Secure File Transfer SSH Quick Start Guide
Assure SecuritySecure File Transfer SSH Quick Start GuideVersion 6.0
Secure File Transfer SSH Quick Start Guide 2019, 2020 Vision Solutions Inc. All rights reserved.This document contains unpublished, confidential, and proprietary information of VisionSolutions Incorporated. No disclosure or use of any portion of the contents of this documentmay be made without the express written consent of Vision Solutions Incorporated.Version 6.0.15.00Last Updated: September 2020
ContentsIntroduction . 4SSH public and private keys . 4Client Setup . 5Installing IBM i5/OS PASE. 5Installing IBM SSH support . 5Step 1: Install the Assure SSH utilities . 5Step 2: Create the host keys for your system. . 6Step 3: retrieving the remote server SSH key into the known hosts file . 7Step 4: First logon to the SSH server . 8Step 5: Send ID RSA.PUB key to SSH server . 9Server Setup. 10Step 1: Create the host keys for your system. . 10Step 2: Import your trading partner’s key. . 11Configuring the Assure SSH Server Support . 12Starting the SSH server in the Assure Security subsystem . 12User setup completion . 12Stopping the Assure SSH server . 12Application logging . 12Processing Received Files with Assure directory Scan . 13Sending Files from a Library . 14Setting up an SSH library scan . 14For outbound processing . 14Definition . 14Library scan . 15File action . 15Sending files from an IFS Directory . 16Script . 16Definition . 17Directory scan . 18File action . 18Problem Determination . 20Assure SSH server . 20System operator messages . 20Application logging . 20Forking error message . 20Lookup user password error message . 20Permissions error message. 21Secure File Transfer SSH Quick Start Guide3
IntroductionAssure Secure File Transfer supports full automation of file transfer using the Secure Shell(SSH) application. The Assure SSH server and client support, and related automation facilities,use the no-charge IBM OpenSSH product 5733-SC1. This is a standard implementation ofOpenSSH and integrates with native IBM i security.Assure Secure File Transfer provides a way to fully automate sending and receiving files withSSH Secure FTP (sFTP). You can send IBM i files in a library or IFS directory to any number ofremote SSH servers. You can also receive files to an IBM i library or IFS directory from anynumber of remote SSH clients. The following documentation will help you set up and activateAssure SSH support.SSH public and private keysLike PGP encryption and SSL FTP, Secure Shell uses public and private keys to protect data asit moves from the source system to the target system. However, Secure Shell creates and usesits own keys. It does not use PGP or SSL FTP keys for this purpose, and you cannot use PGPand DCM keys with Secure Shell. The steps below describe how to create and exchangeSecure Shell keys.4Secure File Transfer SSH Quick Start Guide
Client SetupThe IBM OpenSSH application runs on any version of the IBM i operating system from V5R3 orlater.Installing IBM i5/OS PASEThe IBM OpenSSH application requires the PASE option to be installed on your system. Onnewer IBM i platforms this application is installed by default. Sign on as a system administratorand use the GO command on a command line to display the Licensed Programs menu:go licpgmUse option 10 to Display Licensed Programs. Roll down to locate the option for the PortableApp Solutions Environment. If you see a line like this:"*COMPATIBLEOS/400 - Portable App Solutions Environment"you have already installed the PASE environment. You can skip the install of the PASEenvironment and move to the next step.From the LICPGM menu select option 11 to Install Licensed Programs. Roll down to option 33“OS/400 - Portable App Solutions Environment”, and place a 1 next to it to install the option.Press Enter and confirm your selection. Enter your optical device name (usually OPT01) andtake the remaining defaults. The application will run to install the PASE environment. You do notneed to place the system in a dedicated state, and you do not need to IPL the system.Installing IBM SSH supportOn newer installations of the IBM i the OpenSSH product is already installed. Use theprocedures above to verify installation. If you need to install the product you can use thefollowing steps. Insert the IBM product CD into your IBM i CD Rom reader and use the followingcommands (the product name may be different on your version of IBM i):RSTLICPGM LICPGM(5733SC1) DEV(OPT01) OPTION(*BASE) LNG(2924)RSTLICPGM LICPGM(5733SC1) DEV(OPT01) OPTION(1) RSTOBJ(*PGM)Step 1: Install the Assure SSH utilities1. Access the Assure Secure File Transfer (FTP) Management Menu (where SECOPS isthe default name of the installation library):addlible secopsgo ammain2. From the menu select option 1 for the installation menu. Use option 10, Install SSHPassword Support from the FTP Management Installation menu:Secure File Transfer SSH Quick Start Guide5
