Debes tener instalado el LICPGM 5733SC1 (*BASE y OP.1).
Genera el almacén de claves en el SERVER: Aquí te va una viejo instructivo que
use hace tiempo…espero te sirva.
1. CONFIGURATION REQUIRED IN SYSTEM (SOURCE). This will be a client connecting
to SFTP server in AS/400.
1.1 Create server keys to prepare SFTP to run as a server (if necessary).
To run the sshd server on i5/OS:
· The userid that starts the server must have *ALLOBJ special authority
· The userid that starts the server must be 8 or fewer characters long
· Before starting sshd for the first time, you will need to generate
host keys:
ssh-keygen -t rsa1 -f
/QOpenSys/QIBM/UserData/SC1/OpenSSH/openssh-3.5p1/etc/ssh_host_key -N ""
ssh-keygen -t dsa -f
/QOpenSys/QIBM/UserData/SC1/OpenSSH/openssh-3.5p1/etc/ssh_host_dsa_key -N ""
ssh-keygen -t rsa -f
/QOpenSys/QIBM/UserData/SC1/OpenSSH/openssh-3.5p1/etc/ssh_host_rsa_key -N ""
1.2 Prepare SFTP to run as a client.
Create the directory <user id> under /home directory. <user id> is the user
profile which will be used to generate the keys.
This user id must be a user profile with *SECADM and *ALLOBJ.
crtdir ‘/home/<user id>’
Generate a public key by entering the following commands on the iSeries’s
command line,
call qp2term
cd /home/<user id>
ssh-keygen -t rsa
Note that the directory /.ssh is automatically created under /home/<user id>
when the key is generated.
The public key will be created in IFS directory /home/<user id>/.ssh/ where
<user id> is the user profile used to run the above commands.
The public key file name is created with name id_rsa.pub and hidden by the
system for protection, therefore the file can only be accessed in the IFS
through iSeries Navigator.
FTP the file id_rsa.pub to your PC and email it to administrator of SFTP Server.
2. CONFIGURATION REQUIRED IN SERVER SYSTEM (TARGET).
2.1 If this is the first time using the sftp server in the iSeries, then create
the sftp server private and public keys.
2.2 Start sftp server
STRTCPSVR SERVER(*SSHD)
2.3 Determine what user id will be used to connect to the target system.
(UserID: SA007 is used in this sample).
call qp2term
2.4 Create directory .ssh under /home/user-id and grant access
mkdir /home/sa007/.ssh
chmod 700 /home/sa007/.ssh
chmod 744 <directory user name>
then
chmod g+s <directory user name>
2.5 Change current directory and import public key into file of authorized_keys
cd /home/sa007/.ssh
cat /home/sa007/.ssh/id_rsa.pub >> authorized_keys
2.6 Set permissions on authorized_keys (write authorities removed)
chmod go-rwx authorized_keys
2.7 Verify permissions on authorized_keys
ls –l
-rw------- 1 sa007 0 0 Jun 2 10:12 authorized_keys
2.8 Display content of authorized_keys
cat authorized_keys
AAAAB3NzaC1yc2EAAAABIwAAAIEAyWzV80LWVGXDYihITec/pz+phWKRsTLMmwuJOHxDS
CzZkbo70yQh42pOPJHyZA5zFzynm3EqM+c3NtD6oPdbrKBX/1Lie7GXCmZpO+N1iHwv8iRoNiOyRL
z9kny8nMCpXQDiyKGtwaX83+pwm3rt/JxNxyx0HGqEQSLmanPNI68= sa...@server.xxx.yyy
3. START SSH AGENT ON SOURCE SYSTEM AND PERFORM SFTP
3.1 Start ssh agent on the source system (to enable the system as sftp client)
ssh-agent $SHELL
ssh-add
Identity added: /home/SA007/.ssh/id_rsa (/home/SA007/.ssh/id_rsa)
3.2 Retrieve public key from the target system
ssh <target system>
The authenticity of host 'i5osp2 (172.17.17.29)' can't be established.
. key fingerprint is RSA.
Are you sure you want to continue connecting (yes/no)?
Reply yes to this question.
> yes
Warning: Permanently added 'i5osp2,nnn.nnn.nnn.nnn’ (RSA) to the list of known
hosts.
Sa007@SERVER password
3.3 Establish SFTP connection
sftp SERVER
3.4 Use sftp
put /QSYS.LIB/QGPL.LIB/TESTFILE.FILE /QSYS.LIB/QGPL.LIB/TESTFILE.FILE
3.5 How to debug the connection (if necessary).
sftp -vvv IP Server > /home/sa007/sftplog.txt 2>&1
The above command will dump the log of the sftp connection and authentication
to the file /home/sa007/sftplog.txt.
Ignacio T.
IT
De: forum.help400-boun...@listas.combios.es
[mailto:forum.help400-boun...@listas.combios.es] En nombre de
marti.ri...@gmail.com
Enviado el: sábado, 08 de junio de 2019 3:29
Para: Forum.Help400 <forum.help400@listas.combios.es>
Asunto: Re: sftp AS400
Hola,
Si lo tiene pero hay que instalarlas, ahora mismo no recuerdo la opción a
instalar.
Para saber si las tienes instalada
STRQSH CMD(sftp)
Saludos
Enviat amb GMail Android
El ds., 8 juny 2019, 04:36, Carlos C.
<paipuk...@hotmail.com<mailto:paipuk...@hotmail.com>> va escriure:
Buenas noches
Alguien puede indicarme si el Sistema Operativo del Iseries trae incorporado el
servicio SFTP para utlizar.
Estoy con FTP y me estan solicitando utilizar el SFTP.
Graccias por su ayuda.
Saludos
[https://ipmcdn.avast.com/images/icons/icon-envelope-tick-round-orange-animated-no-repeat-v1.gif]<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
Libre de virus.
www.avast.com<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
____________________________________________________
Únete a Recursos AS400, nuestra Comunidad ( http://bit.ly/db68dd )
Forum.Help400 © Publicaciones Help400, S.L.
-----------------------------------------------------------------
Notice of Confidentiality: The information transmitted is intended only for the
sender and person or entity to which it is addressed and may contain
confidential and/or privileged material. Any review, e-transmission,
dissemination or other use of, or taking of any action in reliance upon, this
information by persons or entities other than the intended recipient is
prohibited.
If you received this in error, please contact the sender immediately by return
electronic transmission and then immediately delete this transmission,
including all attachments, without copying, distributing or disclosing same.
------------------------------------------------------------------
Aviso de Confidencialidad: Este correo electrónico y/o el material adjunto es
para uso exclusivo del emisor y la persona o entidad a la que expresamente se
le ha enviado, y puede contener información confidencial o material
privilegiado. Si usted no es el destinatario legítimo del mismo, por favor
repórtelo inmediatamente al remitente del correo y bórrelo.
Cualquier revisión, retransmisión, difusión o cualquier otro uso de este
correo, por personas o entidades distintas a las del destinatario legítimo,
queda expresamente prohibido. Este correo electrónico no pretende ni debe ser
considerado como constitutivo de ninguna relación legal, contractual o de otra
índole similar.
____________________________________________________
Únete a Recursos AS400, nuestra Comunidad ( http://bit.ly/db68dd )
Forum.Help400 © Publicaciones Help400, S.L.
