Midrange News for the IBM i Community


Posted by: Chris Proctor
Programmer Analyst
Columbia Sports Company
Portland, OR
Any SFTP gurus out there?
has no ratings.
Published: 31 Jul 2012
Revised: 23 Jan 2013 - 1586 days ago
Last viewed on: 28 May 2017 (3284 views) 

Using IBM i? Need to create Excel, CSV, HTML, JSON, PDF, SPOOL reports? Learn more about the fastest and least expensive tool for the job: SQL iQuery.

Any SFTP gurus out there? Published by: Chris Proctor on 31 Jul 2012 view comments(7)

I'm hoping there might be an SFTP guru out there to help me figure this out! Undecided

We have an old FTP process that signed on to the bank and performed a GET, writing a single file to the IFS. Now, the bank has upgrade to SFTP and we no longer have access, so I've been asked to make it work! I have no experience with SFTP, so hopefully someone can tell me what I need to do to resolve my issues.

Here's what I've done:

  1. Called QP2TERM
  2. Set up my folders: /home/CPROCTOR/.ssh
  3. Generated the keys: ssh-keygen -t dsa -N "elephant" (the bank wanted a passphrase, and from what I could tell, the last parm is the passphrase)
  4. Sent the bank the public key: id_rsa.pub
  5. They installed the key on their system

Once the setup was done, I tried to access the bank via QP2TERM with the following command: sftp MNOT-00366@www.bankname.com  (MNOT-000366 was a "test userID" that the bank provided to us.

When I ran the above command, I got the following error msg:

Host key verification failed.

First of all, I'm not sure where the passphrase comes into play. I thought that when I typed the "sftp" command, I'd be prompted for the passphrase, but that didn't happen.

I realize that I may have more screwed up than I'm aware of, so any insight would be greatly appreciated.

 

Thanks!

Chris

 

Return to midrangenews.com home page.
Sort Ascend | Descend

COMMENTS

(Sign in to Post a Comment)
Posted by: bobcozzi
Site Admin ****
Chicagoland
Comment on: Any SFTP gurus out there?
Posted: 4 years 9 months 28 days 9 hours 8 minutes ago

Sorry Chris, I broke something last night, and apparently it wasn't resolved until only just now. Try again or simply edit your original post.

Posted by: BrianR
Premium member *
Green Bay, WI
Comment on: Any SFTP gurus out there?
Posted: 4 years 9 months 27 days 10 hours 5 minutes ago

There is a good explanation of OpenSSH (including SFTP) at: http://www.scottklement.com/presentations/#OPENSSH (the one titled Setting up and !--script--ing the OpenSSH, SFTP, and SCP Utilities on IBM i).  The part about Client Side SSH Tools will be useful (the server side tools don't apply to your situation).

I'm not a guru, but one problem (there may be others) might be that you didn't load the bank's public key on your system.  The easiest way to do that is to use the ssh tool (Scott's presentation gives instructions on how to do that).

Posted by: chrisp
Premium member *
Portland, OR
Comment on: Any SFTP gurus out there?
Posted: 4 years 9 months 27 days 8 hours 33 minutes ago

Hi Brian,

Yes, I did load the bank's public key in my known_hosts file. I'm getting closer. It appears to connect and I am seeing that it's going thru different things to verify the connection, but near the end of my log, I see the following:

WARNING! THIS SYSTEM IS FOR AUTHORIZED USE ONLY! The information on this computer and network is the property of a private corporation and is protected by intellectual property rights. You must be assigned an account on this computer to access information and are only allowed to access information as defined by the system administrators. Use of company resources should be for business purposes only and should be in compliance with the Code of Conduct and company policies and procedures. As the property of a private corporation, your activities may be monitored and/or recorded and you should have no expectation of privacy on this computer and its networks. All actions are monitored and recorded. Use of this computer implies consent to monitoring and recording.

 

debug1: Authentications that can continue: publickey,password

 

debug1: Next authentication method: publickey

 

debug1: Offering public key: /home/CPROCTOR/.ssh/id_rsa

 

debug2: we sent a publickey packet, wait for reply

 

debug1: Server accepts key: pkalg ssh-rsa blen 277

 

debug2: input_userauth_pk_ok: fp 81:d6:41:e6:44:6b:49:c4:72:f1:c5:10:aa:3a:12:63

 

debug1: PEM_read_PrivateKey failed

 

debug1: read PEM private key done: type <unknown>

 

debug1: Trying private key: /home/CPROCTOR/.ssh/id_dsa

 

debug2: we did not send a packet, disable method

 

debug1: No more authentication methods to try.

 

Permission denied (publickey,password).

 

Connection closed

 

I don't know what it's trying to do here, or what's causing it to close. Now, I did create the keys with a passphrase. That's what the bank wanted. So, I'm not exactly sure where I'd need that. In the !--script--?

Thanks for the help!

Chris

Posted by: clbirk
Premium member *
Comment on: Any SFTP gurus out there?
Posted: 4 years 9 months 27 days 7 hours 50 minutes ago

hey chris, chris here... Have you at least "tested" what you have with an sftp client program like filezilla which would maybe help you to pinpoint if you have some other issue?

 

I have done sftp which in the linux world is pretty standard, and really configuring ws_ftp or filezilla is really no more than using port 22 and "accepting their key". Maybe with the key situation the way you are going at it, that you can't test it on the "pc level".

 

I am not familiar with a passphrase situation for the keys, only except with pgp but of course that isn't what you are doing. My guess is that the passphrase comes into play only with the initial generation of the key and once you have generated your public and private key, you are done.

 

One thought if you can't get this working, assuming that you are running a client like client access that supports strpco and strpccmd (OR you put on aaron bartell's rpg2desktop (which is really slick), you could always use some sort of "batch sftp" pc program to get the file and to write it to the ifs, and then go and copy from stream file, etc.  I know that is not your desired approach but something to think about. However I don't know if there is any sort of batch "sftp", well there is, at least with batch synch http://www.sitedesigner.com/  I use both the instant synch and batch synch and literally bring down thousands of files daily (not necessarily all going to the i). 

 

just an alternative idea.

 

 

Posted by: BrianR
Premium member *
Green Bay, WI
Comment on: Any SFTP gurus out there?
Posted: 4 years 9 months 27 days 6 hours 45 minutes ago

Two other things that you might try:

1. Limit the user name to 8 characters in length.

2. Use the same user name on the i as on the bank system.

Posted by: chrisp
Premium member *
Portland, OR
Comment on: Any SFTP gurus out there?
Posted: 4 years 9 months 26 days 12 hours 57 minutes ago

I'll see if they can do that, Brian. At this point, I'll try anything. I'm thinking about driving out there and picking it up daily! Lol

Thanks!

Posted by: chrisp
Premium member *
Portland, OR
Comment on: Any SFTP gurus out there?
Posted: 4 years 9 months 26 days 11 hours 25 minutes ago

I finally got it working!!! YAY ME!!! Lol. Thanks for all the suggestions. I have one more issue where my log is being written to the IFS as garbage. It appears that it's not ascii, or something. I'll create another post for assistance with that, because this issue, for the most part is taken care of.

Thanks again!!