3. Press Enter to install the files needed for SSH sFTP password support.4. Use option 11 to Install SSH utilities:5. Press Enter to Install SSH Utilities needed for SSH automation.Step 2: Create the host keys for your system.From the FTP Management Installation menu select option 2 for Configuration, then useoption 18 to Create New SSH User. Put in the user name created above and hit enter. This willautomatically create the needed SSH IFS directories and generate the SSH keys and correctauthorities and ownerships needed for SSH sFTP automated file transfers. These are not thekeys you will send to the remote server, they simply serve to identify and authenticate yourmachine.6Secure File Transfer SSH Quick Start Guide
Step 3: retrieving the remote server SSH key intothe known hosts fileFrom the FTP Management Installation menu use option 2 for Configuration and then option19 to Enroll SSH server:Secure File Transfer SSH Quick Start Guide7
In the SSH user profile field, fill in the user that you created for SSH in step 1. In the SSH serverfield, enter the DNS name or IP address that you were given for the remote server. The defaultport for SSH connections is 22. It can be set to any port number however so make sure it is setto the port number the remote server is using.Press Enter. When the program completes you should now have a listing in your known hostsfile for that DNS or IP address that you used on this screen.If you encounter problems or if you do not see an entry in the known hosts file then you shouldnext try from a command line like below:Manual steps for registering known host key from remote without signing on as SSH user.call qp2termssh-keyscan -t rsa,dsa -p (port number if not 22) (DNS or IP) /home/(yoursshuser)/.ssh/known hostsNow check the known hosts file for the DNS or IP listing.Step 4: First logon to the SSH serverYou should now verify that you can log on to the SSH server, and confirm the authenticity of theserver:8Secure File Transfer SSH Quick Start Guide
call qp2termssh [user]@[remotehost]You should then be prompted to confirm the authenticity of the remote host. Answer ‘yes’.If the server responds with a message that indicates that only SFTP connections are allowedignore the message and exit.Press Enter when nothing happens.Step 5: Send ID RSA.PUB key to SSH serverNOTE: Most implementations of Secure Shell sFTP use public/private key authentication andrequire this step. However, If you are authenticating with a password instead ofpublic/private key authentication, you may not need to perform this step. Consult withremote server administrator for instructions.In your user directory /home/[USER]/.ssh you should have a file named id rsa.pub. Thiscontains your public key. The remote SSH server should have this key installed in its authorizedhosts file. You can FTP this file to your PC and send it to the SSH server administrator to addthe key.The steps on the remote SSH server are:(make the .ssh dir)mkdir .ssh("add" your public key to the authorized key list by just renaming it)mv id rsa.pub .ssh/authorized keys(adjust permissions)chmod 600 .ssh/authorized keysSecure File Transfer SSH Quick Start Guide9
Server SetupServer setup is similar to the client Secure Shell (SSH) installations.Step 1: Create the host keys for your system.These serve to identify/authenticate your machine.call qp2term# On V5R4:cd etc# On V6R1:cd 1/etc# On V7R1:cd etcPwd(verify that we are in the correct path from the previous step!)ssh-keygen -t rsa1 -b 2048 -f ssh host key -N ''ssh-keygen -t rsa -b 2048 -f ssh host rsa key -N ''ssh-keygen -t dsa -b 2048 -f ssh host dsa key -N ''exit(Press F3 to exit)Log-on to your IBM i as the user you created in step 1. Setup the user’s home directory (replace[user] with the username):call qp2termmkdir /home/[user]mkdir /home/[user]/.sshCreate a couple of required files:touch /home/[user]/.ssh/authorized keys(creates an empty file)touch /home/[user]/.ssh/known hostsEnsure that the permissions for all the files and directories are correct:chmod 755 /home/[user]chmod 755 /home/[user]/.ssh10Secure File Transfer SSH Quick Start Guide
chmod 600 /home/[user]/.ssh/authorized keyschmod 644 /home/[user]/.ssh/known hostschown -R [user] /home/[user]Press F3 to exit.Step 2: Import your trading partner’s key.In this example, client id rsa.pub is the client’s public key. This is usually called id rsa.pub bydefault. This command will append the contents of client id rsa.pub to the authorized keys file.call qp2termcat /path/to/client id rsa.pub /home/[user]/.ssh/authorized keysexit(Press F3 to exit)Secure File Transfer SSH Quick Start Guide11
