't use a 5250 terminal.

Using the Expect utility should work, though. However, it's kinda tricky to get Expect to work if you can't first do an interactive login.

I suggest setting up the sshd on your IBM i, and using Putty as an alternative to 5250 to log on to _your_ system. Once you're on your system, you can run the sftp tool to connect to the partner's system, and it should then allow passwords without problem. (This is described in my article, under the subhead "What If Interactive Logins Are Disabled?")

(Actually, maybe that's what you meant when you said "connect using putty", below. But you might also mean that you used the psftp utility to connect directly from Windows to your partner's system.)

Also, if it helps, you can find my other articles about OpenSSH on IBM i here:
http://www.scottklement.com/openssh/

Anyway, once you have it working interactively, you can probably write an Expect script to automate the process. Expect should certainly solve the issue with the terminal not being recognized.

I don't know why the digital key setup isn't working. I can only guess that something got mucked up somewhere... maybe the public key was installed incorrectly on the server (a copy/paste will often mess it up) or maybe it's generated to the wrong specs... Or maybe you have the key installed under the wrong userid... These guesses are just shots in the dark.

On 11/15/2010 3:11 PM, Scott Schollenberger wrote:

I ran the SFTP command from the QP2TERM session with the -vvv switch.
The debug output shows this information after each password attempt.

debug1: Authentications that can continue: password
debug3: start over, passed a different list password
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup password
debug3: remaining preferred: ,keyboard-interactive,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
debug1: read_passphrase: can't open /dev/tty: There is a request to a device or address that does not exist.
debug2: readpassphrase: not a 5250 return ENOTTY
debug3: packet_send2: adding 64 (len 51 padlen 13 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: Authentications that can continue: password
Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: There is a request to a device or address that does not exist.
debug2: readpassphrase: not a 5250 return ENOTTY
debug3: packet_send2: adding 64 (len 51 padlen 13 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: Authentications that can continue: password
Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: There is a request to a device or address that does not exist.
debug2: readpassphrase: not a 5250 return ENOTTY
debug3: packet_send2: adding 64 (len 51 padlen 13 extra_pad 64)
debug2: we sent a password packet, wait for reply
Received disconnect from X.X.X.X: 2: Too many logon attempts.

I then SSH'ed into my server using PuTTY and ran the same SFTP
command and got the prompts for password and connected successfully.

So it appears that SFTP doesn't see the QP2TERM session as a valid
TTY terminal. Which I guess makes sense since it isn't a TTY
terminal, but I was sure I had something like this working in the
past.

It also doesn't explain why the program to spawn a PASE session and
run SFTP using key authentication doesn't work.

Would you expect an SFTP script using the expect utility to work for
this setup? That was my next thing to try.