Re: How perform unattended transfers in a script using perhaps SSH,SCP or HTTPS/SSL?, p***

From:
Date: 06/03/02 

Date: Sun, 02 Jun 2002 22:52:15 GMT

"Peter ***" <p***@yahoo.com> wrote in message
news:854b4533.0206012129.7c7b811d@posting.google.com...
> I am confused due to lack of knowledge being a newbie in this area
>
> Here is basically what we want to do and perhaps you might be so kind
> to fill in the blanks and some resources for me. I thank you in
> advance.
>
> I am asking quite a few things at once. However the goal is to provide
> file data transfer at low cost from our HP UNIX or Windows Box to 5 of
> our customers (with Windows most likely).
> The files are EDI files--just a file we need to encrypt and send via a
> scheduler or via command line/script mode (not interactive with
> someone sitting there-i.e.: unattended transfer of an encrypted file).

Do you need to encrypt it so it is encrypted on your end and decryptable
after it arrives?

Then use PGP and any transfer technique you can handle. FTP, HTTP, whatever.

Do you need the file to arrive unencrypted but the transmission itself to be
encrypted for security reasons? Then look into running a web server with
HTTPS (which is HTTP with SSL encryption) for them to download the file
regularly from your server (they pull, you don't push: push is much harder
for HTTP!). You then set up your web server with SSL, a location that only
grants permission to their system to download, and let them fetch it.

Do they need to know that the file really, really came from you and was not
hacked and nobody else could monitor it in transmission? A chrooted SSH
server on their machine, or some customary secure FTP system. That means
custom software on both ends.

> I have no clue on the following:
> 1. What is the best approach to sending the files from our site to
> theirs in an encrypted manner?
>
> I have heard of Secure FTP, PGP encryption, SSH, SCP and SCP, not to
> mention SSL over an HTTPS connection. I do not understand all of
> these yet with respect to what is the best approach, decent support,
> works reliably, etc.. Again this must operate in an unattended mode
> and allow a command line interface.

Do you have to push the files? SSH. Can they be relied on to pull the files,
and do you want the absolute minimum software installation on their part?
See above.

> I have been researching my brains out. Not an idiot. But this is
> somewhat new to me being a Web Manager familiar mainly with Windows
> 2000 Internet Server and IE Browsers.

No sweat. You need to determine if your customer is willing to "pull" the
files, with your collaboration, and whether the files themselves need to be
encrypted, transmitted in a secure fashion, or transmitted in an encrypted
fashion. Then ask again.

> We are not running any sort of FTP server now. Only FTP we do is the
> out of the box command line FTP with windows or Unix.
>
> Some people have suggested running HTTPS with SSL (to send files to
> our customers) BUT I do now know what is needed (in terms of all
> software) to achieve such on our end and the customers??

That's "HTTPS", which is "HTTP over SSL". They can run it with any decent
version of Apache and OpenSSL, which is available quite free. They may not
want to, and it's not trivial to *push* files to an Apache server. They
would probably *pull* the files from your Apache Server, and all sorts of
published tools (such as curl and lynx) can do command line pulls of SSL
files.

You've also failed to mention what OS your customer is running on the
machine or systems they want the files submitted to. That makes a *big*
difference.

> Also not sure how to perhaps perform the above using SSH or SCP
> instead of HTTPS/SSL?
>
> In other words-I am a bit lost.
> Not sure what options are the best.
> Not sure of costs.
> Not sure what software needs to be loaded at each end (sender and
> receiver)
>
>
>
> Thanks for any help and some recommendations and some basic How-to's,
> pitfalls, costs, and so on.

Give us a hint or two more on your setup: there are just too many options to
assess costs or approaches right now.

Mind you, if I were doing this as a consulting gig, I'd charge at least 8
hours for sitting down with you and your customer and working out the
requirements. Giving everyone what they want and can live with securely is
*not* cheap, and you can't buy it out out of the box.