Configuring the Assure SSH ServerSupportA user profile is created by the install, with the same name as the instance. When the AssureSecurity subsystem starts, the SSH server job will also start under this user profile.Note: All licensed features of the Assure Security product use the Assure Security subsystem.The subsystem name is the same as the name of the product installation library, which defaultsto SECOPS.Starting the SSH server in the Assure SecuritysubsystemThe SSH server is automatically started when you start the Assure Security subsystem. You willfind a job named SSH SERVER running in the subsystem. Note that several job logs will becreated with the same job name during start up. This is normal start up activity and does notrepresent a problem.You can also use the Assure menu option to start the server. The menu option is located on theoperator’s menu AMOPER. There is also an option to stop the server on the same menu.User setup completionYou are now ready to accept connections from an SSH client. The client user can be on anotherIBM i platform, a UNIX or Linux platform using an SSH client, or from Windows using PUTTY orany other SSH client application.Stopping the Assure SSH serverUse option 33 from the ANOPER menu to stop the Assure SSH server. You can also stop theserver by ending the subsystem. Note: this will also end all other licensed security featuresrunning on the subsystem.Note: All licensed features of the Assure Security product use the Assure Security subsystem.The subsystem name is the same as the name of the product installation library, which defaultsto SECOPS.Application loggingYou can enable application logging by selecting option 1 in the FTP Management ConfigurationMenu and entering 1 in the Enable Logging option. The Assure SSH server job will start theSSH server daemon in debug mode. The debug output will be sent to the spooled file QPRINTin the SSH SERVER job. This output can help with problem determination. It should normallybe turned off.12Secure File Transfer SSH Quick Start Guide
Processing Received Files with Assuredirectory ScanWhen files are sent to the Assure SSH server on the IBM i platform they will normally be placedin the default directory for the user. For most users this will be /home/[user-profile]. You canautomatically receive these files into a library and your user applications using the Assuredirectory Scan facility. See the Assure Secure File Transfer documentation for instructions onhow to set up Directory scan.Directory scan can convert many different ASCII file formats to usable library file formats.Assure Secure File Transfer can convert ANSI X.12 EDI files, ASCII text files, and otherformats. It is also extensible so that you can write your own applications to convert the data.With Assure directory Scan you can fully automate receiving and processing files into yourbusiness applications.Secure File Transfer SSH Quick Start Guide13
Sending Files from a LibraryYou can automatically send files from an IBM i library using the Secure File Transfer libraryscan facility. Secure File Transfer library scan can convert the file to the ASCII character setbefore sending via a Secure sFTP session. To send files via sFTP you must create an FTPscript and FTP definition. The FTP definition will have a session type of “SSH sFTP”. SecureFile Transfer library scan will then know to use the SSH sFTP client to send the file.Files are automatically sent from the SCAN LIBR job running in the Assure Secure FileTransfer subsystem. When the file has been transferred it will be moved to the backup libraryyou specify.See the Assure Secure File Transfer documentation for a description on how to set up LibraryScan.Setting up an SSH library scanLibrary Scan is designed to work with files in a library and either send a file to a remote serveror process a file into your database.You will need to create a script, a definition, a scan job, and a file action.Some information you will need for the set up is:1.2.3.4.What is the DNS or IP address of your remote server?What is the User ID and passphrase for signing on?Do you need to change directory when you sign on?Do you have a library created to scan? (we recommend that you not use a productionlibrary and that you create one specifically for the scan job).For outbound processingFrom the FTP Management Installation menu, select option 2 for Configuration then option 3for Work with scripts.Find the script called SSH. Copy this one to a new name and edit it as needed.Depending on what type of server you are connecting to and the directory requirements, theremay be other lines you need to insert. If you have any questions, go to support.precisely.com.DefinitionYou next step is to create a definition that looks to your script for commands and passes it theremote information. Use option 2 (Work with definitions) from the FTP ManagementConfiguration Menu. Make a copy of SSH and edit it for the remote information. For the sake ofclarity you might name it the same name as your script.On the first screen replace the member name for the script file with the script you created in theprevious step. And at the bottom of this same screen you will see the options:14Secure File Transfer SSH Quick Start Guide
