[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ssl ftp

To: HTTPAPI and FTPAPI Projects <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: ssl ftp
From: Scott Klement <sk@xxxxxxxxxxxxxxxx>
Date: Mon, 04 Feb 2008 17:16:59 -0600
In-reply-to: <OFEFC8E977.6ACBC25D-ON862573E5.007276C8-862573E5.0073AE2C@xxxxxxx>
List-help: <mailto:ftpapi-request@lists.scottklement.com?subject=help>
List-id: HTTPAPI and FTPAPI Projects <ftpapi.lists.scottklement.com>
List-post: <mailto:ftpapi@lists.scottklement.com>
List-subscribe: <http://www.scottklement.com/mailman/listinfo/ftpapi>, <mailto:ftpapi-request@lists.scottklement.com?subject=subscribe>
List-unsubscribe: <http://www.scottklement.com/mailman/listinfo/ftpapi>, <mailto:ftpapi-request@lists.scottklement.com?subject=unsubscribe>
References: <OFEFC8E977.6ACBC25D-ON862573E5.007276C8-862573E5.0073AE2C@xxxxxxx>
Reply-to: HTTPAPI and FTPAPI Projects <ftpapi@xxxxxxxxxxxxxxxxxxxxxx>
Sender: ftpapi-bounces@xxxxxxxxxxxxxxxxxxxxxx
User-agent: Thunderbird 2.0.0.9 (Windows/20071031)

There are two tools that are often referred to as "secure FTP".  There's 
the standard FTP protocol running over SSL or TLS.  The standard 
abbreviation for this is 'ftps' (just as HTTP over SSL is 'https', like 
when you visit a secure web site, the URL starts with 'https://')   Then 
there's a program named 'sftp' which isn't truly FTP, and doesn't use SSL.

There's a protocol called Secure Shell (or "SSH" short for _S_ecure 
_SH_ell).  This is a tool that lets you do remote logons to a server 
(like Telnet, but encrypted and secure) and it also has facilities for 
doing tunnelling (sort of a poor man's VPN) and file transfer.   SSH 
provides two programs for file transfer.  One is called "scp" (Secure 
Copy -- basically it's the Unix cp ("copy") command, except that it 
works over a network and has encryption.)  the other is called "sftp" 
(Secure FTP).   SFTP is neither SSL nor FTP.  It's just a user interface 
that looks a lot like FTP.  Under the covers, it's actually using the 
SSH protocol for communications.

You need to get clarification about whether you plan to use FTP over SSL 
(which is far less common in the broader industry, but maybe more common 
on iSeries, since it's been available longer) or whether you plan to use 
the 'sftp' tool which actually speaks the SSH protocol.

In either case, FTPAPI won't work.  FTPAPI does not do secure 
connections at all at this point.  If you want to write the code to add 
SSL support to it (and thus make it capable of 'ftps' communications) 
I'd welcome it, and would be happy if you contributed the code back to 
the project.

Alternately, you can use IBM's FTP client for 'ftps' support.  This is 
the regular 'FTP' command you get at a normal command-line.  It can be 
scripted to run in batch.  It's cumbersome, in my opinion, for 
program-driven stuff since your program can't react to any 
success/failures until after the entire script ends -- but it exists, 
and can be made to work.

Or for 'sftp' (SSH) you can get 5733-SC1, which is OpenSSH for i5/OS. 
It's a free licpgm from IBM, and supports 'sftp', 'scp' and other SSH 
tools, but it runs in PASE, which may be uncomfortable if you're not 
used to Unix.  But it works very well, much better than 'ftps' if you 
need to traverse NAT or some other types of firewalls.

I did write an article recently about using SSH ('sftp') from i5/OS if 
you're interested:
http://www.systeminetwork.com/article.cfm?id=56131

infosys5@xxxxxxx wrote:
>    Scott,
>    Let my clarify my first post, the ftp program is accessing the FTP
>    Server.  When we switch to a new ISP provider, we will be accessing
>    the FTP Server using sftp.    Our iSeries is at version V5R4 and I
>    have been successfully using version 2.1 of the FTPAPI.  I haven't had
>    any experience (as you can tell) with ssl or sftp - (thought all was
>    the same......), ok - now knowing this, will my FTPAPI still work, or
>    is there a "sftp" program that I will need instead?
>    Many thanks for the reply.
>    Diane
-----------------------------------------------------------------------
This is the FTPAPI mailing list.  To unsubscribe, please go to:
http://www.scottklement.com/mailman/listinfo/ftpapi
-----------------------------------------------------------------------

Follow-Ups:
- Re: ssl ftp
  - From: infosys5

References:
- Re: ssl ftp
  - From: infosys5

Prev by Date: Re: ssl ftp
Next by Date: Re: ssl ftp
Previous by thread: Re: ssl ftp
Next by thread: Re: ssl ftp
Index(es):
- Date
- Thread