Re: Batch job to perform sftp transfer

Bill,

This is a nice example, but IMO it is not ideal in several ways:

1) It relies on copying datasets to temporary HFS files
2) If you ran more than one job at a time, you could have problems
serializing access to the temporary HFS files that you are creating
3) Its more complicated than it needs to be, and might be a maintenance
problem if you had lots of these kinds of jobs.

Some of these problems can be solved by using our free DTLSPAWN utility (a
better BPXBATCH),
which allows you to run a Unix shell from DD STDIN, the way it should be:

//EX1 EXEC DTLSPAWN
//STDIN DD *
export DISPLAY=FOO
export SSH_ASKPASS=$HOME/.ssh/kirkpass.sh

ssh -o "StrictHostKeyChecking=no" \
kirk@xxxxxxxxxxxx cat /path/to/remote.file |
todsn //DD:DOWNLOAD
/*
//DOWNLOAD DD DSN=&&DOWNLOAD,DISP=(NEW,DELETE),
// DCB=(RECFM=FB,LRECL=80)
//

Notes:
1) To answer one of the other questions in this thread: the ssh option
"StrictHostKeyChecking=no" causes the remote host's key to automatically be
added to known_hosts if it doesn't already exist. See the man page for
"ssh_config" for more information.

2) I used /bin/cat with ssh so that I could transfer the data and pipe it to
"todsn".
The IBM version of sftp doesn't support datasets, or even pipes or fifos.
Using ssh and cat only works if the data is ASCII text, since the "ssh"
command will automatically translate ascii<->ebcdic.

3) You can easily put this in a reusable PROC, passing environment variables
in PARM= or STDENV DD.

4) Our free Co:Z toolkit includes all of these tools, and if you also
install it on the remote system you can significantly extend the capabilites
of running plain ssh or sftp.

Regards,
Kirk Wolf
Dovetailed Technologies
http://dovetail.com


On Fri, Feb 22, 2008 at 10:41 AM, Miller, Bill <B.MILLER2@xxxxxxxxxxx>
wrote:

We do batch ssh transfers everyday using IBM's Ported Tools, here is a
sample batch job:

//**********************************************************************
//* STEPS TO EXECUTE SFTP USING PARAMETERS DYNAMICALLY CREATED IN PDLSDG
//**********************************************************************
//PDLSDI10 EXEC PGM=IEBGENER
//SYSPRINT DD DUMMY
//SYSIN DD DUMMY
//SYSUT2 DD PATH='/tmp/sftp',FILEDATA=TEXT,
// PATHOPTS=(OWRONLY,OCREAT,OTRUNC),PATHMODE=SIRWXU
//SYSUT1 DD DSN=&SFTPPARM,DISP=SHR
//*
//PDLSDI15 EXEC PGM=BPXBATCH,
// PARM='SH sftp -b /tmp/sftp -F /gwc/ssh/config
// userid@xxxxxxxxxxxxxxx'
//STDOUT DD PATH='/tmp/&SYSUID..STDOUT',
// PATHOPTS=(OWRONLY,OCREAT,OTRUNC),PATHMODE=SIRWXU
//STDENV DD DSN=FGC.GC.LOS.TMPR.SFTP.PWPARMS,DISP=SHR
//*
//PDLSDI20 EXEC PGM=IEBGENER
//SYSPRINT DD DUMMY
//SYSIN DD DUMMY
//SYSUT1 DD PATH='/tmp/&SYSUID..STDOUT',
// FILEDATA=TEXT,PATHOPTS=ORDONLY,PATHDISP=DELETE,
// RECFM=VB,LRECL=255,BLKSIZE=27998
//DELETE DD PATH='/tmp/sftp',
// FILEDATA=TEXT,PATHOPTS=ORDONLY,PATHDISP=DELETE,
// RECFM=VB,LRECL=255,BLKSIZE=27998
//SYSUT2 DD SYSOUT=*
//*