Local file & Remote file or *FILE, make those options:Local file . . . . . .LOCALRemote file or *FILE .*FILEOn the 2nd screen make the necessary changes for the remote server: User ID, password, andDNS or IP address.Now press Enter all the way through for it to accept the changes.Library scanTo set up a scan over this library, go to the FTP Management Configuration Menu and selectoption 4 for Work with Scan Libraries. Press F6 to add a new one. You must name itwhatever the name is of the library you are scanning. Give it a description.Press Enter all the way through and you will see the new scan added to the list.File actionA file action tells Secure File Transfer what to do with the files it finds in the library. Put a 12 byyour library scan and then press F6 to add a new file action. There are 3 ways to name a fileaction. You can name it with a specific file name if you know that name and it is consistent everytime. You can name it with a generic name if the first few characters of all the files are the samebut the ending of the name is unique (such as a date/time stamp).You can name the file action *ANY to process all files the same way.You can use several file actions in the same Library Scan all doing different things to differentfiles. Library Scan will find the first file and see if there is a specific file action for the first file. IfYES, it will process that file accordingly, if NO it will see if there is a generic file action for thatfile.If YES, it will process that file accordingly, if NO it will see if there is a ANY file action. If yes itwill process this file using that file action, and if there is no ANY it will not do anything to that fileand go look at the next file.1. Name your file action and give it a description.2. Make Perform FTP session 1 for yes for sending files to a remote server. The FTPSession name is the name of definition you created in the previous step. Make sure tomark the session also as an SSH session. Press Enter and go to the next screen.3. This next page is for archiving the file. Press Enter all the way through to add the FileAction to the Library Scan. If your subsystem is active this job will run with the next timethe Scan function runs.Secure File Transfer SSH Quick Start Guide15
Sending files from an IFS DirectoryYou can automatically send files from an IBM i IFS directory, QNTC directory, or NFS mounteddirectory, using the Assure directory Scan facility. To send files via Secure FTP you must createan FTP script and FTP definition. The FTP definition will have a session type of “SSH sFTP”.Secure File Transfer library scan will then know to use the SSH sFTP client to send the file.Files are automatically sent from the SCAN DIRS job running in the Assure Secure FileTransfer subsystem. When the file has been transferred it will be moved to the backup directoryyou specify.See the Assure Secure File Transfer documentation for a description on how to set up DirectoryScan.Directory Scan is designed to work with files in your IFS directory and will send a file to a remoteserver using the parameters you specify.You will need to create an FTP script, an FTP definition, a scan job, and a file action.Some information you will need for the setup is:1. What is the DNS or IP address of your remote server?2. What is the User ID and passphrase (if you are using password authentication) forsigning on?3. Do you need to change directory when you sign on?4. A directory created in the IFS directory to scanScriptFrom the FTP Management Installation menu select option 2 for Configuration then option 3for Work with scripts.Find the script called SSH. I suggest copying this one then edit it as needed.You will notice that it has only 5 lines:*************** Beginning of data *****0001.00 pwd0003.00 put &ll0004.00 ls &rr0005.00 quit****************** End of data ********It does a PWD (print working directory)Then we put the local file (&ll).Then we try to list the file on the remote to make sure it was transferred.16Secure File Transfer SSH Quick Start Guide
And then exit.Depending on what type of server you are connecting to and if you need to change to a differentdirectory and there may be other commands you need to insert. It is important to know that notall standard FTP commands have an equivalent in SSH. If you have any questions about how toproceed, go to support.precisely.com.DefinitionYour next step is to create an FTP definition that looks to your script for commands and passesit the remote information. Use option 2 (Work with FTP definitions) from the FTP ManagementConfiguration Menu. Make a copy of member SSH and edit it with the remote information. Youcould name the FTP definition the same name as your script for simplicity and clarity.On the first screen, replace the member name for the script file with the script you created in theprevious step. And at the bottom of this same screen you’ll see the options: “Local file” &"Remote file or *FILE" make those options:Local file . . . . . .LOCALRemote file or *FILE .