Operating System - OpenVMS
1748227 Members
4135 Online
108759 Solutions
New Discussion юеВ

Re: Unable to get SFTP working to remote server

 
Steven Schweda
Honored Contributor

Re: Unable to get SFTP working to remote server

> We had a customer project with various SFTP servers (Redhat Linux and
> a MOVEit DMZ server) and had no problems copying files from the TCPIP
> V5.7 ECO 3 OpenVMS SFTP clients to those servers.

   How "various"?  UNIX(-like) servers seem not to mind the extra "./"
which the TCPIP client(s) seem to be adding to the destination paths.
The challenge is to find a non-UNIX(-like) server which hates it as much
as the one in this report.

john Dite
Frequent Advisor

Re: Unable to get SFTP working to remote server

Dennis,

this is what you should have.

Secure Shell:
TCPIP$SSH_SCP2;2 "V5.7-ECO5G" 26-NOV-2015 SYS$COMMON:[SYSEXE]
TCPIP$SSH_SFTP-SERVER2;2 "V5.7-ECO5G" 26-NOV-2015 SYS$COMMON:[SYSEXE]
TCPIP$SSH_SFTP2;2 "V5.7-ECO5G" 26-NOV-2015 SYS$COMMON:[SYSEXE]
TCPIP$SSH_SSH-ADD2;2 "V5.7-ECO5G" 26-NOV-2015 SYS$COMMON:[SYSEXE]
TCPIP$SSH_SSH-AGENT2;2 "V5.7-ECO5G" 26-NOV-2015 SYS$COMMON:[SYSEXE]
TCPIP$SSH_SSH-KEYGEN2;2 "V5.7-ECO5G" 26-NOV-2015 SYS$COMMON:[SYSEXE]
TCPIP$SSH_SSH-SIGNER2;2 "V5.7-ECO5G" 26-NOV-2015 SYS$COMMON:[SYSEXE]
TCPIP$SSH_SSH2;2 "V5.7-ECO5G" 26-NOV-2015 SYS$COMMON:[SYSEXE]
TCPIP$SSH_SSHD2;2 "V5.7-ECO5G" 26-NOV-2015 SYS$COMMON:[SYSEXE]

In case you're interested in AS2 we also have an offering that is available on OpenVMS.

John

Mike Kier
Valued Contributor

Re: Unable to get SFTP working to remote server

We've been stuck at older versions of VMS on Alpha and VAX so we went with the Process Multinet SSH/SCP2/SFTP2 add in to TCP/IP Services.

We use both SCP and SFTP extensively as we have shut down DECnet and are in the process of disabling ftp, telnet, the "r" commands and all other insecure protocols under a mandate from our security folks (we handle a lot of PII and PCI data).  We also do not use any ODS5 volumes, so from the VMS side all filenames are uppercase.

SFTP works well for most of our transfers (mostly to/from other VMS systems, RHEL systems, and a few Solaris systems) - we use it mostly in batch and take care to use the LCD and CD commands to set the default locations for both sides of the link.  SFTP doesn't allow us to specifiy the filename on the remote side, however, so for some of our transfers we use SCP which is a bit more restrictive, but does allow us to fully specify the Unix-format mixed case and symbols file names and the input and output filenames can be different.

We had a pretty sizable learning curve  (still ongoing) and there are a lot of Logical Names that Process Multinet uses the can have a big impact on how things are performed, but overall we've been able to accomplish just about everything we set out to do.  You do have to keep in mind that SFTP is NOT regular old FTP with security - it has many differences from FTP.

Practice Random Acts of VMS Marketing
Dennis Piepel
Advisor

Re: Unable to get SFTP working to remote server

Thanks, but I don't think the Process Multinet add-in would be an option at my customer's site.  Our customers tend to stay with standard, native OpenVMS applications.

Dennis Piepel
Advisor

Re: Unable to get SFTP working to remote server

I talked with HP Support and was able to download the Integrity OpenVMS TCPIP Services v5.7 ECO5 including the ECO 5J patches.

We will see if that makes any difference.

  

Dennis Piepel
Advisor

Re: Unable to get SFTP working to remote server

HP Support helped me download the TCPIP Services ECO 5 including the ECO5J patches.  I will try those and see if it helps.

 

john Dite
Frequent Advisor

Re: Unable to get SFTP working to remote server

Dennis,

TCPIP Services ECO 5 including the ECO5J patches ?
Not heard of Version ECO5J before can you do a
$ pipe tcpip sho vers/all | sea sys$pipe ssh
and post the result.

Please look in the release notes and give us a clue what ECO5J included

Many thanks.
John

Dennis Piepel
Advisor

Re: Unable to get SFTP working to remote server

John,

The so-called ECO5J patch kit was just an OpenVMS backup set provided to me by HP Technical Support.

