SCP und SFTP Server

[chfr]

bekomme ich die beiden services auf der i5 (as400/iserie) gestartet?
sind siese Server dienste über IBM zu bekommen oder gibt es drittanbieter?
ich möchte keine linux partition einsetzten. es soll unter i5 OS oder v5r2 laufen.
vielen dank

[TARASIK]

Hallo .....,
ich denke da hilft Dir dies schon einmal weiter:

http://www-1.ibm.com/servers/enable/...s/openssh.html



5733-SC1 -- IBM Portable Utilities for i5/OS
A new LPO 5733-SC1 -- IBM Portable Utilities for i5/OS -- is now available for V5R3 i5/OS users. The 5733-SC1 LPO contains the OpenSSH, OpenSSL and zlib open source packages ported to i5/OS using the i5/OS PASE runtime environment. The 5733-SC1 LPO requires i5/OS V5R3 and also requires that i5/OS Option 33 (i5/OS PASE - Portable Solutions Application Environment) be installed.
TCP/IP connectivity applications such as telnet and ftp transmit data and passwords over the network in plain text. This means that the data and passwords can be intercepted and read by other users on the network. The SSH (Secure SHell) protocol suite is a software solution that provides secure alternatives for telnet and ftp. SSH verifies the authenticity of both the client and server and all of the data (including userids and passwords) is encrypted as it travels on the network. This encryption is done transparently to the end user.
OpenSSH is the open source implementation of the SSH protocol suite. OpenSSH is widely available for use on many other platforms including Linux, AIX and z/OS. The OpenSSH development team maintains web pages here: http://www.openssh.org/
The OpenSSH portion of 5733-SC1 consists of these utilities:
ssh - a secure telnet replacement that allows an i5/OS user to connect as a client to a server running the sshd daemon. An ssh client can also be used to connect to the Hardware Management Console (HMC) on the eServer 5xx iSeries models.
sftp - a secure ftp replacement. As with all implementations of sftp on other platforms, sftp can only transfer data in binary format. Note that sftp also does not provide the enhanced functions available in the i5/OS ftp utility when transferring files in the QSYS.LIB file system nor does it provide the CCSID data conversion options available in the i5/OS ftp utility.
scp - a secure file copy program -- basically an alternative to sftp for copying a single file in the integrated file system (IFS).
ssh-keygen - a public/private key generation and management tool. SSH allows users to authenticate using these public and private keys as an alternative to using their OS signon password
ssh-agent - an authentication agent that can store private keys. ssh-agent allows a user to load their public/private key passphrase into memory to avoid needing to retype the passphrase each time an SSH connection is started
sshd - The daemon that handles incoming ssh connections. The sshd daemon utility allows users to connect to i5/OS via an ssh client. In contrast to connecting to i5/OS via telnet and being presented with a 5250 screen interface, users that connect via ssh to an i5/OS system running the sshd daemon will be presented with a character interface and an i5/OS PASE command line.
During installation, symlinks to these commands are created in the default $PATH. For specifics on the OpenSSH utilities see the refernce manual pages here: http://www.openssh.org/manual.html
Hints and tips for using OpenSSH:
Installation:
RSTLICPGM LICPGM(5733SC1) DEV(OPTxx) OPTION(*BASE) RSTOBJ(*ALL) LNG(2924)
RSTLICPGM LICPGM(5733SC1) DEV(OPTxx) OPTION(1) RSTOBJ(*PGM)
For this release, the OpenSSH configuration files ( for example, ssh_config and sshd_config ) are located in the directory:
/QOpenSys/QIBM/UserData/SC1/OpenSSH/openssh-3.5p1/etc/

The "green screen" 5250 terminal sessions started by using the STRQSH or CALL QP2TERM CL commands are not true TTY devices. This can cause problems when trying to use ssh, sftp or scp within one of these sessions. Possible workarounds:
For ssh: use the -T option to not allocate a tty when connecting
For sftp and scp: use the ssh-agent utility and public key authentication to avoid sftp and scp prompting for passwords or passphrases
Use the utilities from a true tty session (such as xterm)

