Re: sFTP from/to z/OS
- From: kirk@xxxxxxxxxxxx (Kirk Wolf)
- Date: 18 Jun 2008 08:53:28 -0700
Hal,
IBM's Ported Tools for z/OS (OpenSSH) is fully supported by the IBM support
center.
There was an old (unsupported) "tools and toys" version, which is no longer
available.
I'm not sure what you mean by "openware".
IBM's port of OpenSSH, as you point out, does not include support for MVS
datasets or PKI certificates.
A commercial (non-free) product from SSH Communications is available for
z/OS that does support both of these features.
(PKI certificate support, however is not part of the ssh RFC, and as such is
not supported by most implementations).
Also, it is easy to confuse "ssh" with "sftp", since they are both included
in OpenSSH. sftp is a program that uses ssh connections to do file
transfer.
We offer a free product - Co:Z which uses ssh connections to do file
transfer and cooperative processing between z/OS and distributed systems.
It *does* support MVS datasets.
FTP with TLS has its own set of problems - mostly related to headaches for
firewalls and NAT routers, since FTP uses multiple socket connections. SSH
is much cleaner in this respect, which is one reason why it is so popular.
It is also possible to use SSH connections as secure tunnels for FTP
transfers, but this requires that the SSH implementation supports SOCKS
proxies. IBM's current port of OpenSSH doesn't do this, but SSH
Communication's version does.
I agree with your overall sentiment that IBM's z/OS OpenSSH port needs
improvement. IBM has several requirements open - everyone who feels
similarly should file interest in these through the support center and
(continue to) lobby at SHARE.
Regards,
Kirk Wolf
Dovetailed Technologies
http://dovetail.com
On Wed, Jun 18, 2008 at 9:36 AM, Hal Merritt <HMerritt@xxxxxxxxxxxxx> wrote:
Hi Mary, and welcome to the gottahaveitnow club :-)
You have two main paths to take: SSH (secure shell) or TLS (transport
layer security).
TLS is a superset/replacement of SSL (secure sockets).
Each has advantages/disadvantages. SSH is very popular with the *nix,
tinkertoy, and audit crowds, but a huge PITA for the Big Iron. SSH, for
example, can only send/receive HFS/zFS files. That means you have to
copy to/from your ZFS/HFS file system to real world. And ZFS/HFS files
systems tend to be LPAR specific (not shared). Worse, SSH sessions use
ZFS/HFS files, which tends to constrain to a single LPAR. SSH does not
come with z/os, but is 'openware' downloadable from IBM.
TLS proper is nearly trivial to set up and use, but certificate
administration is a large can of nasty worms with bad attitudes and hard
to treat diseases :-) Worse, TLS is free on z/os, but often requires
expensive software on the remote hosts.
I personally like TLS because the same base mechanisms apply to all of
web stuff, FTP, and telnet (TN3270). More, certificated based strategies
appear to be a 'best practice'. But I like the minimal administration of
SSH.
We are driven by customer requests/demands, so we use both.
HTH
-----Original Message-----
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@xxxxxxxxxxx] On
Behalf Of Yukus, Mary J CIV USMEPCOM
Sent: Wednesday, June 18, 2008 8:37 AM
To: IBM-MAIN@xxxxxxxxxxx
Subject: sFTP from/to z/OS
Hi Everyone,
We have the need to start using sFTP on z/OS (via OMVS?) with a very
short
deadline (it always seems to work that way :-) ). We have had FTP
working
for years. Can anyone give me some direction/advice/good books on how
to get
s/FTP working? I'm not the one that configured the FTP, just inherited
it.
Thanks,
Mary :-)
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to listserv@xxxxxxxxxxx with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
NOTICE: This electronic mail message and any files transmitted with it are
intended
exclusively for the individual or entity to which it is addressed. The
message,
together with any attachment, may contain confidential and/or privileged
information.
Any unauthorized review, use, printing, saving, copying, disclosure or
distribution
is strictly prohibited. If you have received this message in error, please
immediately advise the sender by reply email and delete all copies.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to listserv@xxxxxxxxxxx with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to listserv@xxxxxxxxxxx with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
.
- Follow-Ups:
- Re: sFTP from/to z/OS
- From: Rugen, Len
- Re: sFTP from/to z/OS
- References:
- sFTP from/to z/OS
- From: Yukus, Mary J CIV USMEPCOM
- Re: sFTP from/to z/OS
- From: Hal Merritt
- sFTP from/to z/OS
- Prev by Date: Re: Cloning USS files
- Next by Date: Re: Slow FTP transfer from z/OS to Unix
- Previous by thread: Re: sFTP from/to z/OS
- Next by thread: Re: sFTP from/to z/OS
- Index(es):
Relevant Pages
|
|
