As stated above, target systems with SSH must be the server component, with Control Center providing the client component. Some configuration of the SSH server is necessary during or after installation to meet local requirements, but the key item necessary for Syncsort™ Capacity Management to connect to a target is the presence of the Secure FTP server sub-system. This is enabled in the SSH server configuration file by the presence of a line similar to:
subsystem-sftp sftp-server
The actual content of the parameter and the location of the configuration file varies slightly by the variant of SSH, but typically for SSH1 systems would be found in a file called sshd_config and for SSH2 systems would be found in a file called sshd2_config.
When Control Center attempts to connect to a target it uses a command similar to:
ssh2 user@address -s sftp
This invokes use of the Secure FTP sub-system, once it has passed the authentication requirements of the target system.
The authentication methods supported by Syncsort™ Capacity Management are password, publickey, and publickey with passphrases. Other forms exist, such as PIN, but this is not supported by Syncsort™ Capacity Management.
It is highly advisable to ensure you have manual connectivity with SSH before attempting to connect automatically using Syncsort™ Capacity Management.
All communications with targets is performed by Control Center, so to conclusively prove connectivity you must log on to the machine running Control Center and you must log on using the same account that Control Center uses. This is the Service Account, and can be found on the Log On dialog of the Syncsort™ Capacity Management Control Center service properties dialog. When connecting to the remote target, you must use the user ID that Control Center will use.
- Log on as the Control Center userid, open a command prompt and enter the command:
ssh2 <user>@<target>
where:
<user> is the user ID to be used on the target system
<target> is the IP address or name of the target server
For example:
ssh2 Precisely@192.168.3.17
ssh2 Precisely@prodmkt0107
If this is the first time you have connected to this machine, you should see a series of messages including one similar to the following:
You are connecting to host <ip address> for the first time, do you want to save the host key ? (y/n).
- Reply y and press Enter.
You may then be prompted for a password for the user ID on the target system, and if you pass the authentication requirements, you will be placed into a command line on the target system.
- To leave the target system, type exit (or for some systems logout) and press Enter.You will return to the Control Center command line prompt.
- If this works correctly, ensure that Secure FTP from the server is available by entering a command similar to:
sftp2 <user>@<target>
This command will check whether SFTP subsystem is running on the server. Secured data transfer from Syncsort™ Capacity Management is based on SSH for authentication and the actual data transfer is done by the sub-system SFTP on the server rather than the client. This approach is based on the relatively standard implementation of SSH and sub-system SFTP, rather than using SFTP directly on the client that may have different parameters and implementation between different ssh clients.
- Type help to see the available commands. You may want to ensure that you are either in
the location you expect to be in by listing the contents of the directory with the ls
command, or that you are able to change to the directory where data for Syncsort™ Capacity Management will be present by using the cd
command, for example:
ls -l List all entries in the current directory
cd /home/users/metron Change to the home directory for user “metron”
If you are not already in the expected directory, or you cannot change the current location to where you need to go, consult a system administrator for that system to determine if this can be corrected.
For some commercial implementations of SSH a facility exists to define a Virtual Directory. For example, with the F-Secure product, by default you would expect to see this in the sshd_config file:
sftp-dirlist "HOME=%D"
This means the starting directory for every user of Secure FTP will be their home directory.
-
For a Windows machine this would be C:\Documents and Settings\<user id>
-
For a UNIX system would be the same as when you log on via Telnet or the SSH command line.
You can add an entry to make a new virtual directory, for example here to C:\Metron\Acquire, where Acquire for Windows reads and writes data, and call it Athene, either by using the SSH Server GUI or by editing the sshd2_config file as follows :
sftp-dirlist "HOME=%D,Athene=C:/Metron/Acquire"
Note the use of forward slashes, even on a Windows machine. Once the SSH server service (for Windows) or daemon (for UNIX/Linux) has been stopped and restarted, you may use the Syncsort Capacity Management name as a directory name, for example:
ssh>pwd /home ssh>ls -l ..My Pictures ssh>cd /Syncsort Capacity Management Core ssh>pwd /Syncsort Capacity Management Core ssh>ls -l ..APMin ..APMOut ..Program ssh>
This name may then be used in System Manager to set the Path to data directory in the Connection Details tab for a target.
-
- The command quit or exit should terminate your SFTP session and return you to the Windows command prompt.