To run the sshd daemon on i5/OS:
The userid that starts the daemon must have *ALLOBJ special authority
The userid that starts the daemon must be 8 or fewer characters long
Before starting sshd for the first time, you will need to generate host keys:
ssh-keygen -t rsa1 -f /QOpenSys/QIBM/UserData/SC1/OpenSSH/openssh-3.5p1/etc/ssh_host_key -N ""
ssh-keygen -t dsa -f /QOpenSys/QIBM/UserData/SC1/OpenSSH/openssh-3.5p1/etc/ssh_host_dsa_key -N ""
ssh-keygen -t rsa -f /QOpenSys/QIBM/UserData/SC1/OpenSSH/openssh-3.5p1/etc/ssh_host_rsa_key -N ""
You can start the sshd daemon with this CL command:
call pgm(qp2shell) parm('/QOpenSys/usr/sbin/sshd')

To connect to i5/OS using ssh:
The userid that is connecting must be 8 or fewer characters long
If you use public-key authentication to connect, verify the permissions on the userid's directories and files:
The userid's home directory must not have public write authority ( chmod go-w /home/myuserid )
The userid's /home/myuserid/.ssh directory and /home/myuserid/.ssh/authorized_keys file must not have any public authorities ( chmod go-rwx /home/userid/.ssh and chmod go-rwx /home/myuserid/.ssh/authorized_keys )
Once connected, you will be at an i5/OS PASE command line. See the i5/OS PASE utilities information in InfoCenter for information on the i5/OS PASE utilities that are available.

You can use ssh to encrypt the 5250 telnet datastream:
On the server, start the telnet server and the sshd server
On the client, start an ssh session to the server (named servername in this example) that will route the traffic on an unused port on the client (2001 in this example) to the telnet port (23) on the server:
CALL QP2TERM
then
ssh -T -L2001:localhost:23 servername
This ssh session will need to be left active while the tenet sessions are in use
Other sessions on the client can now start telnet sessions:
TELNET RMTSYS(*INTNETADR) INTNETADR(LOCALHOST) PORT(2001)

The sshd daemon uses the i5/OS Set Profile API ( QsySetToProfileHandle ) to switch from the userid that started sshd to the userid that is connecting.
OpenSSL and zlib:
OpenSSH requires the OpenSSL and zlib open source libraries in order to function. A user can write i5/OS PASE applications that call OpenSSL or zlib APIs.
OpenSSL is a toolkit that implements the Secure Sockets Layer (SSL). Refer to the OpenSSL web pages here for more information: http://www.openssl.org/ for more information.
zlib is a set of data compression APIs. Refer to the zlib web pages here: http://www.zlib.org/ for more information.
Miscellaneous Information:
Version and directory information:
The OpenSSH version is 3.5p1 and is located in directory /QOpenSys/QIBM/ProdData/SC1/OpenSSH/openssh-3.5p1/
The OpenSSL version is 0.9.7d and is located in directory /QOpenSys/QIBM/ProdData/SC1/OpenSSL/openssl-0.9.7d/
The zlib version is 1.1.4 and is located in directory /QOpenSys/QIBM/ProdData/SC1/zlib/zlib-1.1.4/
NLS information:
There is only a single English build available, however this single build does include these translations of the OpenSSH messages which will be used based on the LANG and NLSPATH environment variable settings:
CA_ES and ca_ES (Catalan)
CS_CZ and cs_CZ (Czech)
DE_DE and de_DE (German)
EN_US and en_US (English)
ES_ES and es_ES (Spanish)
FR_FR and fr_FR (French)
HU_HU and hu_HU (Hungarian)
IT_IT and it_IT (Italian)
JA_JP and ja_JP and Ja_JP (Japanese)
KO_KR and ko_KR (Korean)
PL_PL and pl_PL (Polish)
PT_BR and pt_BR (Portuguese)
RU_RU and ru_RU (Russian)
SK_SK and sk_SK (Slovak)
ZH_CN and Zh_CN and zh_CN (Simplified Chinese)
ZH_TW and Zh_TW and zh_TW (Traditional Chinese)