Replacing FTP with SFTP

Admiral Huddy · 22 Jan 2010 at 09:57

Currently, we have various processes that FTP our backups to our DR host using FTP. These are done via scheduled FTP scripts from our iSeries.

We wish to secure these FTP processes with an encryption method and i've been asked to look at SFTP. However, I'm lead to believe that SFTP is not FTP over SHH. I'm not sure what this actually means so I'm a little confused.?

Does this means we'll have to re-engineer our FTP scripts? Or is it just a case of pointing the conection through a different port i.e. 22.

Any help would be greatly appreciated.

rpstewart · 22 Jan 2010 at 11:37

Unless your FTP scripts are complex then there isn't going to be a huge amount of re-engineering requried. PUT is still PUT etc.

The logon is probably the biggest change - I assume you'll be going to SSH key exchange rather than ID/Password authentication.

EDIT: Just noticed your comment about pointing the connection to port 22 - you'll need to replace your FTP client & server with an SFTP client & server.

Caged · 22 Jan 2010 at 12:40

SCP is another one to look at as well.

anything I don't mind · 22 Jan 2010 at 13:10

sftp is not ftp, although it has ftp in the name. it is just a ftp ssh connection.

to chroot or do any sort of advance config with sftp is very difficult or non existent. you can chroot sftp connections (although i have never tried)

sftp works great.

i have also used proftpd and pureftpd on nix based systems, i have more experience with proftpd and setup ftps with it, i just started using pureftpd cause apparently you can set it up so that you can allow uploads with no overwrite but with resume, which proftpd can not do :/

sftp does not have any advanced config options that i am aware of, like getting users from database user lists or upload download ratios etc.

if you are on windows i recommend the software total commander with the sftp plugin, cause it allows you to view the entire file structure of the remote machine in a dual window setup and allows remote move and copy which is amazing

Admiral Huddy · 22 Jan 2010 at 15:28

rpstewart said:
Unless your FTP scripts are complex then there isn't going to be a huge amount of re-engineering requried. PUT is still PUT etc.

The logon is probably the biggest change - I assume you'll be going to SSH key exchange rather than ID/Password authentication.

EDIT: Just noticed your comment about pointing the connection to port 22 - you'll need to replace your FTP client & server with an SFTP client & server.

Ok I think I half have you. So when i run the script, what dicates it's SFTP over FTP?

rpstewart · 22 Jan 2010 at 16:22

How's your script written?

I normally script all the commands and then call them using "ftp -s scriptfile hostname" or if it's sftp it becomes "sftp -o ssh_stuff -b scriptname hostname".

Admiral Huddy · 22 Jan 2010 at 16:46

The FTp is started on an iSeries

STRTCPFTP host which refers to a script to run

the script looks like ftis so the ftp x x x isn't atcually used.

Code:

 *** *****                                                   
 sendpasv                                                               
 binary                                                                 
 quote time 900 999999                                                  
 put blbsavlib/savedya blbsavlib/savedya                                
 quo rcmd sbmjob cmd(call pgm(blbsyslib/rstsavedya)) job(rstsavedya)    
 cd blbsavlib                                                           
 dir                                                                    
 close                                                                  
 quit

edit.. ok.. i've just found out that sftp isn't supported on the our current OS release.

rp.. that last post was a big help.. Thanks