IBM i Global

Where can I find steps or documentation for setup, with examples, if possible, to do unattended SFTP on the IBM i?  We have a need to do SFTP instead of FTPS.  

Dear Amy

One good place is Scott Klement's web site  https://www.scottklement.com/presentations/  and download this presentation :

Here is an additional article on using SFTP inIBM i :  https://techchannel.com/SMB/12/2009/sftp-tips

Where can I find steps or documentation for setup, with examples, if possible, to do unattended SFTP on the IBM i?  We have a need to do SFTP instead of FTPS.  

Hi,

Some links, to add to Satid's answer

https://www.ibm.com/support/pages/configuring-ibm-i-sshd-server-use-public-key-authentication

https://www.ibm.com/support/pages/example-batch-sftp-script

https://www.ibm.com/support/pages/batch-sftp-download-example-using-password-authentication

https://blog.faq400.com/en/system-administration-en/sftp-with-password-no-ssh-key-authentication-it/

Dear Amy

One good place is Scott Klement's web site  https://www.scottklement.com/presentations/  and download this presentation :

Here is an additional article on using SFTP inIBM i :  https://techchannel.com/SMB/12/2009/sftp-tips

Where can I find steps or documentation for setup, with examples, if possible, to do unattended SFTP on the IBM i?  We have a need to do SFTP instead of FTPS.  

Hi,

Some links, to add to Satid's answer

https://www.ibm.com/support/pages/configuring-ibm-i-sshd-server-use-public-key-authentication

https://www.ibm.com/support/pages/example-batch-sftp-script

https://www.ibm.com/support/pages/batch-sftp-download-example-using-password-authentication

https://blog.faq400.com/en/system-administration-en/sftp-with-password-no-ssh-key-authentication-it/

Dear Amy

One good place is Scott Klement's web site  https://www.scottklement.com/presentations/  and download this presentation :

Here is an additional article on using SFTP inIBM i :  https://techchannel.com/SMB/12/2009/sftp-tips

Where can I find steps or documentation for setup, with examples, if possible, to do unattended SFTP on the IBM i?  We have a need to do SFTP instead of FTPS.  

And if you want a native application that runs on IBM i for SFTP..  Consider GoAnywhere..  https://www.fortra.com/product-lines/goanywhere#features

This product is an application for exchanging IBM i data from DB2 or other sources too.

Good luck

Tom

Hi,

Some links, to add to Satid's answer

https://www.ibm.com/support/pages/configuring-ibm-i-sshd-server-use-public-key-authentication

https://www.ibm.com/support/pages/example-batch-sftp-script

https://www.ibm.com/support/pages/batch-sftp-download-example-using-password-authentication

https://blog.faq400.com/en/system-administration-en/sftp-with-password-no-ssh-key-authentication-it/

Dear Amy

One good place is Scott Klement's web site  https://www.scottklement.com/presentations/  and download this presentation :

Here is an additional article on using SFTP inIBM i :  https://techchannel.com/SMB/12/2009/sftp-tips

Where can I find steps or documentation for setup, with examples, if possible, to do unattended SFTP on the IBM i?  We have a need to do SFTP instead of FTPS.  

And if you want a native application that runs on IBM i for SFTP..  Consider GoAnywhere..  https://www.fortra.com/product-lines/goanywhere#features

This product is an application for exchanging IBM i data from DB2 or other sources too.

Good luck

Tom

Hi,

Some links, to add to Satid's answer

https://www.ibm.com/support/pages/configuring-ibm-i-sshd-server-use-public-key-authentication

https://www.ibm.com/support/pages/example-batch-sftp-script

https://www.ibm.com/support/pages/batch-sftp-download-example-using-password-authentication

https://blog.faq400.com/en/system-administration-en/sftp-with-password-no-ssh-key-authentication-it/

Dear Amy

One good place is Scott Klement's web site  https://www.scottklement.com/presentations/  and download this presentation :

Here is an additional article on using SFTP inIBM i :  https://techchannel.com/SMB/12/2009/sftp-tips

Where can I find steps or documentation for setup, with examples, if possible, to do unattended SFTP on the IBM i?  We have a need to do SFTP instead of FTPS.  

