Scott Roth · Dec 5, 2016

Using %Net.SSH.Session to do scp

Does anyone have a good example of using %Net.SSH.Session  to do a scp copy of a file from one server to another? I tried calling do $ZF(-1,"scp /ensemble/Scott/sr1.dat egate@inteng3:/home/egate/Scott/") but did not have any success in getting the system to copy the file over to what I am calling inteng3.



1 0 6 669
Log in or sign up to continue


Why not use SFTP for that?

The following method shows how you can get a list of the files on a server, via SFTP:

Method SFTPDir(ftpserver, username, password) As %Status
    set ssh = ##class(%Net.SSH.Session).%New()
    do ssh.Connect(ftpserver)
    do ssh.AuthenticateWithUsername(username,password)
    do ssh.OpenSFTP(.sftp)
    do sftp.Dir(".",.files)
    set i=0
    while $data(files(i))
        write $listget(files(i),1),!
        set i=i+1
        // set st = sftp.Get(files(i), "C:\Temp\myfile.ext")
    quit $$$OK

To download file(s) uncomment the line. Documentation.

Fixing the documentation.  There aren't plans right now to add scp support.

This is just another one of our servers that we use. We don't necessarily use SFTP to transfer files between our servers, just SCP. I am wondering if it is an issue with our keys that we have saved off, and not in Ensemble but at the OS Level.

Presumably, it's a security issue. Check effective UID and GID of your Caché processes. To do it, you may check parameters.isc file from Caché install directory for lines like these: 

security_settings.cache_user: cacheusr
security_settings.cache_group: cacheusr

Unlikely user cacheusr has access rights to other user's home directory.

csession processes are the exception from others as they inherit calling user's UID.

IMHO, it's better to use some neutral folder for file exchange, e.g. "/tmp/myexchange", as in this case it's much easier to establish appropriate assess rights for each side involved in exchange.

P.S. UNIX® Users, Groups and Permissions stuff is well-documented, see:

There is a known problem with our documentation, scheduled to be fixed in 2017.1.

The class documentation for %Net.SSH.Session states: "Once connected and authenticated, the SSH object can be used to perform SCP (Secure Copy) operations of single files to and from the remote system".

This is not true.  There is no way to use %Net.SSH.Session to do a secure copy.


Are you fixing the documentation to remove the reference to scp, or fixing %Net.SSH.Session to support it? From the way your answer is worded, I'm suspecting the former ...

sftp and scp are individually configurable services in ssh, and in my experience you can't be guaranteed that one or the other is available at a given customer site. If scp currently isn't supported, it would be useful to have. Getting sysadmins to turn on services that are purposely disabled can be  ... challenging :)