Arnie,
It doesn't really matter if the remote user knows anything about the IBM i,
SSH/SFTP are open source. So, if the remote user/admin is capable of
configuring their side of the connection, it does not matter what system
they are running on. It's great if the remote side is also using OpenSSH,
since you can assist each other in the configuration, but that will have no
impact on your ability to create a successful sftp connection.
Also note the IBM i Red Book is very outdated. Some of it is still valid
but may list old key types like dsa. Completely ignore the "Setting up and
running the sshd daemon" section. That whole chapter has been replaced with
command STRTCPSVR SERVER(*SSHD). Since you're connecting to a remote server
this does not matter.
All of the commands below must be done using the ID you plan to use for your
SFTP connection. There are options to do this on behalf of another user,
but the commands below assume you are using the same user id.
Replace "lcluser" with the user id you signed on with.
Replace "rmtuser" with the user id on the remote side
And of course, replace the IP Address as well.
1) Create the .ssh Directory
CRTDIR DIR('/home/lcluser/.ssh') DTAAUT(*EXCLUDE) OBJAUT(*NONE)
2) Create your keypair
CALL QP2TERM
ssh-keygen -t rsa
take the defaults, do not add a passphrase
Send the public key to the remote user.
3) Add the remote host key to your known_hosts file. The connection to
the remote server will only partially succeed. (The output you get will be
similar, but it will vary some)
ssh -v rmtuser@192.168.1.2
The authenticity of host 192.168.1.2 (192.168.1.2)' can't be established.
ED25519 key fingerprint is SHA256:z1234564587qwerty z1234564587qwerty.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])?
Enter yes
The remote servers public key will be installed in your known_hosts file.
/home/lcluser/.ssh/known_hosts
4) Once the remote user installs your public key, you should be able to
connect to their server using the following command.
sftp -v rmtuser@192.168.1.2
The ssh logs contain a lot of gibberish. You need to read through it and
pick out the parts that are important. That's not easy to do when your new
with ssh.
When there is a failure, the logs may not tell you why. This is especially
true when the issue is on the remote side. The idea is giving you too much
information on why the connection failed would be a security risk.
Generally speaking, the logs on the remote server are far more helpful if
someone on the remote side is able to read them.
Also, if you have further questions, I would recommend you include the exact
commands you enter and not ssh -l (the_user_name_they_supplied)
(the_IP_address)
include ssh -l xyz@192.168.99.1
You can obfuscate the information, just don't change the format. It's
impossible to tell if you entered a valid command from the above.
Good luck.
-----Original Message-----
From: OpenSource <opensource-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Arnie
Flangehead
Sent: Tuesday, May 28, 2024 5:44 AM
To: IBMi Open Source Roundtable <opensource@xxxxxxxxxxxxxxxxxx>
Subject: Re: [IBMiOSS] Understanding SSH Key Pairs
Yes, good question, I should have included that. Here's the short version
without logging:
ssh -l (the_user_name_they_supplied) (the_IP_address)
Welcome to (The Name of the Server) SFTPtcgetattr: Invalid argument
Received disconnect from (the_IP_address) port 22:7:
Disconnected from (the_IP_address) port 22
$
That's a lower-case letter L as the second parameter, not the numeral 1.
--
This is the IBMi Open Source Roundtable (OpenSource) mailing list To post a
message email: OpenSource@xxxxxxxxxxxxxxxxxx To subscribe, unsubscribe, or
change list options,
visit:
https://lists.midrange.com/mailman/listinfo/opensource
or email: OpenSource-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at
https://archive.midrange.com/opensource.
.
midrange.com
