Setting up FTP-SFTP Conversion

In this example we assume that Tectia SOCKS Proxy is not yet running.

First, log on via a TN3270 emulator.

Take the following steps to set up FTP-SFTP conversion through Tectia SOCKS Proxy:

Create ssh-socks-proxy-config.xml if it does not already exist:

> cd /opt/tectia/etc
> cp ssh-socks-proxy-config-example.xml  ssh-socks-proxy-config.xml

Use oedit (or any other text editor of your choice) to edit the configuration file:

> oedit  ssh-socks-proxy-config.xml

Page down (by pressing F8) to the "Example filter rule" section to modify the SOCKS rule IP address to the desired IP address or addresses:

000079 <!-- Example filter rule used in FTP-SFTP conversion                   
000080      through SOCKS proxy. -->                                         
000081 <!--                                                                   
000082      <rule ip-address="10.1.2.3"                                       
000083            ports="21"                                                 
000084            action="ftp-proxy"                                         
000085            profile-id="id1"                                           
000086            username-from-app="YES"                                     
000087            hostname-from-app="YES"                                     
000088            fallback-to-plain="NO" />
000089 -->

Remove the XML comments () from around the rule element with action="ftp-proxy" and change ip-address to the IP address of incoming FTP requests or ".*" for all incoming IP addresses:

000081
000082            <rule ip-address=".*"                                       
000083            ports="21"                                                 
000084            action="ftp-proxy"                                         
000085            profile-id="id1"                                           
000086            username-from-app="YES"                                     
000087            hostname-from-app="YES"                                     
000088            fallback-to-plain="NO" />
000089

Create socks.conf (if it does not exist already) and modify it:
```
/opt/tectia/etc: > touch socks.conf
/opt/tectia/etc: > oedit socks.conf
```
Add these lines to the beginning of socks.conf:
```
sockd @=127.0.0.1 198.51.100 255.255.255.255       
direct 0.0.0.0 0.0.0.0         
```
In this example 198.51.100 is the FTP server IP address. Change this to match the IP address of your FTP server.
Note
Instead of socks.conf, it is also possible to store the SOCKS configuration in a data set.
You will need to edit <USERID>.FTP.DATA (if you only want the settings to be used for one user) or TCPIP.FTP.DATA (if you want the settings to be used for all users). In this example we create (if needed) and edit <USERID>.FTP.DATA.
Go to ISPF from USS:
(DO NOT press enter after issuing the following command)
```
/opt/tectia/etc: > ISPF 3.4
```
Press F6 (make sure the F lock is on).
If <USERID>.FTP.DATA does not exist, you need to create it using the characteristics of TCPIP.FTP.DATA.
Add the following lines to <USERID>.FTP.DATA if they do not already exist:
```
SOCKSCONFIGFILE /opt/tectia/etc/socks.conf     
FWFRIENDLY TRUE    
```

	Note
Instead of `socks.conf`, it is also possible to store the SOCKS configuration in a data set.

Now all unsecured FTP traffic to IP address 198.51.100 on port 21 will be secured with SSH SFTP:

/opt/tectia/etc ftp 198.51.100
Using '<USERID>.FTP.DATA' for local site configuration parameters.
IBM FTP CS V1R12
Connecting to:  198.51.100 port: 21.
220--------------------------------------
220--- SSH Tectia FTP-SFTP Conversion ---
220--------------------------------------
220 Your FTP connection will be SECURED!

If you do not see the “SSH Tectia FTP-SFTP Conversion” message your connection is not secure.