Apply SFTP on AS/400

How can we apply SFTP on IBM AS/400 I720?

Answer Wiki

Thanks. We'll let you know when a new response is added.

This was responded to on this site in great details a while back. Check it out and if you still have any issues come back and we can address them.

Discuss This Question: 2  Replies

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Splat
    I found this incredibly helpful.

    I would also recommend referring to the IBM Redbook.
    12,915 pointsBadges:
  • joeywatson
    Do the following to configure Public-key authentication on the IBMi:
    1.Sign on a system that is running V5R4 or higher with the user profile designated for SSH-related functions.
    2.On the operating system command line, run the CALL QP2TERM command to enter the PASE environment.
    3.From within the PASE or Qshell environment, type the following commands:

    a. Create a HOME directory on the IBMi to store the user's SSH-related objects.
      mkdir /home/someuser

    b. Set permissions on the user's home directory.
      chmod 755 /home/someuser

    c. Create a DSA or RSA key pair that has no passphrase associated with it. Use the commands below to create either a DSA or RSA key pair.
      ssh-keygen -t dsa -N ""

    ssh-keygen -t rsa -N ""

    Note: During key generation, SSH will check to see if there is a .ssh folder underneath the user's home directory. If one does not exist, the folder will be created in the user's home directory and the public/private key pair will be stored in it. The public key will have a .pub extension; for example, or The private key will be the one without the extension; for example, id_dsa or id_rsa. 

    Caution: The private keys generated by the SSH-keygen utility should be kept private. It is very important to protect the private key from unauthorized individuals. Anyone that can gain access to a user's private key has the potential to signon to the SSH server were the corresponding public key has been copied. Use IFS authorities to limit access to the private key to only the appropriate SSH user.

    d. Close the PASE or Qshell terminal session. Use the F3 key to exit the terminal session.
    4.Change the home directory parameter in the user's profile to point to the IFS path of the home directory created in Step 3a.

    CHGUSRPRF USRPRF(someuser) HOMEDIR('/home/someuser')
    5.Sign off and sign back on up with the SSH profile to allow the changes made to the HOMEDIR parameter to take effect. Note: Everytime a user enters the PASE or Qshell environment, they will be placed into the IFS path specified in the HOMEDIR parameter in the user's profile.
    6.Send the public key that was generated in Step 3c to the SSH server administrator. The two most common methods for moving the public key to a PC are listed below:

    a. Drill down to the IFS path /home/someuser/.ssh in iSeries Navigator, and use the drag and drop method to copy the public key into a folder on the PC.

    b. FTP the public key in binary mode into a folder on the PC.

    Once the public key has been moved to the PC, you can send it to the SSH server administrator as an e-mail attachment.
    7.Once the SSH server administrator has placed the public key into the appropriate location on the remote side, you can test the connection to see if Public-key authentication works. 

    a. On the operating system command line, run the CALL QP2TERM command to enter the PASE environment.

    b. From within the PASE environment, execute the follow command:
      ssh -T serveruid@somehost

    Note: Replace serveruid with the name of the user profile that the SSH server administrator provided you with to gain access to the remote host. Replace somehost with either the IP address or host name of the remote system that you want to establish a connection with.

    If this is the first time you have connected to the remote host using SSH, you will receive a message similar to the one below:

    The authenticity of host 'somehost (x.x.x.x)' can't be established.
      . key fingerprint is RSA.                                               
      Are you sure you want to continue connecting (yes/no)?    

    Type yes and press the Enter key to add the server's public host key into the known_hosts file in the .ssh folder in the user's home directory. If Public-key authentication is successful, you will not be prompted for a password.

    If the remote host provides shell access, use the hostname command to verify that your truly logged into the SSH server. The hostname command will return the name of the system on which you are actually logged into. 

    c. Close the SSH connection
    1,250 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.


Share this item with your network: