SFTP and SCP do not work with QP2TERM without the use of ssh-agent or public keys.
This is because QP2TERM does not provide a proper tty device.
This article will detail how to enable public-key authentication to allow SFTP/SCP to be used without passwords using QP2TERM. The following example will use the QSECOFR profile and will enable SFTP/SCP to work in both directions.
Setting up SFTP/SCP between 2 IBM i hosts
1. Enable PermitRootLogin on both systems:
- EDTF STMF('/QOpenSys/QIBM/UserData/SC1/OpenSSH/etc/sshd_config')
- Search for PermitRootLogin, remove the comment, and Save and Exit
- Restart SSHD:
- Run qp2term
- Test and confirm that SSH works in both directions
- You should see “authenticity of <target host> can’t be established - are you sure you want to connect)?" -> Select yes
This creates the .ssh folder and adds the remote system into the list of known hosts
2. Enable public key authentication:
For both hosts perform the following steps:
- Create a rsa key pair that has no passphrase associated with it:
ssh-keygen -t rsa -N ""
Press enter to select the default option
This will create the following files under the .ssh folder:
- The id_rsa.pub is the public key and this needs to be copied over to the remote system into the file authorized_keys in the .ssh folder. This needs to be done for both systems.
- Ensure the permission of authorized_keys file is set to 600 (chmod 600 authorized_keys)
- After the public key is copied verify that the correct keys are in the correct locations by checking/comparing the original files.
3. Run "ssh -T QSECOFR@<remote host>" from both hosts to ensure ssh connects successfully
If the public keys were copied over correctly, SSH should now login without requiring a password.
NOTE: When running “ssh -T QSECOFR@<remote host>”, it may not appear that the command has completed successfully. Check and confirm that you are logged into the remote system by pressing <ENTER> and confirm you are on the remote host.
SFTP should now also work without requiring a password.