Using IBM i? Need to create Excel, CSV, HTML, JSON, PDF, SPOOL reports? Learn more about the fastest and least expensive tool for the job: SQL iQuery.
I'm hoping there might be an SFTP guru out there to help me figure this out!
We have an old FTP process that signed on to the bank and performed a GET, writing a single file to the IFS. Now, the bank has upgrade to SFTP and we no longer have access, so I've been asked to make it work! I have no experience with SFTP, so hopefully someone can tell me what I need to do to resolve my issues.
Here's what I've done:
Once the setup was done, I tried to access the bank via QP2TERM with the following command: sftp MNOT-00366@www.bankname.com (MNOT-000366 was a "test userID" that the bank provided to us.
When I ran the above command, I got the following error msg:
Host key verification failed.
First of all, I'm not sure where the passphrase comes into play. I thought that when I typed the "sftp" command, I'd be prompted for the passphrase, but that didn't happen.
I realize that I may have more screwed up than I'm aware of, so any insight would be greatly appreciated.
Thanks!
Chris
Sorry Chris, I broke something last night, and apparently it wasn't resolved until only just now. Try again or simply edit your original post.
There is a good explanation of OpenSSH (including SFTP) at: http://www.scottklement.com/presentations/#OPENSSH (the one titled Setting up and !--script--ing the OpenSSH, SFTP, and SCP Utilities on IBM i). The part about Client Side SSH Tools will be useful (the server side tools don't apply to your situation).
I'm not a guru, but one problem (there may be others) might be that you didn't load the bank's public key on your system. The easiest way to do that is to use the ssh tool (Scott's presentation gives instructions on how to do that).
Hi Brian,
Yes, I did load the bank's public key in my known_hosts file. I'm getting closer. It appears to connect and I am seeing that it's going thru different things to verify the connection, but near the end of my log, I see the following:
WARNING! THIS SYSTEM IS FOR AUTHORIZED USE ONLY! The information on this computer and network is the property of a private corporation and is protected by intellectual property rights. You must be assigned an account on this computer to access information and are only allowed to access information as defined by the system administrators. Use of company resources should be for business purposes only and should be in compliance with the Code of Conduct and company policies and procedures. As the property of a private corporation, your activities may be monitored and/or recorded and you should have no expectation of privacy on this computer and its networks. All actions are monitored and recorded. Use of this computer implies consent to monitoring and recording.
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: /home/CPROCTOR/.ssh/id_rsa
debug2: we sent a publickey packet, wait for reply
debug1: Server accepts key: pkalg ssh-rsa blen 277
debug2: input_userauth_pk_ok: fp 81:d6:41:e6:44:6b:49:c4:72:f1:c5:10:aa:3a:12:63
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
debug1: Trying private key: /home/CPROCTOR/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
Permission denied (publickey,password).
Connection closed
I don't know what it's trying to do here, or what's causing it to close. Now, I did create the keys with a passphrase. That's what the bank wanted. So, I'm not exactly sure where I'd need that. In the !--script--?
Thanks for the help!
Chris
hey chris, chris here... Have you at least "tested" what you have with an sftp client program like filezilla which would maybe help you to pinpoint if you have some other issue?
I have done sftp which in the linux world is pretty standard, and really configuring ws_ftp or filezilla is really no more than using port 22 and "accepting their key". Maybe with the key situation the way you are going at it, that you can't test it on the "pc level".
I am not familiar with a passphrase situation for the keys, only except with pgp but of course that isn't what you are doing. My guess is that the passphrase comes into play only with the initial generation of the key and once you have generated your public and private key, you are done.
One thought if you can't get this working, assuming that you are running a client like client access that supports strpco and strpccmd (OR you put on aaron bartell's rpg2desktop (which is really slick), you could always use some sort of "batch sftp" pc program to get the file and to write it to the ifs, and then go and copy from stream file, etc. I know that is not your desired approach but something to think about. However I don't know if there is any sort of batch "sftp", well there is, at least with batch synch http://www.sitedesigner.com/ I use both the instant synch and batch synch and literally bring down thousands of files daily (not necessarily all going to the i).
just an alternative idea.
Two other things that you might try:
1. Limit the user name to 8 characters in length.
2. Use the same user name on the i as on the bank system.
I'll see if they can do that, Brian. At this point, I'll try anything. I'm thinking about driving out there and picking it up daily! Lol
Thanks!
I finally got it working!!! YAY ME!!! Lol. Thanks for all the suggestions. I have one more issue where my log is being written to the IFS as garbage. It appears that it's not ascii, or something. I'll create another post for assistance with that, because this issue, for the most part is taken care of.
Thanks again!!