Re: FTP/S and SFTP

[Scott Klement <midrange-l@xxxxxxxxxxxxxxxx>]

Both protocols are secure.

SFTP runs a little faster (though, unless you're sending a lot of small 
files, you probably won't notice), works a lot better through NAT and 
firewalls.

The OS/400 implementation of FTP has, IMHO, a cumbersome scripting 
interface.  It's difficult to detect errors, and unless you're willing 
to hard-code a password in a script, you almost have to write a program 
to generate your script on the fly.   It's support for client 
certificates was cumbersome last time I looked at it -- I don't know if 
they ever improved that.   I did hear that IBM i 6.1 includes support 
for the enhanced FTP protocol, which will make SSL FTP work a little 
better through NAT -- but only if both the client and server support it.

I don't really understand the "change password every 60 days" comment. 
Why would you have to change your password every 60 days using SFTP 
(which you'd typically run password-free using digital keys) but not 
with FTP-SSL (which would normally require a password to be put into a 
script where someone could potentially view it)?  Seems backward to me.



Dave Odom wrote:
> Gang,
>
> I need to know how to invoke, use, install a banks certificate for,
> etc., FTP/S on the i.   I have to send a file to a bank with FTP/S.
> I also have the option of using SFTP but I don't think I like that
> because it is NOT native to the i AND it requires changing a password
> every 60 days whereas I only have to renew the FTP/S certificate
> every year.
>
> Please NO Windoz solutions unless everything related on the i doesn't
> work any more.
>
> I read about what Scott had to say a couple of years ago in the
> archives but thought the mousetrap might be better if discussed anew.
>
>
> Thanks in advance,
>
> Dave