Office of Financial Management Services
          Operations

Home
VPCFO
AVP - FMS
Access IUIE
FMS Staff Directory
FMS Support Form
FMS Newsletter
Faculty/Staff Salary Listing

SCP info for Non-Enterprise Applications dropping files on ED01/ED02:

NOTE: References to ED02 are for test connections. Substitute ED01 for production.

You will need to have an SSH Client installed.
It is recommended that you use the SSH Client from "SSH Communications Security" (www.ssh.com), since we are running their SSH Server. IU departments can download the client from the UIS ITSO web page or IUWARE: https://www.itso.iu.edu/services/ssh/ or http://iuware.indiana.edu/

To setup account:

We will need to know the IP address of the workstation/server that the transfers will be initiated from because connections are filtered by IP address. Furthermore, the workstation/server must have a DNS registration with a PTR record. For more info about this, see the IU KB article "For a computer in Indiana University's ADS Domain, how can I register a DNS reverse lookup (PTR) record?" (http://kb.iu.edu/data/akne.html).

If you have a departmental userid that you want to use, please let us know that also. Otherwise, an account on ED02 will be set up for you.

You will have access to an upload folder at /HOME/FIS/IDBilling.
You will be able to upload files to the upload-folder.
You will not be able to delete, download or overwrite files in the upload-folder.

1) You can connect with an ftp type interface using sftp2.exe. The KB article titled "What is SFTP, and how do I use it?" has instructions, but note that the executable is "sftp2.exe" instead of "sftp.exe", and it may not be in your command PATH, so you will need to either be in the source directory, (probably C:\Program Files\SSH Communications Security\SSH Secure Shell) or put the correct directory in your command PATH.

2) You can also use "scp2.exe". This is not an interactive session. It is more like a copy command where you designate the source file and destination file and is very useful if you are interested in creating a script that you can run to perform the file transfer. See the KB article "In Unix, how do I use the scp command to securely transfer files between computers?." The info is the same for running this from Windows except that the executable is “scp2.exe” instead of “scp.exe”, and as with sftp2.exe, you will need to either be in the source directory, (probably C:\Program Files\SSH Communications Security\SSH Secure Shell) or put the correct directory in your command PATH when you run this.

Once the above components are in place, a key-pair must be generated from the SSH client and the public-key uploaded to our SSH Server. Please schedule a time to work with PDP staff to perform the following setup.

Windows users - generate a key-pair and upload the public key file:

  • Logon to your workstation/server with the account that will be performing the scripted file transfers.
  • Open the Secure File Transfer Client
  • Connect to your remote host (BL-UITS-ED02.ads.iu.edu) using your supplied account and password.
  • If prompted to save the hostkey, do so.
  • In the Secure File Transfer Client, select Edit, then Settings... .
  • In the left pane, expand Global Settings, expand User Authentication, and click on Keys.
  • Click the button labeled Generate New... . In the window that appears, click Next.
  • From the drop-down list next to "Key Type:", select DSA, and from the drop-down list next to "Key Length:", select 1024 or higher. Click Next.
  • When the key generation process is complete, click Next.
  • In the box next to "File Name:", enter a name for the file in which SSH Secure Shell will store your private key. Your public key will be stored in a file with the same name, plus a .pub extension.
  • The “Comment” field is optional.
  • Leave the Passphrase blank. [If a passphrase is entered, the passphrase is prompted for each time the private key file is accessed, which means you cannot perform a file transfer without user intervention. This does make the safeguarding of your private key very important because anyone who has access to your private key can authenticate to your SSH account without a password.]
  • Select the button labeled Upload Public key... .
  • In the window that opens, change the entry next to "Destination folder:" so that it reads .ssh2/%username% (substitute the ESA provided account name for %username%.) NOTE the Unix type forward slash.
  • When you have finished, click Upload
  • If you do NOT have public key authentication configured for other connections, you can click the “Configure…” button, (this action will overwrite any existing “identification” file.) Otherwise, you will need to locate the “identification” file and add an entry for this key-pair.
  • Click OK to close the Settings dialog.

Unix users - generate a key-pair and upload the public key file:

  • Logon to your workstation/server with the account that will be performing the scripted file transfers.
  • Generate a key-pair using the “ssh-keygen2” Command, using flags and parameters as needed to meet these specifications:
    • Key Type = DSA
    • Key Length = 1024
    • Filename = anything the user wants to name it to make it easier to tell what it is for.
    • Null/Empty passphrase
  • Connect to the server, i.e. “sftp xxxxxx@bl-uits-ed02.ads.iu.edu” (substitute the ESA supplied account name for xxxxxx).
  • Enter password when prompted
  • Upload the public key, i.e “put xxxxxx.pub /HOME/.ssh2/xxxxxx”
  • Create the authorization file, i.e. “echo "Key id_dsa.pub" >> ~/.ssh2/authorization”
  • Close the connection, i.e. “quit”

Things to keep in mind:

Server name to connect to - We recommend using the FQN (fully qualified name) BL-UITS-ED01.ADS.IU.EDU when connecting because it is the most reliable. But, whether you use the FQN, or the shorter BL-UITS-ED01, it is important to connect using the same syntax each time. Otherwise, you will be prompted to save multiple hostkeys from the SSH Server on ED01 (or ED02) because SSH treats "bl-uits-ed01" and "bl-uits-ed01.ads.iu.edu" as two different hosts when it comes to hostkeys.

The first time that you connect, you will be presented with the fingerprint of a hostkey and prompted to save the hostkey. Accept the hostkey and continue. From then on, it will not prompt you about the hostkey, as long as you connect using the same server name. Once connected, you are in the /HOME folder. If you are automating the process, the first connect and acceptance of the host key needs to be preformed manually since it is an interactive activity.

  1. How do I submit a ID Billing file?

    The non-enterprise application that creates the ID Billing file will use Secure Copy (SCP) with public key authentication to drop the file to the IU server ‘bl-uits-ed02.ads.iu.edu’ (for test) or BL-UITS-ED01.ADS.IU.EDU (for production) in the directory ‘/HOME/FIS/IDBilling’. Once the file has been completely transferred the non-enterprise application will drop a ‘.done’ file to indicate the complete ID Billing file has been transferred.

  2. How should my file be named?

    3. The file name specifications are: gl_idbilltrans_chartorg_yyyymmddhhmmss.data and gl_idbilltrans_chartorg_yyyymmddhhmmss.done. For example, gl_idbilltrans_BADSER_20060105.08.46.00.data and gl_idbilltrans_BADSER_20060105.08.46.00.done. The chart and org shoud match the second and third fields in the ID billing file in the header record starting in position 5. A carriage return is required at the end of each line/record in the file.

Block IU Last Updated 4/24/2008
400 E. 7th Street, Poplars 527, Bloomington, IN 47405 (812) 855-0375
Copyright © 2008 The Trustees of Indiana University | Copyright Complaints