Re: How do we use SSH to FTP a file from our site over the Internet unattended?, p***

From:
Date: 06/01/02 

Date: Sat, 01 Jun 2002 01:15:05 GMT

"Peter ***" <p***@yahoo.com> wrote in message
news:854b4533.0205301913.74e5dd7@posting.google.com...
> As of today, we have a customer (receiving point) that would like us
> to FTP (we send) the EDI files (ship notices) across the Internet.
>
>
> On our side we have an HP-UX UNIX box. I believe the customer has
> Windows
> 2000 on the other end. If forced we could use a Windows box as the
> sender.
>
> The customer would like us to FTP a file to them on a periodic basis
> over the
> Internet. I have no issue with this.
>
> *We also need to do this in an Unattended mode or on a schedule.
>
> *My issue is one of security--how can we send a Secure FTP, with SSH,
> Kremit, SSL, etc.?

SSH does not support FTP. Surrender on it now. The sftp system with it is,
frankly, misnamed.

SSH *does* have good secure file transfer techniques, namely sftp and scp
and rsync over ssh.

Unless your customer can be convinced to use something other than FTP,
you're screwed. Of they insist on FTP, can you convince them either to use a
PGP signed transmission of the checksum if it's OK for the file to be
public, or to use PGP to encrypt and decrypt the transmitted file if it must
be kept protected on the other end?

> -I know nothing about how to do this or configure this, including any
> software we will need.
> -I do know how to send a file via FTP though a command line.
> -I also know how to set up an FTP server but doubt we will need that
> on our end as we are the sender and I hope we can get by without such.
>
> But perhaps you have some comments on the above and below.
>
> 1. Do we use Kermit on our end to send from our Unix box?

No.

> 2. Do we use SSH or something else?

Use SSH if they can deal with it. Take a look at the "chroot cage" notes on
setting up a controlled environment. And if possible, teach *them* to
download from *your* controlled FTP/SSH repository.

> 3. How do we set these up on our end?
>
> 4. Then how do we do encrpty the file and send it in an unattended
> mode on a scheduled basis (perhaps through a CHRON job on UNIX (HP))

PGP would allow you to encrypt the file with the customer's public key,
which only they could decrypt with their private key.

> 5. How do they (the receiver on Windows) unencrypt it?

PGP.

> 6. What do they need on their (Windows) end in terms of software to
> handle our transmission?

Either an SSH server or client to handle the file transfer (preferably
OpenSSH with a chroot cage added), or they need to learn how to use PGP.

> Any other options of ease and low cost with security?
> ________________________
>
> We were told that a possible option is to consider sending the file
> from our Unix or a Windows box on our end via SSL over the Internet
> (instead of FTP).

Yup.

> BUT>>>>>>>>>>>>>>>>>>>>>>>We have no idea how to do this in an
> unattended mode on Unix or on Windows.

Install and read the manual page on "lynx", available under various flavors
of UNIX and under Windows via the CygWin package.

> In other words I have no clue if this is even possible in concept in a
> batch or scheduled mode....................

It absolutely is. Your customer needs to settle with you what their
requirements: reliable file transfer? Encrypted files? HTTP, HTTPS, FTP,
SSH, or RSYNC?

> Thanks for your time
>
> Respectfully, Peter
> p***@yahoo.com