I'm getting the error "Host key verification failed."  If I need to generate a different key type than what I did originally, will I need to delete my original keys first and then generate the new set?  For generating the key in PACE, is there a listing of type specification options for use in the command for that?  The options I've found are rsa, rsa1, dsa, or ecdsa.  

And if you want a native application that runs on IBM i for SFTP..  Consider GoAnywhere..  https://www.fortra.com/product-lines/goanywhere#features

This product is an application for exchanging IBM i data from DB2 or other sources too.

Good luck

Tom

Hi,

Some links, to add to Satid's answer

https://www.ibm.com/support/pages/configuring-ibm-i-sshd-server-use-public-key-authentication

https://www.ibm.com/support/pages/example-batch-sftp-script

https://www.ibm.com/support/pages/batch-sftp-download-example-using-password-authentication

https://blog.faq400.com/en/system-administration-en/sftp-with-password-no-ssh-key-authentication-it/

Dear Amy

One good place is Scott Klement's web site  https://www.scottklement.com/presentations/  and download this presentation :

Here is an additional article on using SFTP inIBM i :  https://techchannel.com/SMB/12/2009/sftp-tips

Where can I find steps or documentation for setup, with examples, if possible, to do unattended SFTP on the IBM i?  We have a need to do SFTP instead of FTPS.  

Dear Amy

One good place is Scott Klement's web site  https://www.scottklement.com/presentations/  and download this presentation :

Here is an additional article on using SFTP inIBM i :  https://techchannel.com/SMB/12/2009/sftp-tips

Where can I find steps or documentation for setup, with examples, if possible, to do unattended SFTP on the IBM i?  We have a need to do SFTP instead of FTPS.  

Good reference, thank you Satid:

The same happens with IFS, a kind of NFS, that is also not very secure, but its security may be improved with sshfs, which is also natively supported on IBM i.

Dear Amy

One good place is Scott Klement's web site  https://www.scottklement.com/presentations/  and download this presentation :

Here is an additional article on using SFTP inIBM i :  https://techchannel.com/SMB/12/2009/sftp-tips

Where can I find steps or documentation for setup, with examples, if possible, to do unattended SFTP on the IBM i?  We have a need to do SFTP instead of FTPS.  

For SFTP on IBM i, do you need the public key of the partner when you are the client and they have the server?  One document I found mentions having the partner's public key in your known_hosts file. 

Good reference, thank you Satid:

The same happens with IFS, a kind of NFS, that is also not very secure, but its security may be improved with sshfs, which is also natively supported on IBM i.

Dear Amy

One good place is Scott Klement's web site  https://www.scottklement.com/presentations/  and download this presentation :

Here is an additional article on using SFTP inIBM i :  https://techchannel.com/SMB/12/2009/sftp-tips

Where can I find steps or documentation for setup, with examples, if possible, to do unattended SFTP on the IBM i?  We have a need to do SFTP instead of FTPS.  

Dear Amy

>>>> For SFTP on IBM i, do you need the public key of the partner when you are the client and they have the server?  One document I found mentions having the partner's public key in your known_hosts file.  <<<<

Please refer to this IBM Technote for the answer :  Configuring the IBM i ssh, sftp, and scp clients to use public-key authentication at https://www.ibm.com/support/pages/configuring-ibm-i-ssh-sftp-and-scp-clients-use-public-key-authentication

For SFTP on IBM i, do you need the public key of the partner when you are the client and they have the server?  One document I found mentions having the partner's public key in your known_hosts file. 

Good reference, thank you Satid:

The same happens with IFS, a kind of NFS, that is also not very secure, but its security may be improved with sshfs, which is also natively supported on IBM i.

