Re: sftp AS400

Sat, 08 Jun 2019 09:57:22 -0700 

muchas gracias.
Estoy el v7r1mo.

gracias de nuevo

________________________________
From: forum.help400-boun...@listas.combios.es 
<forum.help400-boun...@listas.combios.es> on behalf of Téllez Alvarado, Ignacio 
<ignacio.tel...@scotiabank.cl>
Sent: Saturday, June 8, 2019 10:37 AM
To: forum.help400
Subject: RE: sftp AS400


Debes tener instalado el LICPGM  5733SC1 (*BASE y OP.1).

Genera el almacén de claves en el SERVER: Aquí te va una viejo instructivo que 
use hace tiempo…espero te sirva.



1. CONFIGURATION REQUIRED IN SYSTEM (SOURCE). This will be a client connecting 
to SFTP server in AS/400.



1.1 Create server keys to prepare SFTP to run as a server (if necessary).

To run the sshd server on i5/OS:

·         The userid that starts the server must have *ALLOBJ special authority

·         The userid that starts the server must be 8 or fewer characters long

·         Before starting sshd for the first time, you will need to generate 
host keys:

ssh-keygen -t rsa1 -f 
/QOpenSys/QIBM/UserData/SC1/OpenSSH/openssh-3.5p1/etc/ssh_host_key -N ""

ssh-keygen -t dsa -f 
/QOpenSys/QIBM/UserData/SC1/OpenSSH/openssh-3.5p1/etc/ssh_host_dsa_key -N ""

ssh-keygen -t rsa -f 
/QOpenSys/QIBM/UserData/SC1/OpenSSH/openssh-3.5p1/etc/ssh_host_rsa_key -N ""



1.2 Prepare SFTP to run as a client.



Create the directory <user id> under /home directory.  <user id> is the user 
profile which will be used to generate the keys.

This user id must be a user profile with *SECADM and *ALLOBJ.



       crtdir ‘/home/<user id>’



Generate a public key by entering the following commands on the iSeries’s 
command line,



call qp2term

cd /home/<user id>

ssh-keygen -t rsa



Note that the directory  /.ssh is automatically created under /home/<user id> 
when the key is generated.



The public key will be created in IFS directory /home/<user id>/.ssh/ where 
<user id> is the user profile used to run the above commands.

The public key file name is created with name id_rsa.pub and hidden by the 
system for protection, therefore the file can only be accessed in the IFS 
through iSeries Navigator.



FTP the file id_rsa.pub to your PC and email it to administrator of SFTP Server.



2. CONFIGURATION REQUIRED IN SERVER SYSTEM (TARGET).



2.1 If this is the first time using the sftp server in the iSeries, then create 
the sftp server private and public keys.



2.2 Start sftp server

STRTCPSVR  SERVER(*SSHD)



2.3 Determine what user id will be used to connect to the target system. 
(UserID:  SA007 is used in this sample).

call qp2term



2.4 Create directory .ssh under /home/user-id and grant access

mkdir /home/sa007/.ssh

chmod 700 /home/sa007/.ssh

chmod 744 <directory user name>

then

chmod g+s <directory user name>


2.5 Change current directory and import public key into file of authorized_keys

cd /home/sa007/.ssh

cat /home/sa007/.ssh/id_rsa.pub >> authorized_keys



2.6 Set permissions on authorized_keys (write authorities removed)

chmod go-rwx authorized_keys



2.7 Verify permissions on authorized_keys

ls –l

       -rw-------   1 sa007    0                 0 Jun  2 10:12 authorized_keys



2.8 Display content of authorized_keys

cat authorized_keys



AAAAB3NzaC1yc2EAAAABIwAAAIEAyWzV80LWVGXDYihITec/pz+phWKRsTLMmwuJOHxDS

CzZkbo70yQh42pOPJHyZA5zFzynm3EqM+c3NtD6oPdbrKBX/1Lie7GXCmZpO+N1iHwv8iRoNiOyRL

z9kny8nMCpXQDiyKGtwaX83+pwm3rt/JxNxyx0HGqEQSLmanPNI68= sa...@server.xxx.yyy





3.  START SSH AGENT ON SOURCE SYSTEM AND PERFORM SFTP



3.1 Start ssh agent on the source system (to enable the system as sftp client)

ssh-agent $SHELL

ssh-add

       Identity added: /home/SA007/.ssh/id_rsa (/home/SA007/.ssh/id_rsa)



3.2 Retrieve public key from the target system

ssh <target system>



The authenticity of host 'i5osp2 (172.17.17.29)' can't be established.

