× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. RPG400-L
  3. February 2017

Re: Writing a SFTP script from a RPG program

Raul,

They are VERY different. SFTP is not FTP, but it is a program for the SSH protocol that provides FTP-like commands. The underlying network protocol is not FTP at all.

FTP with *SECURE is FTP over TLS/SSL (sometimes called "FTPS"). This does use FTP under the covers.

Unfortunately, FTP never worked well in an encrypted environment because it does not work properly with NAT, which almost everyone uses. In unencrypted FTP, the NAT gateway (usually part of your network router) can read the contents of the data and change it on-the-fly to correct this problem. But in encrypted communications, it can neither read it nor change it. (Can't read it because it's encrypted, can't change it because the encryption uses internal checksums to protect against tampering.) For this reason, most people using FTPS will disable encryption part of the time, which makes it significantly less secure than SSH (including SFTP). When you can get it working, it is often complicated, requiring multiple firewall changes, or the use of a proxy, etc.

SFTP (and other SSH tools) are much simpler. The port (port 22) must be open through the firewall, and that's it.. works without problems.

Other differences:

SSH uses digital public/private keys. FTPS uses SSL certificates. (The former is much easier to configure, and better suited to b2b applications. Whereas SSL certificates are really designed for publicly available servers, like HTTPS for shopping carts.)

The OpenSSH tools that IBM provides with the operating system do not provide any sort of file conversion routines. So they don't convert PF members to stream files for you, or convert EBCDIC/ASCII/UNICODE. This isn't a limitation of SSH/SFTP, but rather is due to the fact that IBM simply provides the Unix OpenSSH tools as-is rather than writing their own native interface. This is both good and bad. It's good because the open source version is much more widely used in the industry than any IBM-specific option is, so security flaws are fixed much faster, newer encryption and features are available much sooner, etc. It's bad because you have to take the extra step of converting your files separately using tools like CPYTOIMPF/CPYFRMIMPF or CPYTOSTMF/CPYFRMSTMF. Personally, I'd rather have the faster updates and better security, its not a big deal to run an extra command!

There are a few other minor differences.. like the SFTP scripts never include a userid/password, and have better features for error checking, etc.

I won't try to list every difference here... but these are the biggest ones.


On 2/2/2017 12:52 PM, Raul A Jager W wrote:
What is the difference between sftp in qshell and FTP in the command
line with PORT *secure?


On 02/02/2017 01:19 PM, Michael Ryan wrote:
Here's how I invoke sftp from CL:

CHGVAR VAR(&SFTPCMD) VALUE('/QOpenSys/usr/bin/' +
*CAT &SFTP *BCAT '-vvv -b +
/<somedir>/Script/<somescript>.txt' *BCAT +
<somehost> *BCAT '>> +
/<somedir><somelogfile>.txt 2>&1')

QSH CMD(&SFTPCMD)

<somescript> is on the IFS in a directory. You could use the IFS routines
to write the script file, or write the command to a phsyical file and use
CPYTOSTMF to copy it to the IFS. You could probably use your existing FTP
script program. Both FTP and sFTP use gets and puts and stuff.

On Thu, Feb 2, 2017 at 11:08 AM, Guy Henza <guyhenza@xxxxxxxxxxx> wrote:

I have a RPG program writing a FTP script and executing it. Now
management says it needs to be SFTP.

I understand that it runs from QSH and it runs on the IFS.

I will not be in charge of getting SFTP working just the program to
write
and execute the script.

Does anyone have any sample code they would be willing to share?


Regards,

Guy Henza
guyhenza@xxxxxxxxxxx<mailto:guyhenza@xxxxxxxxxxx>

--
This is the RPG programming on the IBM i (AS/400 and iSeries) (RPG400-L)
mailing list
To post a message email: RPG400-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/rpg400-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD



-- Este e-mail fue enviado desde el Mail Server del diario ABC Color --
-- Verificado por Anti-Virus Corporativo Symantec --

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.