AIX SFTP through MS ISA proxy

UNIX AIX
1

Dear all,

I have some files to move to an SFTP server that someone else is providing on the public internet. The source for the file is on AIX, and although I have the sftp client installed, I'm stuck. The process would be automated (probably ksh script or perhaps as a C executable) so there would not be an option for interactive input.

There is no direct route to the internet for the AIX server, but firewall rules have apparently been altered so that it can talk to the pair of MS ISA servers :eek: that we use for desktop PC access to the internet. There are two so that a desktop makes the request to proxy A and if authenticated this is passed on to proxy B which is public facing. Proxy B will only accept traffic from proxy A.

My problem is how I would craft an SFTP request to open a connection directed via proxy A & how I would authenticate. The desktop PCs has client software installed to handle that function.

By the way, I don't have a choice on having to use an MS ISA server. That's what we have. Full stop. :mad:

I have looked at curl (see curl 'dot' haxx 'dot' se) but haven't yet spotted how this can be acheived.

An option would be to PGP encrypt the files and try plain FTP, but I would need the provider to agree and I would still need to use the proxy.

I've only been doing this job 15 years, but I have to admit I am stumped.:confused:

Thanks, in advance,
Robin

2

might be easier to get a windows box to collect them from the AIX system and send them on to the internet for you as their connection is already working.

3

Thanks for the suggestion, but unfortunately it is credit card data and so I am not allowed to have an intermediary server that holds the file at all. According to the regulations, even though I can see the original source file, I cannot trust myself not to look at an intermediate location and then try to find someone to sell them to, even though I wouldn't know where to start trying to sell credit card numbers - um, no offers please!:cool:

My other option would be to use PGP to encrypt the file and then maybe I would be allowed to use an intermediate server. :eek: I've used PGP before, but then I have to get the recipient to agree to decrypt it for processing and then public key from them and persuade our security people that it is acceptable, which is no mean feat in itself.....