IBM Support

Batch SFTP Download Example Using Password Authentication

Troubleshooting


Problem

This technical document describes how to use password authentication with SFTP.

Resolving The Problem

Prerequisites

57XXSS1 Option 30 (Qshell)

57XXSS1 Option 33 (Portable Application Solutions Environment)

5733SC1 Options *BASE & 1 (IBM Portable Utilities for i)

Assumptions

  • A user profile to run the batch SFTP process has been created.
  • A home directory in the IFS has been created for the user profile running the batch SFTP process.
  • The home directory parameter in the batch SFTP user's profile contains the absolute path to its home directory.
  • The SFTP server's public host key is stored in the known_hosts file in the batch SFTP user's .ssh directory.

The primary components for a batch SFTP procedure that use password authentication are as follows:

  1. Password Shell Script
  2. Batch SFTP Shell Script
  3. CL Program

Caution: The following batch procedure example is provided on an unsupported, AS IS basis. The preferred method for batch mode transfers is public key authentication. The use of a private/public key pair for user based authentication is more secure than a password. For batch connections that require password authentication, the procedure in this document describes how to submit a password to remote SFTP servers. The example provided here should be used as a guide to help implement password authentication with SFTP. The batch procedure that is configured on a client's system should be customized to their specific environment.
Step 1 - Create Shell Scripts



QSH CMD('/QOpenSys/usr/bin/touch /QOpenSys/etc/openssh_password_script.sh')

QSH CMD('/QOpenSys/usr/bin/touch /home/sftpuser/batch_sftp_script.sh')

Step 2 - Change Owner Of The Shell Scripts To The Batch SFTP User Profile



QSH CMD('/QOpenSys/usr/bin/chown sftpuser /QOpenSys/etc/openssh_password_script.sh')

QSH CMD('/QOpenSys/usr/bin/chown sftpuser /home/sftpuser/batch_sftp_script.sh')

Step 3 - Change IFS Authorities On The Shell Scripts



QSH CMD('/QOpenSys/usr/bin/chmod 755 /QOpenSys/etc/openssh_password_script.sh')

QSH CMD('/QOpenSys/usr/bin/chmod 755 /home/sftpuser/batch_sftp_script.sh')

Step 4 - Build Password Shell Script


EDTF '/QOpenSys/etc/openssh_password_script.sh'



Press F15 to enter the Edit File Options Screen.

The password shell script must have UNIX-style line ends (LF) at the ends of lines rather than (CR/LF) like on Microsoft Windows-based machines.

Entering option 5 on the Selection line and then specify *LF for the Stream file EOL option to append a line-feed at the end of each line in the file.




Press the enter key for the EOL change to take effect.

Press F3 to exit the Edit File Options screen.

Store the password for the user account that the SFTP server administrator provided in the password script file.



Note: The prefix area in the CMD column is used for entering edit commands. For example, typing In can insert n blank lines after the record. Conversely, you can use Dn to delete the current line and the next n-1 lines or D to delete one line.

Here's a brief description of each record in the password script file:

#!/bin/sh -> Specifies the shell that will interpret the commands in the script file.

printf -> Prints the password for the user account that the SFTP server administrator provided to transfer files.

Press F3 to Save/Exit the password shell script.

Step 5 - Build SFTP Script To Download Files Programmatically


EDTF '/home/sftpuser/batch_sftp_script.sh'



Press F15 to enter the Edit File Options Screen.

The batch sftp shell script must have UNIX-style line ends (LF) at the ends of lines rather than (CR/LF) like on Microsoft Windows-based machines.

Entering option 5 on the Selection line and then specify *LF for the Stream file EOL option to append a line-feed at the end of each line in the file.



Press the enter key for the EOL change to take effect.

Press F3 to exit the Edit File Options screen.

The batch sftp script file is used to transfer files with a remote system programmatically.



Note: The prefix area in the CMD column is used for entering edit commands. For example, typing In can insert n blank lines after the record. Conversely, you can use Dn to delete the current line and the next n-1 lines or D to delete one line.

Here's a brief description of each element in the batch sftp script file:

#!/bin/sh -> Specifies the shell that will interpret the commands in the script file.

export DISPLAY= SSH_ASKPASS=/QOpenSys/etc/openssh_password_script.sh -> Sets the $DISPLAY and $SSH_ASKPASS environment variables respectively. The SSH_ASKPASS environment variable provides the location of the password shell script.

printf -> Prints the string of characters that are to be piped to the sftp command.

"get /home/milbank/vpncfg.txt\nquit\n" -> Downloads "vpncfg.txt" to the batch SFTP user's home directory in the IFS.

serverUserID@server -> The syntax that's used to log into the SFTP server.

serverUserID -> The user id that the SFTP server administrator provided to transfer files.

server -> The IP address, Host Name, or Fully Qualified Domain Name of the SFTP server.

Press F3 to Save/Exit the batch sftp shell script.

Step 6 - Sample Batch SFTP CL Program



The CL program invokes separate QShell calls to execute the commands in the password & batch sftp script files.



Note: The IFS paths that include QOpenSys in the CL program above are case sensitive.

[{"Product":{"code":"SWG60","label":"IBM i"},"Business Unit":{"code":"BU009","label":"Systems - Cognitive"},"Component":"Communications-TCP","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"Version Independent","Edition":""}]

Document Information

Modified date:
18 December 2019

UID

nas8N1022287