To use SSH tunneling to provide for secure logon IDs and passwords, the BatchFTP Adapter uses the additional SSH-tunneling software (see Additional Software Requirements).
To enable SSH tunneling, select Yes under the SSH Tunneling Enabled parameter in the adapter connection configuration (see SSH Tunneling Configuration Parameters). You can use the SSH-tunneling software in either of the following ways:
By using an existing SSH channel where a secure connection has already been established
By internally launching an SSH process for the adapter’s use
To use an existing channel, select Yes under the SSH Channel Established parameter in the configuration. The adapter then operates under the assumption that you have already established the SSH channel using the additional software. Once you set this parameter to Yes, the adapter automatically uses that channel.
If you choose No, under the SSH Channel Established parameter, the adapter launches a process within Java CAPS to establish a channel. In this case, you must specify, under the SSH Command Line parameter, a full and correct command-line statement for your SSH-tunneling application and environment.
You can obtain this information from the SSH-tunneling application’s configuration. See the application’s documentation for details.
You must enter a correct and complete command-line statement. That is, all necessary command line parameters must be provided so that the SSH-tunneling software can run correctly without requiring further interaction.
Check the accuracy of this information by executing the command line from the shell. If the software prompts for more information, add the required information to the command line and try again. Continue this process until the software starts and operates properly without additional action.
You may need to launch the application at least once from the shell before using it in the adapter. This requirement depends on the SSH-tunneling application and platform. Some applications prompt for trust-related information on the first attempt, to connect to a remote host.
Through SSH tunneling, the FTP command connection is protected. This mechanism is based on an existing SSH port-forwarding configuration. You must configure SSH port forwarding on the SSH listen host before you configure the supporting adapter Connection.
For example, on the Java CAPS client host localhost, you can issue a command, such as:
ssh -L 4567:atlas:21 -o BatchMode=yes atlas |
Under the adapter’s configuration for the previous example, you must specify:
localhost for the parameter SSH Listen Host
4567 for the parameter SSH Listen Port
In this case, the adapter connects to the FTP server atlas:21 through an SSH tunnel.
You must set the following SSH tunneling parameters to configure the adapter Connection:
SSH Tunneling Enabled: Specifies whether the FTP command connection is secured through an SSH tunnel:
No: indicates that all other parameters in this section are ignored.
SSH Channel Established: Specifies whether the adapter needs to launch an SSH subprocess:
No: indicates that there is no existing SSH channel for an FTP transfer.
Yes: indicates that an SSH channel has been established, so it is not necessary for the adapter to spawn an SSH subprocess. If you select Yes, the following parameters are required:
SSH Listen Host
SSH Listen Port
SSH Command Line: Specifies the command line used to establish an SSH channel. This parameter is required only when you set the SSH Channel Established parameter to No.
The command-line syntax can be different, depending on the specific SSH client implementation. See your SSH-tunneling support software user’s guides for details.
SSH Listen Host: Specifies the host name where the SSH support software runs, as well as the host it listens to.
This parameter is required only when you set the SSH Channel Established parameter to Yes. If you choose No, the Listen Host is always localhost because the SSH support software is always started from the local host.
SSH Listen Port: Specifies the port number that the SSH-tunneling support software uses to check for incoming connections. This port number can be any unused port number on the SSH listen host.
SSH User Name: Specifies an SSH user name. This parameter can be required when the setting for the SSH Channel Established parameter is No.
SSH Password: Specifies an SSH password corresponding to the user name entered under SSH User Name. This parameter can be required only when the setting for the SSH Channel Established parameter is No. For more information, see SSH User Name.
For more information, see SSH Tunneling Configuration Parameters.