Provided here is a basic guide for using SFTP on the IBM i, including a working example.
Steps to set up SFTP on the IBMi
- Steps to set up SFTP on the IBMi
- 1 - Create an SFTP user on the IBMi
- 2 - Create a key for the SFTP user
- 3 - Create a job queue that is set to maxiumum jobs = NOMAX
- 4 - Script in the IFS
- 5 - CLLE program to execute the script
- Example Program Using Source Above
- Tips
1 - Create an SFTP user on the IBMi
Create a user profile that will be used for SFTP. This user will need to store a key that gives authority to the user for sending files to the SFTP site. Our example user will be K3SCUSXXX. K3S will assign you a 3 letter code for the XXX piece of the username.
Login with a user that has high level authority and create a user with CRTUSRPRF command.
- Create user with CRTUSRPRF command. Hit F10 to show all options, and page down to the Home Directory parm. Set this to /home/K3SCUSXXX.
- Log into PASE with either qsh or call qp2term (both will work). On the IBM i command line:
qsh
- Create a directory in the IFS for the user at /home/K3SCUSXXX.
mkdir /home/K3SCUSXXX
- Change the ownership of that directory with chown command. Example:
chown -R K3SCUSXXX /home/K3SCUSXXX
- Logout as user with high level authority and log back in as the user you created.
2 - Create a key for the SFTP user
- Log into the IBM i with your newly created user profile.
- Launch PASE with either qsh or call qp2term (both will work).
qsh
- Attempt to SSH to the SFTP server you will connect to. This will ask if you want to add the key to the known hosts.
Answer yes. You cannot do this with the SFTP command.
ssh k3s.files.com
- Create the key we will use to connect to the SFTP server with ssh-keygen command. Code:
ssh-keygen -t rsa -N ""
- Press enter to select default answer on where to store (should be your home directory then .ssh directory. A dot in front of the directory means it is hidden).
- Navigate the IFS to the .ssh directory in your home directory. Example:
cd /home/K3SCUSXXX/.ssh
- Download the .pub file that was created. This is your public key. Send this to the SFTP server administrator.
- Once loaded, attempt to connect to the SFTP server with the SFTP command. Example:
sftp k3s.files.com
- If you are able to connect, you are done. If not, you will need to work with the SFTP server administrator to get the key loaded correctly.
NOTE The IBM i does not allow you to SFTP with a user and password, you must use a key. You must also either login as that user to SFTP, or submit the job as that user. You cannot use the SFTP command as another user and specify the user you want to connect as.
3 - Create a job queue that is set to maxiumum jobs = NOMAX
Create a job queue that is set to maxiumum jobs = NOMAX. This will allow you to submit jobs to the queue without having to worry about the maximum number of jobs allowed. SFTP scripts can be running asynchronously.
Below are the commands to create a queue called K3S_NOMAX:
CRTSBSD SBSD(QGPL/K3S_NOMAX) POOLS((1 *BASE)) MAXJOBS(*NOMAX) TEXT('K3S no max queue')
CRTJOBQ JOBQ(QGPL/K3S_NOMAX)
ADDJOBQE SBSD(QGPL/K3S_NOMAX) JOBQ(QGPL/K3S_NOMAX) MAXACT(*NOMAX)
CRTCLS CLS(QGPL/K3S_NOMAX) RUNPTY(40)
ADDRTGE SBSD(QGPL/K3S_NOMAX) SEQNBR(9999) CMPVAL(*ANY) PGM(QSYS/QCMD) CLS(QGPL/K3S_NOMAX)
STRSBS SBSD(K3S_NOMAX)
Note You will need to consider how to start up the subsystem after an IPL. Consider adding this command to your QSTRUP program: STRSBS SBSD(K3S_NOMAX)**
4 - Script in the IFS
Create a script to perform the put or get steps and place into the IFS. The example scripted named putNight below will put the K_INTPROD.CSV file into the interface directory on the SFTP server.
Example script named putNight located at: /k3sapps/K3SCUSXXX/scripts/putNight
lcd /k3sapps/K3SCUSXXX/interface
cd interface
-put K_INTPROD.CSV K_INTPROD.CSV
quit
5 - CLLE program to execute the script
Create a CLLE program to run a QSH command to execute your script. The program executing the script will be run as the SFTP user and submitted to the NOMAX queue.
NOTE /QOpenSys/bin/sftp is the full path name of the sftp program we will use. The next line is calling our script once we are logged in. The third line sets the user K3SCUSXXX and logs into k3s.files.com.
PGM
CHGCURDIR DIR('/..')
MONMSG MSGID(CPF0000)
QSH CMD('/QOpenSys/bin/sftp +
-b/k3sapps/K3SCUSXXX/scripts/putNight +
K3SCUSXXX@k3s.files.com')
ENDPGM
Example Program Using Source Above
Below is an example to copy the data from a physical file (K_INTPROD) and place into the IFS using the IBM command Copy to Import file (CPYTOIMPF) command. We are also going to place the data in using our K3S standards to include a header row and with the pipe delimiter (|). Once this file is in the IFS, we will use SFTP to send the file to an exchange site.
PGM
/* ---IFS PATH --------------------------------------------*/
DCL VAR(&IFSPATH) TYPE(*CHAR) LEN(256)
/*-----------------------------------------------------------*/
CHGCURDIR DIR('/..')
MONMSG MSGID(CPF0000)
CHGVAR VAR(&IFSPATH) +
VALUE('/k3sapps/K3SCUSXXX/interface/K_INTPROD.CSV')
CPYTOIMPF FROMFILE(K3S_HOSTED/K_INTPROD) +
TOSTMF(&IFSPATH) MBROPT(*REPLACE) +
STMFCCSID(*PCASCII) RCDDLM(*CRLF) +
STRDLM(*NONE) RMVBLANK(*TRAILING) +
FLDDLM('|') ADDCOLNAM(*SYS)
/*-- Push file to exchange site with SFTP --------------------*/
SBMJOB CMD(CALL PGM(K3S_HOSTED/QSH_PUTNIT)) +
JOB(K3SPUTNIT) JOBQ(QGPL/K3S_NOMAX) +
USER(K3SCUSXXX)
/*------------------------------------------------------------*/
K3S_FINAL: ENDPGM
Tips
To see if the execution of an SFTP script was successful, you can look at the output of the job by viewing the spool
files of the SFTP user.
Example: WRKSPLF SELECT(SFTPUSER)
Typically any line that does not start with ‘sftp>’ indicates an error executing the line above.