Dear Amy

One good place is Scott Klement's web site  https://www.scottklement.com/presentations/  and download this presentation :

Here is an additional article on using SFTP inIBM i :  https://techchannel.com/SMB/12/2009/sftp-tips

Where can I find steps or documentation for setup, with examples, if possible, to do unattended SFTP on the IBM i?  We have a need to do SFTP instead of FTPS.  

Thanks.  Yes, that is the document where I found mention of that.  Other documentation sources did not include that need.  When I asked our partner for their public key, they said I shouldn't need it.  So, I wanted to know if I was misunderstanding, and we didn't need it after all.  

Dear Amy

>>>> For SFTP on IBM i, do you need the public key of the partner when you are the client and they have the server?  One document I found mentions having the partner's public key in your known_hosts file.  <<<<

Please refer to this IBM Technote for the answer :  Configuring the IBM i ssh, sftp, and scp clients to use public-key authentication at https://www.ibm.com/support/pages/configuring-ibm-i-ssh-sftp-and-scp-clients-use-public-key-authentication

For SFTP on IBM i, do you need the public key of the partner when you are the client and they have the server?  One document I found mentions having the partner's public key in your known_hosts file. 

Good reference, thank you Satid:

The same happens with IFS, a kind of NFS, that is also not very secure, but its security may be improved with sshfs, which is also natively supported on IBM i.

Dear Amy

One good place is Scott Klement's web site  https://www.scottklement.com/presentations/  and download this presentation :

Here is an additional article on using SFTP inIBM i :  https://techchannel.com/SMB/12/2009/sftp-tips

Where can I find steps or documentation for setup, with examples, if possible, to do unattended SFTP on the IBM i?  We have a need to do SFTP instead of FTPS.  

>>>> When I asked our partner for their public key, they said I shouldn't need it.  <<<<

According to the Technote, your partner is right in saying that you do not need the public key because you use private key. It's them who need your public key you produce for them.

------------------------------
Education is not the learning of facts but the training of the mind to think. -- Albert Einstein.
------------------------------
Satid S.

Original Message:
Sent: Wed August 23, 2023 10:04 PM
From: Amy Vozza
Subject: How to SFTP on IBM i

Thanks.  Yes, that is the document where I found mention of that.  Other documentation sources did not include that need.  When I asked our partner for their public key, they said I shouldn't need it.  So, I wanted to know if I was misunderstanding, and we didn't need it after all.  

------------------------------
Amy Vozza

Original Message:
Sent: Wed August 23, 2023 09:52 PM
From: Satid Singkorapoom
Subject: How to SFTP on IBM i

Dear Amy

>>>> For SFTP on IBM i, do you need the public key of the partner when you are the client and they have the server?  One document I found mentions having the partner's public key in your known_hosts file.  <<<<

Please refer to this IBM Technote for the answer :  Configuring the IBM i ssh, sftp, and scp clients to use public-key authentication at https://www.ibm.com/support/pages/configuring-ibm-i-ssh-sftp-and-scp-clients-use-public-key-authentication

------------------------------
Education is not the learning of facts but the training of the mind to think. -- Albert Einstein.
------------------------------
Satid S.

Original Message:
Sent: Wed August 23, 2023 10:15 AM
From: Amy Vozza
Subject: How to SFTP on IBM i

For SFTP on IBM i, do you need the public key of the partner when you are the client and they have the server?  One document I found mentions having the partner's public key in your known_hosts file. 

------------------------------
Amy Vozza

Original Message:
Sent: Tue August 22, 2023 05:07 PM
From: Daniel Jose Lema Guanziroli
Subject: How to SFTP on IBM i

Good reference, thank you Satid:

The same happens with IFS, a kind of NFS, that is also not very secure, but its security may be improved with sshfs, which is also natively supported on IBM i.

------------------------------
Daniel Jose Lema Guanziroli

Original Message:
Sent: Thu August 17, 2023 10:12 PM
From: Satid Singkorapoom
Subject: How to SFTP on IBM i

Dear Amy

One good place is Scott Klement's web site  https://www.scottklement.com/presentations/  and download this presentation :

Here is an additional article on using SFTP inIBM i :  https://techchannel.com/SMB/12/2009/sftp-tips

------------------------------
Education is not the learning of facts but the training of the mind to think. -- Albert Einstein.
------------------------------
Satid S.

Original Message:
Sent: Thu August 17, 2023 04:58 PM
From: Amy Vozza
Subject: How to SFTP on IBM i

Where can I find steps or documentation for setup, with examples, if possible, to do unattended SFTP on the IBM i?  We have a need to do SFTP instead of FTPS.  

------------------------------
Amy Vozza
------------------------------

Good reference, thank you Satid:

The same happens with IFS, a kind of NFS, that is also not very secure, but its security may be improved with sshfs, which is also natively supported on IBM i.

Dear Amy

One good place is Scott Klement's web site  https://www.scottklement.com/presentations/  and download this presentation :

Here is an additional article on using SFTP inIBM i :  https://techchannel.com/SMB/12/2009/sftp-tips

Where can I find steps or documentation for setup, with examples, if possible, to do unattended SFTP on the IBM i?  We have a need to do SFTP instead of FTPS.  

Where can I find steps or documentation for setup, with examples, if possible, to do unattended SFTP on the IBM i?  We have a need to do SFTP instead of FTPS.  

Where can I find steps or documentation for setup, with examples, if possible, to do unattended SFTP on the IBM i?  We have a need to do SFTP instead of FTPS.  

Another product to look at is LFTP. It can be easily scripted and integrated into a CL. And is is free. 

Where can I find steps or documentation for setup, with examples, if possible, to do unattended SFTP on the IBM i?  We have a need to do SFTP instead of FTPS.  

Another product to look at is LFTP. It can be easily scripted and integrated into a CL. And is is free. 

Where can I find steps or documentation for setup, with examples, if possible, to do unattended SFTP on the IBM i?  We have a need to do SFTP instead of FTPS.  

Hi Peter, 
I'm trying to change ftp-scripts to SFTP using LFTP as it looks nice to use . 
You have examples of using LFTP ?
At this moment, the ftp-scripts are changing the input with example date and hour in the filenames that are ended. 

Would be nice to know how to do this with LFTP ... I guess we need to create the file and push it to ifs and use it from there.
Kinda new to this, so any help on LFTP and using open source Unix !
Greetings 

Another product to look at is LFTP. It can be easily scripted and integrated into a CL. And is is free. 

Where can I find steps or documentation for setup, with examples, if possible, to do unattended SFTP on the IBM i?  We have a need to do SFTP instead of FTPS.  

Hi Peter, 
I'm trying to change ftp-scripts to SFTP using LFTP as it looks nice to use . 
You have examples of using LFTP ?
At this moment, the ftp-scripts are changing the input with example date and hour in the filenames that are ended. 

Would be nice to know how to do this with LFTP ... I guess we need to create the file and push it to ifs and use it from there.
Kinda new to this, so any help on LFTP and using open source Unix !
Greetings 

Another product to look at is LFTP. It can be easily scripted and integrated into a CL. And is is free. 

Where can I find steps or documentation for setup, with examples, if possible, to do unattended SFTP on the IBM i?  We have a need to do SFTP instead of FTPS.  

Hi Peter, 
I'm trying to change ftp-scripts to SFTP using LFTP as it looks nice to use . 
You have examples of using LFTP ?
At this moment, the ftp-scripts are changing the input with example date and hour in the filenames that are ended. 

Would be nice to know how to do this with LFTP ... I guess we need to create the file and push it to ifs and use it from there.
Kinda new to this, so any help on LFTP and using open source Unix !
Greetings 

Another product to look at is LFTP. It can be easily scripted and integrated into a CL. And is is free. 

Where can I find steps or documentation for setup, with examples, if possible, to do unattended SFTP on the IBM i?  We have a need to do SFTP instead of FTPS.  

Where can I find steps or documentation for setup, with examples, if possible, to do unattended SFTP on the IBM i?  We have a need to do SFTP instead of FTPS.  

https://www.seidengroup.com/2022/12/27/automate-sftp-transfers-using-expect/

Where can I find steps or documentation for setup, with examples, if possible, to do unattended SFTP on the IBM i?  We have a need to do SFTP instead of FTPS.  

Where can I find steps or documentation for setup, with examples, if possible, to do unattended SFTP on the IBM i?  We have a need to do SFTP instead of FTPS.  

With the open PASE tools (yum), if ones want to avoid string script parsing as much as possible and need a robust solution with db usage, it is worth IMHO using a proper high level language given that SFTP and ODBC and error handling are usually decent (and useful in case of logging, auditing and faults). And invoke it from CL (using env vars or a db record).

Usually the solution is even more compact and simple than a pure shell script.

Anyway, given the pervasive and ubiquity requirements (like FTP in the past, and we got the command for it) in businesses, it would be nice if IBM considered to bring a standard CL/ILE solution for SFTP, usually basic operation like SENDFILE , RECEIVEFILE, LISTREMOTEDIR macro operations should be sufficient.

Even maybe an SQL interface to it (like it is fashion nowadays for many services) with robust exception returning...

Where can I find steps or documentation for setup, with examples, if possible, to do unattended SFTP on the IBM i?  We have a need to do SFTP instead of FTPS.  

I was trying to setup an SFTP access for IBMi where my IBMi would be acting as the host and an SAP server would be acting as a client.

I did all these steps given in this link. Note: I wanted to give restricted access to the SFTP client so I had to use CHROOT to create a 'jailed root' for the user profile using which the SFTP will be initiated. 

Everything else works fine, but when I initiate the connection, the connection gets closed in 5-6 seconds. 

Please see the screenshot below.

Note: The full access method given in the above link works fine. But I'm trying to setup the 'jailed root' method using CHROOT. 

Could you please tell me what am I doing wrong?

Regards,

Ravi.

With the open PASE tools (yum), if ones want to avoid string script parsing as much as possible and need a robust solution with db usage, it is worth IMHO using a proper high level language given that SFTP and ODBC and error handling are usually decent (and useful in case of logging, auditing and faults). And invoke it from CL (using env vars or a db record).

Usually the solution is even more compact and simple than a pure shell script.

Anyway, given the pervasive and ubiquity requirements (like FTP in the past, and we got the command for it) in businesses, it would be nice if IBM considered to bring a standard CL/ILE solution for SFTP, usually basic operation like SENDFILE , RECEIVEFILE, LISTREMOTEDIR macro operations should be sufficient.

Even maybe an SQL interface to it (like it is fashion nowadays for many services) with robust exception returning...

Where can I find steps or documentation for setup, with examples, if possible, to do unattended SFTP on the IBM i?  We have a need to do SFTP instead of FTPS.  

I usually add -vvv parameter (for maximum debug level logging) to the sftp command as a first step to any sftp comms triage effort. If you try that and share the output with us (it's going to be long), we could get better insight into the client side.

I was trying to setup an SFTP access for IBMi where my IBMi would be acting as the host and an SAP server would be acting as a client.

I did all these steps given in this link. Note: I wanted to give restricted access to the SFTP client so I had to use CHROOT to create a 'jailed root' for the user profile using which the SFTP will be initiated. 

Everything else works fine, but when I initiate the connection, the connection gets closed in 5-6 seconds. 

Please see the screenshot below.

Note: The full access method given in the above link works fine. But I'm trying to setup the 'jailed root' method using CHROOT. 

Could you please tell me what am I doing wrong?

Regards,

Ravi.

With the open PASE tools (yum), if ones want to avoid string script parsing as much as possible and need a robust solution with db usage, it is worth IMHO using a proper high level language given that SFTP and ODBC and error handling are usually decent (and useful in case of logging, auditing and faults). And invoke it from CL (using env vars or a db record).

