Re: Queston on Using SFTP on iSeries.

SFTP requires an additional product on the 400. Once you have it, its cake. I went with a PC solution since it was far cheaper.

Re: Queston on Using SFTP on iSeries.

I take this is a thrird party product?

Is there a benefit of SSH over SSL?

Re: Queston on Using SFTP on iSeries.

The SFTP comes as a product from IBM on the iseries.

It depends on what the end user feels about the SSH or SSL. I like SSH over SSL. With SSL the key will expire and I always forget about it till it happens.

Re: Queston on Using SFTP on iSeries.

I just ran across this post and got curious. Since sftp has been free from IBM for many years, I can only think that some PC supplier of sftp will 'pay' me for using their software. That's the only way I can imagine something being "far cheaper" than 'free'. Or perhaps the comment referred to some 3rd-party purchased product for AS/400s? If cost is the issue, then the IBM product would be preferred to a purchased product.

Tom

Re: Queston on Using SFTP on iSeries.

Nice to see you here, Tom :-)

Yeah, this is a strange thread... though, I see it's a few years old.

FWIW: FTP over SSL has problems negotiating firewalls and NAT gateways due to the fact that opens multiple connections between the client and server, and the information about which connection will be made next is communicated inside the command channel. Since it's sent encrypted, the router/firewall/nat gateway has no way of knowing what that next connectioin will be (it can't break the encryption) so it can't prepare for it.

The result is one of two things:
1) SSL over FTP has to turn encryption off on the command channel (making it significantly less secure)
-or-
2) SSL over FTP fails to make it's connections (given the right circumstance)


SSH ("SFTP" is an FTP-like interface to SSH) does not have this problem, it uses a single connection, and even allows that connection to be multiplexed (so many things can happen simultaneously over that single connection.) For this reason, it's either easier to get working, or more secure, depending on how you look at it.

Furthermore, it seems to be much more widely used than FTP over SSL. At least, that's been my experience! Virtually all Unix systems have SFTP/SCP/SSH installed and running, and are the "normal" way of doing secure file transfers to them. It's very unusual, in my experience, to find folks outside of the IBM i community using FTP over SSL. It's just not widely used (probably because of the problems I mentioned, above.)

SSL is extremely widely used with HTTP -- but not so much with FTP.

SFTP is included with the IBM i operating system (since V5R4, though it was available at no charge on V5R3 as well, you just had to order it separately) and provides a very similar (but slightly better) scripting capability to what the FTP tool does. So the arguments made against it in this thread really don't make any sense.

The only disadvantage that I know of to using SFTP is that it's a Unix program running in PASE, and therefore doesn't work very well with native physical files. So you have to run CPYTOIMPF/CPYTOSTMF to convert your PF to an ASCII file first, and then transfer it. But, surely this isn't a big deal? But if this really stumps you, then you might need to get one of the 3rd party SSH/SFTP clients, and this might be where the cost comes from.

Re: Queston on Using SFTP on iSeries.

Commenting on what I said 3 years ago = Priceless.

Re: Queston on Using SFTP on iSeries.

Yeah, but new searchers will see it next week or next month or...

Tom

Re: Queston on Using SFTP on iSeries.

Hi, Scott. I've been kind of sidetracked for a few years, and I'm just starting to get back out in the world again. I should apologize to DeadManWalks because I see my choice of words was too flip. I should have found a straight way to say it. It's been a work week with a couple hours of sleep.

The whole FTP/sftp/SFTP/"FTP/S"/whatever mess makes for a tricky thread. It's too bad a few developers couldn't think of better acronyms back when they came up with names.

But I'll back out of this one for now. Time to take another nap.

Tom