The backup set name was "qxcm1001500217_eco5j_ia64.bck"

Here are the installation instructions that I received for this remedial patch:

Remedial fix:

IA64 Saveset:
 QXCM1001500217_1001500217_2016-08-30.BCK;1

Image Identifier:
 V5.7-ECO5J

Link Date:
 26-AUG-2016

Files (IA64):
 TCPIP$SSH_SCP2.EXE;1
 TCPIP$SSH_SFTP-SERVER2.EXE;1
 TCPIP$SSH_SFTP2.EXE;1
 TCPIP$SSH_SSH-ADD2.EXE;1
 TCPIP$SSH_SSH-AGENT2.EXE;1
 TCPIP$SSH_SSH-KEYGEN2.EXE;1
 TCPIP$SSH_SSH-SIGNER2.EXE;1
 TCPIP$SSH_SSH2.EXE;1
 TCPIP$SSH_SSHD2.EXE;1

Installation Instructions:

(1) On target system, stop SSH client and server using shutdown scripts:

$ @sys$STARTUP:TCPIP$SSH_CLIENT_SHUTDOWN.COM
$ @sys$STARTUP:TCPIP$SSH_SHUTDOWN.COM

(2) Copy the images  to respective locations:

$ COPY TCPIP$SSH_SCP2.EXE SYS$COMMON:[SYSEXE]TCPIP$SSH_SCP2.EXE;0
$ COPY TCPIP$SSH_SFTP-SERVER2.EXE SYS$COMMON:[SYSEXE]TCPIP$SSH_SFTP-SERVER2.EXE;0
$ COPY TCPIP$SSH_SFTP2.EXE SYS$COMMON:[SYSEXE]TCPIP$SSH_SFTP2.EXE;0
$ COPY TCPIP$SSH_SSH-ADD2.EXE SYS$COMMON:[SYSEXE]TCPIP$SSH_SSH-ADD2.EXE;0
$ COPY TCPIP$SSH_SSH-AGENT2.EXE SYS$COMMON:[SYSEXE]TCPIP$SSH_SSH-AGENT2.EXE;0
$ COPY TCPIP$SSH_SSH-KEYGEN2.EXE SYS$COMMON:[SYSEXE]TCPIP$SSH_SSH-KEYGEN2.EXE;0
$ COPY TCPIP$SSH_SSH-SIGNER2.EXE SYS$COMMON:[SYSEXE]TCPIP$SSH_SSH-SIGNER2.EXE;0
$ COPY TCPIP$SSH_SSH2.EXE SYS$COMMON:[SYSEXE]TCPIP$SSH_SSH2.EXE;0
$ COPY TCPIP$SSH_SSHD2.EXE SYS$COMMON:[SYSEXE]TCPIP$SSH_SSHD2.EXE;0

(3) Start SSH client and server:

$ @sys$STARTUP:TCPIP$SSH_CLIENT_STARTUP.COM
$ @sys$STARTUP:TCPIP$SSH_STARTUP.COM

Here is the results of the pipe you wanted:

$ pipe tcpip sho vers/all | sea sys$pipe ssh
  tcpip$ssh_scp2;1          "V5.7-ECO5J"      26-AUG-2016  SYS$SYSROOT:[SYSEXE
  tcpip$ssh_sftp-server2;1  "V5.7-ECO5J"      26-AUG-2016  SYS$SYSROOT:[SYSEXE
  tcpip$ssh_sftp2;1         "V5.7-ECO5J"      26-AUG-2016  SYS$SYSROOT:[SYSEXE
  tcpip$ssh_ssh-add2;1      "V5.7-ECO5J"      26-AUG-2016  SYS$SYSROOT:[SYSEXE
  tcpip$ssh_ssh-agent2;1    "V5.7-ECO5J"      26-AUG-2016  SYS$SYSROOT:[SYSEXE
  tcpip$ssh_ssh-keygen2;1   "V5.7-ECO5J"      26-AUG-2016  SYS$SYSROOT:[SYSEXE
  tcpip$ssh_ssh-signer2;1   "V5.7-ECO5J"      26-AUG-2016  SYS$SYSROOT:[SYSEXE
  tcpip$ssh_ssh2;1          "V5.7-ECO5J"      26-AUG-2016  SYS$SYSROOT:[SYSEXE
  tcpip$ssh_sshd2;1         "V5.7-ECO5J"      26-AUG-2016  SYS$SYSROOT:[SYSEXE
$

 

Dennis Piepel
Advisor

Re: Unable to get SFTP working to remote server

We installed the TCPIP Services ECO5 patches last night including the ECO5J remedial patch.

After installing the patches we re-ran our test file transfer and our contact at the remote server indicated that the SFTP file transfer was successfully received.

So it looks like the patches worked!

john Dite
Frequent Advisor

Re: Unable to get SFTP working to remote server

Dennis,

thanks for the update. I realise now that it was a Backup kit with installation instructions. I've asked my friendly HPE support to inquire what issues this kit resolved and whether this included any new ciphers etc. compared to ECO5G.

John