*FILEOn the second screen, make the necessary changes for the remote server: User ID, password,and DNS or IP address. SSH can support session authentication that only uses a certificate anda user ID (in these cases leave the password parameter blank) or can use a user ID and apassword for authentication (in this case you will fill in the password and have anotherparameter to change on a later screen).On the 3rd screen there are more parameters for SSH sessions. They are:SSH file end of line . . . . . .11 CR/LF, 2 LF, 3 CREnter 1 to use Carriage Return and Line Feed for the end of line characters. Enter 2 to usejust a Line Feed. Enter 3 to use just a Carriage Return.SSH sFTP password option . . . .21 Yes, 2 NoEnter 1 for Yes to use password authentication for the client SSH sFTP session. Enter 2 for Noto use public/private key authentication. If you are not using a password you must usecertificates.SSH sFTP user. . . . . . . . .If you specified Yes to use password control, enter a user name for this SSH sFTP session.SSH sFTP user path . . . . . . .If you specified Yes to use password control, enter a path for the password program. This is anIFS path for the password program. The program name will be the same name as this FTPdefinition and it will reside in this path. For example:SSH sFTP user path . . . . . . . /home/USER/.sshSecure File Transfer SSH Quick Start Guide17
Directory scanTo set up a scan over a directory, go to the FTP Management Configuration Menu and selectoption 5 for Work with Scan Directories. Press F6 to add a new one. You can name itanything you like (unlike Library Scan in which you need to name it the name of the library youare scanning). Give it a description.In the path option put in the entire path to the directory. You must use the forward slash as thefirst character, and do not include the name of the file. You can scan a directory within adirectory within a directory.Press Enter all the way through and you will see the new scan added to the list.File actionA file action tells Secure File Transfer what to do with the files it finds in the directory.1. Put a 12 by your directory and then press F6 to add a new file action. There are 3 waysto name a file action. You can name it with a specific file name if you know that nameand it is consistent every time. You can name it with a generic name if the first fewcharacters of all the files are the same but the ending of the name is unique (such as adate/time stamp). You can name the file action *ANY to process all files the same way.You can use several file actions in the same Directory Scan all doing different things todifferent files. Directory Scan will find the first file and see if there is a specific file actionfor the first file. If YES, it will process that file as defined by that file action. If NO it willsee if there is a generic file action for that file.If YES, it will process that file as defined by that file action. If NO it will see if there is a*ANY file action. If yes it will process this file using that file action, and if there is no *ANYit will not do anything to that file and go look at the next file.Press Enter and go to the next screen.2. Choose how you want to archive the file after it’s processed and put in a path to thedirectory into which you want to archive the file (or choose ‘delete’).The Perform FTP Session option means “send the file to a remote server” so you wantthat set to 1 for Yes and the Session name is the name of the definition you created in theprevious step.For an SSH ftp session (SFTP) you will need to set the ssh option to Yes, like this:Perform FTP session. . . . . .1FTP session name . . . . . . .SSHSession type . . . . . . . . .21 Yes, 2 No1 FTP, 2 SSH sFTPPress Enter all the way through for it to create this file action and you will see it added tothe Scan directory.If your subsystem is active this job will run the next time the Scan function executes.You can scan IFS or QDLS directories for automatic processing.You should not use the /tmp directory as some IBM applications place temporary files inthis directory.18Secure File Transfer SSH Quick Start Guide
Be sure to specify adequate public authority on the directory so that Secure File Transfercan process the files.Please note that the /QDLS file system has special requirements. Before you can access theQDLS file system a user must be added to the system distribution directory using the Work WithDirectory Entries (WRKDIRE) command. The QDLS file system also has limitations on the lengthof file names. It is recommended that you use the IFS file system rather than the QDLS filesystem.If you will be using the directory scan function you should be familiar with authority managementon IFS files. The IBM i treats these files differently than library files. For example, programscannot adopt authority to process files in the IFS file system. Please see the section on IFS FileAuthority before implementing directory scan.You can get more information on IFS authorities if you do a search under solutions for “IFSauthority”.Secure File Transfer SSH Quick Start Guide19