. key fingerprint is RSA.

Are you sure you want to continue connecting (yes/no)?

Reply yes to this question.



> yes





Warning: Permanently added 'i5osp2,nnn.nnn.nnn.nnn’ (RSA) to the list of known 
hosts.

Sa007@SERVER password



3.3 Establish SFTP connection

sftp SERVER



3.4 Use sftp

put /QSYS.LIB/QGPL.LIB/TESTFILE.FILE  /QSYS.LIB/QGPL.LIB/TESTFILE.FILE





3.5 How to debug the connection (if necessary).

sftp -vvv   IP Server > /home/sa007/sftplog.txt 2>&1



The above command will dump the log of the sftp connection and authentication 
to the file /home/sa007/sftplog.txt.







Ignacio T.





















IT

De: forum.help400-boun...@listas.combios.es 
[mailto:forum.help400-boun...@listas.combios.es] En nombre de 
marti.ri...@gmail.com
Enviado el: sábado, 08 de junio de 2019 3:29
Para: Forum.Help400 <forum.help400@listas.combios.es>
Asunto: Re: sftp AS400



Hola,

Si lo tiene pero hay que instalarlas, ahora mismo no recuerdo la opción a 
instalar.

Para saber si las tienes instalada

STRQSH CMD(sftp)

Saludos

Enviat amb GMail Android



El ds., 8 juny 2019, 04:36, Carlos C. 
<paipuk...@hotmail.com<mailto:paipuk...@hotmail.com>> va escriure:

Buenas noches

Alguien puede indicarme si el Sistema Operativo del Iseries trae incorporado el 
servicio SFTP para utlizar.



Estoy con FTP y me estan solicitando utilizar el SFTP.



Graccias por su ayuda.



Saludos



[https://ipmcdn.avast.com/images/icons/icon-envelope-tick-round-orange-animated-no-repeat-v1.gif]<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>

Libre de virus. 
www.avast.com<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>

____________________________________________________
Únete a Recursos AS400, nuestra Comunidad ( http://bit.ly/db68dd )
Forum.Help400 © Publicaciones Help400, S.L.

-----------------------------------------------------------------
Notice of Confidentiality: The information transmitted is intended only for the 
sender and person or entity to which it is addressed and may contain 
confidential and/or privileged material. Any review, e-transmission, 
dissemination or other use of, or taking of any action in reliance upon, this 
information by persons or entities other than the intended recipient is 
prohibited.
If you received this in error, please contact the sender immediately by return 
electronic transmission and then immediately delete this transmission, 
including all attachments, without copying, distributing or disclosing same.
------------------------------------------------------------------
Aviso de Confidencialidad: Este correo electrónico y/o el material adjunto es 
para uso exclusivo del emisor y la persona o entidad a la que expresamente se 
le ha enviado, y puede contener información confidencial o material 
privilegiado. Si usted no es el destinatario legítimo del mismo, por favor 
repórtelo inmediatamente al remitente del correo y bórrelo.
Cualquier revisión, retransmisión, difusión o cualquier otro uso de este 
correo, por personas o entidades distintas a las del destinatario legítimo, 
queda expresamente prohibido. Este correo electrónico no pretende ni debe ser 
considerado como constitutivo de ninguna relación legal, contractual o de otra 
índole similar.

____________________________________________________
Únete a Recursos AS400, nuestra Comunidad ( http://bit.ly/db68dd )
Forum.Help400 © Publicaciones Help400, S.L.

Responder a