Here is a sample for
Contents of dataset FGC.GC.LOS.TMPR.SFTP.PWPARMS
DISPLAY=FOO
SSH_ASKPASS=/etc/ssh/ussfile.psw.sh

Here is a sample for the get parms:
lcd ..
ascii
get GWCC.ACK.20080221 /tmp/pmierr.txt
rename GWCC.ACK.20080221 GWCC.ACK.20080221.PRC
!cp /tmp/pmierr.txt "//'FGC.GC.LOS.PROD.PMI.ERROR.FILE'"
!rm /tmp/pmierr.txt
rm GWCC.ACK.200712*
quit

I also have manuals, please contact me and I will send you a copy of the
IBM Ported Tools manauls.
And some other doc if you want it.

Also open an ETR with IBM and they were very helpful getting this to
work.

Bill Miller
Great West Casualty Company
1100 West 29th Street
South Sioux City, NE 68776
Phone: 402-494-7354
Email: b.miller2@xxxxxxxxxxx


-----Original Message-----
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@xxxxxxxxxxx] On
Behalf Of Jon Brock
Sent: Friday, February 22, 2008 10:17 AM
To: IBM-MAIN@xxxxxxxxxxx
Subject: Batch job to perform sftp transfer

WE have a need to begin electronically sending data to a state agency
which has formerly received a tape from us. They have set up an sftp
server on their end and given us the user ID and password they want us
to use. I can sign on to their site from Windows and from a Linux guest
hosted on our mainframe but I have not so far been able to sign on from
z/OS.

It is not possible to start an ssh session from within OMVS under TSO.
Presumably, we should be able to start sshd and sign on from a client
session, but that entails some security work which has not been
performed. (Given the workload on our security guy, I don't look for it
any time soon, either.) This makes testing and experimenting slow.

Ideally, I would like to be able to set up a batch job that can be run
under scheduler control to transmit this file when it is generated. If
I am reading the correct information, though, it is not possible to do
this in batch mode using ID/password authentication. Can anyone say
whether this is correct? Am I going to need to get the remote server to
add our keys to their setup?

Thanks,
Jon

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions, send
email to listserv@xxxxxxxxxxx with the message: GET IBM-MAIN INFO Search
the archives at http://bama.ua.edu/archives/ibm-main.html


#####################################################################################
Attention:
The information contained in this message and or attachments is intended
only for the person or entity to which it is addressed and may contain
confidential and/or privileged material. Any review, retransmission,
dissemination or other use of, or taking of any action in reliance upon,
this information by persons or entities other than the intended recipient
is prohibited. If you received this in error, please contact the sender
and
delete the material from any system and destroy any copies. (GWCC)

#####################################################################################

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to listserv@xxxxxxxxxxx with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html


----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to listserv@xxxxxxxxxxx with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
.

Relevant Pages

  • Re: SPAM sudden increase
    ... up ssh for some sftp session and saw something odd... ... Dude was on a tech call with f-secure and the tech asked, "So, are you ... To which the dude replied, "Yeah, I'm ...
    (alt.2600)
  • Re: SFTP is not working
    ... When I try to use sftp or scp2, I get a message like this: ... sftp and scp2 both actually work by running ssh in a subprocess, ... The reason the shell startup files are relevant at all, ...
    (comp.security.ssh)
  • Re: Secure file transfer
    ... We're talking about SFTP, which is a variant how to use SSH to secure the ... FTP protocol. ... is it better to use AUTH SSL or SSH/SFTP?" ...
    (comp.security.misc)
  • Re: Good sftp server?
    ... >SSH for OpenVMS is capable of doing text transfers. ... >colon on them unless you are using our SFTP client... ... version of the server (and is something I complained about to Multinet ... files between MacOS X and VMS, and use a directory structure on the Mac ...
    (comp.os.vms)
  • Re: Passing password in ssh
    ... ssh -l login host cmd ... That is, execute a command on a remote host, other than ssh? ... You can come up with a way to arrange for the batch job ...
    (Fedora)