If your site is moving toward using a more secure method of file transfer, you might want to know the differences between the three types of FILENAME Access Method: FTP, FTP/TLS, and SFTP. Here are three tables listing the important differences between the FILENAME Access Methods.
See the table below for details about the FILENAME FTP Access Method:
| Description |
- Unsecured form of File Transfer Protocol (FTP)
- Uses the FILENAME FTP engine
|
| Supported Host |
- Can be used on any type of SAS® client host (UNIX, Windows, and z/OS) to any remote FTP server
|
| Requirements |
- The FTP server must be running on a remote host
- Assumes that the remote FTP server is listening on Port 21. If it is not, refer to the PORT= parameter in FILENAME FTP
- The default mode is ACTIVE. Support for PASSIVE mode is available in SAS® 9.3 TS1M0
|
| Authentication |
|
| How to Debug connection |
- You must be able to use FTP outside of SAS
- Add DEBUG to the FILENAME FTP statement to see the communication between SAS and the remote FTP server
|
See the table below for details about the FILENAME FTP/TLS Access Method:
| Description |
- Secured form of FTP using SSL/TLS protocol and SSL/TLS certificates
- Uses the FILENAME FTP engine
- Sometimes referenced as FTPS
|
| Supported Host |
- Can be used on any type of SAS client host (UNIX, Windows, and z/OS) to any remote FTP server supporting AUTHTLS
|
| Requirements |
- Supported in SAS® 9.4 TS1M2 with the hot fix installed (SAS Note 56154) and in SAS® 9.4 TS1M3 and later
- The FTP server must be running on a remote host supporting AUTHTLS
- Set up SSL/TLS certificates (See Certificates Explained for more information.)
Beginning in SAS 9.4 TS1M3, Mozilla CA bundles shipping with SAS and SAS option SSLCALISTLOC= set to their location on UNIX host and z/OS - Set the AUTHTLS environment variable or FILENAME FTP parameters (AUTHTLS, PROT, PBSZ)
- Using the environment variable enables you to not change any existing FILENAME FTP code
- Assumes that the remote FTP server is running on Port 21. If it is not, refer to the PORT= parameter in the FILENAME FTP documentation
- The default mode is ACTIVE. To use PASSIVE mode, add the PASSIVE parameter to FILENAME FTP statement
|
| Authentication |
|
| How to Debug connection |
- You must be able to use FTP/TLS outside of SAS
- Add DEBUG to the FILENAME FTP statement to see the communication between SAS and the remote FTP server
Note: If set up correctly, you should see the AUTHTLS command in the debug output.
|
See the table below for details about the FILENAME SFTP Access Method:
| Description |
- Secured file transfer using SSH protocol and SSH key pairs
- Uses the FILENAME SFTP engine
Note: If you take existing FILENAME FTP syntax and just alter the engine to SFTP, many parameters will be flagged as invalid. (For example, PASS= will result in "ERROR 23-2: Invalid option name PASS".)
|
| Supported Host |
- Can be used on UNIX and Windows SAS client hosts to connect to any remote OpenSSH server executing on a UNIX host or z/OS
|
| Requirements |
- Set up SSH key pairs for public-key authentication
- Remote OpenSSH server is running on UNIX host or z/OS that supports protocol level SSH-2
- FILENAME SFTP is dependent on the default OpenSSH server messages
- Although not supported, FILENAME SFTP might work with remote Windows OpenSSH server or other remote SSH servers
- The default port is Port 22. If the OpenSSH server is running on a different port, see “Example 2”
- The UNIX client must use OpenSSH SFTP
- The Windows client must use PUTTY
- SAS Note 61368: "You can use the FILENAME PIPE access method as an alternative way of executing SFTP"
- TS800: "Configuring SSH Client Software in UNIX and Windows Environments for Use with SFTP"
|
| Authentication |
- SSH key pairs for public-key authentication
- By default, does not support PASSWORD authentication or metadata authentication
- For an example workaround for password authentication, refer to “Example 6” in FILENAME SFTP
|
| How to Debug connection |
- You must be able to use SFTP outside of SAS
- Add OPTIONS= -v to the FILENAME SFTP statement to see the communication between SAS and the remote OpenSSH server Note: You can alternatively specify the -vv or -vvv options to get additional debugging details.
- Add DEBUG to the FILENAME SFTP for additional informational messages
|