You are currently on IBM Systems Media’s archival website. Click here to view our new website.

IBM i > ADMINISTRATOR > SYSTEMS MANAGEMENT

sFTP Tips

What you need to know for easy and secure file transfers



 

Using sFTP

Once sFTP has been configured on both sides, use it to put and get files securely. Note that we specified SFTPUSER as the user that will perform the transfers between your system and your partner’s system. This is because the SFTPUSER home directory contains the encryption key information. You’ll probably use a different user profile (one assigned by your partner) as the sFTP login user. This is another potential issue. One of the issues I’ve faced with sFTP (though not often) is that the communications partner requires specific case in the user name. I’ve encountered this when communicating via sFTP to a mainframe. The mainframe sFTP implementation required uppercase user names. User-name case usually doesn’t matter, but when it does, it can take a while to discover the problem. Luckily, the solution is simple—use the case that your partner requires.

We’ll use user profile RMTUSER for the sFTP login user profile in this example.

Again entering the CALL QP2TERM command to invoke a PASE shell, use this command to start the sFTP session:

sftp RMTUSER@commpartner.com

This command provides a command line where you can put and get files, mput and mget multiple files, get directory listings with the ls command and perform other sFTP tasks. Enter “exit” at the sFTP prompt to exit sFTP.

OpenSSH vs. SSH2

Differences between the major sFTP programs can complicate sFTP processing. IBM i uses OpenSSH. Other systems (notably UNIX and Linux systems) use SSH2. The two keys are incompatible, but that’s easy to fix. If the communications partner’s public key (when viewed with DSPF or through WRKLNK) begins like this:

---- BEGIN SSH2 PUBLIC KEY ----
<many random characters>
---- END SSH2 PUBLIC KEY ----

Then that public key is in SSH2 format and must be converted to Open SSH format. You may also need to convert your OpenSSH public key format to SSH2. You can convert key formats with the ssh-keygen command:

ssh-keygen -i -f SSH2_format_file > OpenSSH_format_file>

Convert from OpenSSH format to SSH2 format with this command:

ssh-keygen -e -f OpenSSH_format_file > SSH2_format_file

The public key file after a conversion will have a comment line inserted to show the conversion. For example:

---- BEGIN SSH2 PUBLIC KEY ----
Comment: "1024-bit RSA, converted from OpenSSH by sftpuser@MYLOCALSYSTEM.COM"
AAAAB3NzaC1yc2EAAAABIwAAAIEAnh9SHBsSczgCRyKk2Ftf8EjBAkB4/7xjOmLOo/eIMr
G7aXtFM1OTr4A1Ax4mG6g4MrUfHS7/22h11pzFQFfpr8QXqyHj1qPSwt3HSbujj/NQZ/oB
7OZrck8nHp+4J53a7mLFNzH3zJ34vPw73xqimnqpItFJnbq9MrkfqbYgCoc=
---- END SSH2 PUBLIC KEY ----

The OpenSSH/SSH2 issue doesn’t seem to be as much of a problem as it used to be. However, different partners have different versions of SSH2, so be aware.

 

Michael Ryan is a technical editor with IBM Systems Magazine. Michael can be reached at michael@ryantechnology.com.



Advertisement

Advertisement

2019 Solutions Edition

A Comprehensive Online Buyer's Guide to Solutions, Services and Education.

IBM i > ADMINISTRATOR > SYSTEMS MANAGEMENT

Going Mobile With DB2 Web Query

IBM i > ADMINISTRATOR > SYSTEMS MANAGEMENT

Directing i

How to enable IBM i for management by IBM Systems Director

IBM i > ADMINISTRATOR > SYSTEMS MANAGEMENT

Putting the "V" in Virtualization

IBM eServer line delivers on the promise of virtualization

IBM Systems Magazine Subscribe Box Read Now Link Subscribe Now Link iPad App Google Play Store
IBMi News Sign Up Today! Past News Letters