[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ssl ftp
There are two tools that are often referred to as "secure FTP". There's
the standard FTP protocol running over SSL or TLS. The standard
abbreviation for this is 'ftps' (just as HTTP over SSL is 'https', like
when you visit a secure web site, the URL starts with 'https://') Then
there's a program named 'sftp' which isn't truly FTP, and doesn't use SSL.
There's a protocol called Secure Shell (or "SSH" short for _S_ecure
_SH_ell). This is a tool that lets you do remote logons to a server
(like Telnet, but encrypted and secure) and it also has facilities for
doing tunnelling (sort of a poor man's VPN) and file transfer. SSH
provides two programs for file transfer. One is called "scp" (Secure
Copy -- basically it's the Unix cp ("copy") command, except that it
works over a network and has encryption.) the other is called "sftp"
(Secure FTP). SFTP is neither SSL nor FTP. It's just a user interface
that looks a lot like FTP. Under the covers, it's actually using the
SSH protocol for communications.
You need to get clarification about whether you plan to use FTP over SSL
(which is far less common in the broader industry, but maybe more common
on iSeries, since it's been available longer) or whether you plan to use
the 'sftp' tool which actually speaks the SSH protocol.
In either case, FTPAPI won't work. FTPAPI does not do secure
connections at all at this point. If you want to write the code to add
SSL support to it (and thus make it capable of 'ftps' communications)
I'd welcome it, and would be happy if you contributed the code back to
the project.
Alternately, you can use IBM's FTP client for 'ftps' support. This is
the regular 'FTP' command you get at a normal command-line. It can be
scripted to run in batch. It's cumbersome, in my opinion, for
program-driven stuff since your program can't react to any
success/failures until after the entire script ends -- but it exists,
and can be made to work.
Or for 'sftp' (SSH) you can get 5733-SC1, which is OpenSSH for i5/OS.
It's a free licpgm from IBM, and supports 'sftp', 'scp' and other SSH
tools, but it runs in PASE, which may be uncomfortable if you're not
used to Unix. But it works very well, much better than 'ftps' if you
need to traverse NAT or some other types of firewalls.
I did write an article recently about using SSH ('sftp') from i5/OS if
you're interested:
http://www.systeminetwork.com/article.cfm?id=56131
infosys5@xxxxxxx wrote:
> Scott,
> Let my clarify my first post, the ftp program is accessing the FTP
> Server. When we switch to a new ISP provider, we will be accessing
> the FTP Server using sftp. Our iSeries is at version V5R4 and I
> have been successfully using version 2.1 of the FTPAPI. I haven't had
> any experience (as you can tell) with ssl or sftp - (thought all was
> the same......), ok - now knowing this, will my FTPAPI still work, or
> is there a "sftp" program that I will need instead?
> Many thanks for the reply.
> Diane
-----------------------------------------------------------------------
This is the FTPAPI mailing list. To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------