Problem DeterminationIn the event you have difficulties with an SSH transfer to or from the IBM i platform, the followingprocedures may help you identify the cause of the problem.Assure SSH serverThe Assure SSH server must be active in the Assure Security subsystem before any files canbe received. Use the Work With Active Jobs (WRKACTJOB) command and view the jobs in thissubsystem. You should find a job named SSH SERVER. If you do not find this job check yourconfiguration settings to see if the job is set to automatically start. Restart the subsystems oruse the option on the Assure Operator’s menu AMOPER to start the job.If the job will not start you can enable detailed job logs by calling program ANLOGON and resubmitting the job. You should now have a detailed job log. The program ANLOGOFF can beused to set job logging back to normal level.System operator messagesWhen Assure Secure File Transfer encounters a problem sending or receiving a file with SSHsFTP it sends a message to the system operator’s message queue. Use the DSPMSG commandto view these messages. Many of the messages have second level text. You can use F1 or theHELP key to view this text.Application loggingThe Assure SSH client and server applications will create extra diagnostic information when theglobal option for application logging is enabled. From the FTP Management Configuration menuselect option 1 and turn on Application Logging. You should restart the subsystem for thissetting to take effect. When application logging is enabled there will be additional informationwritten to the job log and to output spooled files in the job.Note: All licensed features of the Assure Security product use the Assure Security subsystem.The subsystem name is the
4 Secure File Transfer SSH Quick Start Guide . Introduction Assure Secure File Transfer supports full automation of file transfer using the Secure Shell (SSH) application. The Assure SSH server and client support, and related automation facilities, use the no-charge IBM OpenSSH product 5733-SC1. This is a standard implementation of
Reflection for Secure IT Help Topics 7 Reflection for Secure IT Help Topics Reflection for Secure IT Client features ssh (Secure Shell client) ssh2_config (client configuration file) sftp (secure file transfer) scp (secure file copy) ssh-keygen (key generation utility) ssh-agent (key agent) ssh-add (add identities to the agent) ssh-askpass (X11 passphrase utility)
By using a client such as FileZilla or MobaXterm for SFTP in order to transfer files, you're already using SSH - SFTP is secure FTP (File Transfer Protocol), or FTP over SSH. SFTP uses the non-secure method of FTP over the secure SSH channel. Without the encryption of SSH (the "secure" portion of secure shell), any files can be read simply by
Double-click the SSH Secure File Transfer Client icon on your desktop window. This . SSH Secure File Transfer GUI . Next click on "Quick Connect" in the third menu bar from above. A new window comes up in which you have to enter the host machine you want to connect to, as well as you username for your OIT Unix account (Figure 2). The .
SSH, the Secure Shell The Definitive Guide Daniel J. Barrett, Richard E. Silverman, . 5.10 Compatibility Between SSH-1 and SSH-2 Servers 223 5.11 Summary 226 6. Key Management and Agents 227 6.1 What Is an Identity? 227 6.2 Creating an Identity 233 6.3 SSH Agents 242 6.4 Multiple Identities 260 6.5 PGP Authentication in Tectia 262 6.6 Tectia External Keys 264 6.7 Summary 265 vi Table of .
SSH, the Secure Shell The Definitive Guide Daniel J. Barrett and Richard E. Silverman . F-Secure SSH Server 129 4.3. OpenSSH ISO 4.4. Software Inventory 134 4.5. Replacing R-Commands with SSH 135 4.6. Summary 138 5. Serverwide Configuration 139 5.1. The Name of the Server 140 5.2. Running the Server 141 5.3- Server Configuration: An Overview 143 5.4. Getting Ready: Initial Setup 148 5.5 .
Secure SFTP file transfer. Standalone DOS command-line utilities for ssh, ssh-keygen, sftp, and scp. 8 Reflection for Secure IT Client for Windows. 2 . click Attachmate Reflection SSH Client. 2 On the Reflection for Secure IT toolbar, click the Connect/Disconnect button: 3 Enter your host and user name in the Connect to Host dialog box and .
SecureCRT . This paper describes how secure file transfer works, where it can be used, and the support provided by these products. Secure Shell Safeguards File Transfer Secure Shell is an Internet standard originally designed to enable secure remote logon. Secure Shell employs state-of-the-art cryptographic technology to safeguard bits in transit
DEPARTMENT OF ASTROPHYSICS INTRODUCTION The University Observatory, also known as the Department of Astronomy, was designed by architect Charles Barry. Located in the University Parks, it was built in 1873-5 to house a school of astronomical physics, the main focus of which would be research. Howard Grubb, astronomical instrument maker, was commissioned by the University to build a 12.25 inch .
