As of: Kermit 95 2.1.3, C-Kermit 8.0.211
This File Last Updated: Thu Aug 19 13:15:05 2004

[ Kermit FTP Clients ] [ Kermit FTP FAQ ] [ Scripting Tutorial ]

First Health Services Corporation is provider for many state Medicare programs, including Alaska, Arkansas, Florida, Georgia, Kentucky, Maryland, Michigan, Montana, Nebraska, Nevada, New Hampshire, New Jersey, New York, North Carolina, Ohio, Oklahoma, Oregon, Pennsylvania, South Carolina, Tennessee, Vermont, and Virginia. First Health requires FTP connections to be secured by SSL (TLS). Connections are to host on TCP port 21000 and should be in passive mode. The page describes how to set up connections to First Health from the Kermit FTP client: Kermit 95 for Windows or OS/2, or C-Kermit for Unix (Linux, Solaris, Mac OS X, HP-UX, AIX, Tru64, SCO, etc).

CAUTION (19 Aug 2004):

Due to past misconfiguration of the First Health FTP Server it was impossible for secure connections to be established. The recommended configuration advised that TLS Verification be turned OFF in order to allow for automated connections. Now that the proper security configuration is in place on the First Health FTP Server it is important that TLS Verification be turned ON in order to prevent against Man in the Middle attacks.

In your script the command "SET AUTH TLS VERIFY NO" should be replaced with "SET AUTH TLS VERIFY PEER". On the dialer's SSL/TLS connection page, the Certificate Verify mode should be set to "Peer certificates must be presented and verified; if not, fail".

Use the following commands to access the First Health site. In addition, if your FTP client is behind a firewall, you will also need to configure your firewall to allow outbound sessions to be established on TCP ports 21001-21100 for the dynamic FTP data channel.

set auth tls verbose off    ; Or "on" for debugging
set auth tls debug off      ; ditto
set ftp debug off           ; ditto
set ftp verbose on          ; Or "off" for silent(er) running

set ftp dates on            ; Setting file dates works
set ftp filenames literal   ; Don't convert filenames
set auth tls verify peer    ; Verify First Health cert (OK as of Aug 2004)

set ftp autologin on
set ftp passive on
set ftp autoauthentication on
set ftp autoencryption on
set ftp credential-forwarding off
set ftp authtype tls
set ftp server-character-set ascii
set ftp character-set-translation off
ftp open 21000 /user:username
if success {
    set ftp command-protection-level private
    set ftp data-protection-level private

You can use the same commands in C-Kermit and Kermit 95. In Kermit 95, you can also create the connection by making a Dialer entry and filling in its General, FTP, and TLS pages with the corresponding information:

Also see: Accessing IBM Information Exchange with the Kermit FTP Client

[ Top ]

First Health FTP Site / Kermit Project / Columbia University /