Usually the solution is even more compact and simple than a pure shell script.

Anyway, given the pervasive and ubiquity requirements (like FTP in the past, and we got the command for it) in businesses, it would be nice if IBM considered to bring a standard CL/ILE solution for SFTP, usually basic operation like SENDFILE , RECEIVEFILE, LISTREMOTEDIR macro operations should be sufficient.

Even maybe an SQL interface to it (like it is fashion nowadays for many services) with robust exception returning...

Where can I find steps or documentation for setup, with examples, if possible, to do unattended SFTP on the IBM i?  We have a need to do SFTP instead of FTPS.  

I was trying to setup an SFTP access for IBMi where my IBMi would be acting as the host and an SAP server would be acting as a client.

I did all these steps given in this link. Note: I wanted to give restricted access to the SFTP client so I had to use CHROOT to create a 'jailed root' for the user profile using which the SFTP will be initiated. 

Everything else works fine, but when I initiate the connection, the connection gets closed in 5-6 seconds. 

Please see the screenshot below.

Note: The full access method given in the above link works fine. But I'm trying to setup the 'jailed root' method using CHROOT. 

Could you please tell me what am I doing wrong?

Regards,

Ravi.

With the open PASE tools (yum), if ones want to avoid string script parsing as much as possible and need a robust solution with db usage, it is worth IMHO using a proper high level language given that SFTP and ODBC and error handling are usually decent (and useful in case of logging, auditing and faults). And invoke it from CL (using env vars or a db record).

Usually the solution is even more compact and simple than a pure shell script.

Anyway, given the pervasive and ubiquity requirements (like FTP in the past, and we got the command for it) in businesses, it would be nice if IBM considered to bring a standard CL/ILE solution for SFTP, usually basic operation like SENDFILE , RECEIVEFILE, LISTREMOTEDIR macro operations should be sufficient.

Even maybe an SQL interface to it (like it is fashion nowadays for many services) with robust exception returning...

Where can I find steps or documentation for setup, with examples, if possible, to do unattended SFTP on the IBM i?  We have a need to do SFTP instead of FTPS.  

Dear Ravisankar

I'm confused. Do you use "Restricted Access" method described in your provided Github link?   If so, how do you encounter the problem when you already have those steps described in your link (which imply they should work)?    My guess is that one of those commands in the long list of preparation steps may have an error that you may overlook.  Do you ensure each command you run does not have an error returned by IBM i? 

I was trying to setup an SFTP access for IBMi where my IBMi would be acting as the host and an SAP server would be acting as a client.

I did all these steps given in this link. Note: I wanted to give restricted access to the SFTP client so I had to use CHROOT to create a 'jailed root' for the user profile using which the SFTP will be initiated. 

Everything else works fine, but when I initiate the connection, the connection gets closed in 5-6 seconds. 

Please see the screenshot below.

Note: The full access method given in the above link works fine. But I'm trying to setup the 'jailed root' method using CHROOT. 

Could you please tell me what am I doing wrong?

Regards,

Ravi.

With the open PASE tools (yum), if ones want to avoid string script parsing as much as possible and need a robust solution with db usage, it is worth IMHO using a proper high level language given that SFTP and ODBC and error handling are usually decent (and useful in case of logging, auditing and faults). And invoke it from CL (using env vars or a db record).

Usually the solution is even more compact and simple than a pure shell script.

Anyway, given the pervasive and ubiquity requirements (like FTP in the past, and we got the command for it) in businesses, it would be nice if IBM considered to bring a standard CL/ILE solution for SFTP, usually basic operation like SENDFILE , RECEIVEFILE, LISTREMOTEDIR macro operations should be sufficient.

Even maybe an SQL interface to it (like it is fashion nowadays for many services) with robust exception returning...

Where can I find steps or documentation for setup, with examples, if possible, to do unattended SFTP on the IBM i?  We have a need to do SFTP instead of FTPS.