Troubleshooting
Problem
This technical document describes how to use password authentication with SFTP.
Resolving The Problem
Prerequisites
57XXSS1 Option 30 (Qshell)
57XXSS1 Option 33 (Portable Application Solutions Environment)
5733SC1 Options *BASE & 1 (IBM Portable Utilities for i)
Assumptions
- A user profile to run the batch SFTP process exists on the LPAR.
- A home directory in the IFS exists for the user profile that is running the batch SFTP process.
- The home directory parameter in the batch SFTP user's profile contains the absolute path to its home directory.
- The SFTP server's public host key is stored in the known_hosts file in the batch SFTP user's .ssh directory.
The primary components for a batch SFTP procedure that use password authentication is as follows:
- Password Shell Script
- Batch SFTP Shell Script
- CL Program
| Caution: The following batch procedure example is provided on an unsupported, AS IS basis. The preferred method for batch mode transfers is public key authentication. The use of a private and public key pair for user-based authentication is more secure than a password. For batch connections that require password authentication, the procedure in this document describes how to submit a password to remote SFTP servers. The following example provided can be used as a guide to help implement password authentication with SFTP. |
Step 1 - Create Shell Scripts
QSH CMD('/QOpenSys/usr/bin/touch /QOpenSys/etc/openssh_password_script.sh')
QSH CMD('/QOpenSys/usr/bin/touch /home/sftpuser/batch_sftp_script.sh')
Step 2 - Change Owner Of The Shell Scripts To The Batch SFTP User Profile
QSH CMD('/QOpenSys/usr/bin/chown sftpuser /QOpenSys/etc/openssh_password_script.sh')
QSH CMD('/QOpenSys/usr/bin/chown sftpuser /home/sftpuser/batch_sftp_script.sh')
Step 3 - Change IFS Authorities On The Shell Scripts
QSH CMD('/QOpenSys/usr/bin/chmod 755 /QOpenSys/etc/openssh_password_script.sh')
QSH CMD('/QOpenSys/usr/bin/chmod 755 /home/sftpuser/batch_sftp_script.sh')
Step 4 - Build Password Shell Script
EDTF '/QOpenSys/etc/openssh_password_script.sh'
Press F15 to enter the Edit File Options Screen.
The password shell script must have UNIX-style line ends (LF) at the ends of lines rather than (CR/LF) like on Microsoft Windows-based machines.
Entering option 5 on the Selection line and then specify *LF for the Stream file EOL option to append a line-feed at the end of each line in the file.
Press the enter key for the EOL change to take effect.
Press F3 to exit the Edit File Options screen.
Store the password for the user account that the SFTP server administrator provided in the password script file.
Note: The prefix area in the CMD column is used for entering edit commands. For example, typing In can insert n blank lines after the record. Conversely, you can use Dn to delete the current line and the next n-1 lines or D to delete one line.
Here's a brief description of each record in the password script file:
#!/bin/sh -> Specifies the shell that interprets commands in the script file.
printf -> Prints the password for the user account that the SFTP server administrator provided to transfer files.
Press F3 to Save and Exit the password shell script.
Step 5 - Build SFTP Script To Download Files Programmatically
EDTF '/home/sftpuser/batch_sftp_script.sh'
Press F15 to enter the Edit File Options Screen.
The batch sftp shell script must have UNIX-style line ends (LF) at the ends of lines rather than (CR/LF) like on Microsoft Windows-based machines.
Entering option 5 on the Selection line and then specify *LF for the Stream file EOL option to append a line-feed at the end of each line in the file.
Press the enter key for the EOL change to take effect.
Press F3 to exit the Edit File Options screen.
The batch sftp script file is used to transfer files with a remote system programmatically.
Note1: The prefix area in the CMD column is used for entering edit commands. For example, typing In can insert n blank lines after the record. Conversely, you can use Dn to delete the current line and the next n-1 lines or D to delete one line.
Here's a brief description of each element in the batch sftp script file:
#!/bin/sh -> Specifies the shell that interprets commands in the script file.
export DISPLAY= SSH_ASKPASS=/QOpenSys/etc/openssh_password_script.sh -> Sets the $DISPLAY and $SSH_ASKPASS environment variables in the batch script file. The SSH_ASKPASS environment variable provides the location of the password shell script.
printf -> Prints the string of characters that are to be piped to the sftp command.
"get /home/milbank/vpncfg.txt\nquit\n" -> Downloads file "vpncfg.txt" to the batch SFTP user's home directory in the IFS.
serverUserID@server -> Specifies the user profile and remote SFTP server.
serverUserID -> The user profile that the SFTP server administrator provided to transfer files.
server -> The IP address, Hostname, or Fully Qualified Domain Name of the SFTP server.
Note2: On OS releases 7.5+, the SSH_ASKPASS_REQUIRE environment variable needs to be added to the export line.
Here's an example of the export line on 7.5+ systems:
Press F3 to Save and Exit the batch sftp shell script.
Step 6 - Sample Batch SFTP CL Program
The CL program invokes separate Qshell calls to execute the commands in the password & batch sftp script files.
Note: The IFS paths that include QOpenSys in the CL program example is case-sensitive.
[{"Product":{"code":"SWG60","label":"IBM i"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Component":"Communications-TCP","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"Version Independent","Edition":"","Line of Business":{"code":"LOB57","label":"Power"}}]
Was this topic helpful?
Document Information
Modified date:
13 July 2023
UID
nas8N1022287