Connect direct - SFTP - List of servers that I can connect

UNIX for Advanced & Expert Users
1

Greetings Experts,

I am working for a bank client and have a question on connect-direct and SFTP.

We are using Linux RedHat servers. We use connect-direct to transfer (NDM) files from one server to another server. At times, we manually transfer the files using SFTP from one server to another server. We have a portal for connect-direct to check the list of nodes/servers configured to send/receive the files on a specific server.

With above given information..

I had a requirement to transfer a file from SIT environment to PROD environment (I know its not correct way, but due to un-avoidable situation did it). I had checked whether the connect-direct is configured between the 2 servers and confirm that they are not configured (verified netmap entries also). As no other alternative, I tried SFTP and transferred the file using SFTP successfully.

I was under the impression that SFTP will be successful between the servers only for which connect-direct is configured (atleast at server-level and not user-id level) between them.

I am not able to understand on below. Can you please help to explain.

Questions:

  1. As SFTP successful, how can I know the list of servers I can successfully transfer through SFTP. Is there any file which contains the list of servers that can be connected to. Or is that I can connect to any servers through SFTP without any issues if I have the passwords.

  2. Does SFTP also use the public and private keys for connections and transmission.

  3. For SFTP, will it refer to both specified user-id home-directories on source and target servers or only on source server or only on target server.

  4. Is there any way to restrict the users have SFTP access and allow only the specified users to have SFTP access.

  5. Does connect-direct also use the public and private keys for connection establishment.

Thank you for your valuable suggestions and time.

2

I believe IBM connect direct uses a proprietary protocol which is separate to and incompatible with SFTP.

SFTP runs over SSH and is used on thousands of systems around the world that don't have connect direct installed or configured.

Here are some answers to you specific numbered questions.

  1. SFTP is just a file transfer mechanism that runs over the SSH protocol. If you have SSH access to a computer you would normally also have SFTP access. If you have a password for an account on a remote computer that's running SSH and PasswordAuthentication is enabled (Servers can be configured to only allow public key authentication), and the User/Group is enabled for SSH access the you will be able to use SFTP. There is no file that lists all the servers you can access, but for each server you can check if password authentication is allowed and which users/groups have access.
  2. SFTP uses SSH for connection and transmission authentication can be configured to use password or public/private keys or both.
  3. What do you mean by refer? The starting directory for SFTP is configurable but defaults to the local account's home directory.
  4. Yes in the sshd_config on the target machine you can specify DenyUsers DenyGroups AllowUsers AllowGroups to control which accounts have access.
  5. direct connect uses it's own protocol which many have public/private keys but I would expect these would be separate to the SSH public/private keys.
3 Likes
3

Hi Chubler_XL,

Thank you for the answers.

Thanks,
Chill3chee.

4

This topic was automatically closed 58 days after the last reply. New replies are no longer allowed.