sftp interactive under uss shell?
Joel Ivey
"sftp is an interactive file transfer program similar to ftp which performs
all operations over an encrypted ssh transport. It may also use many
features of ssh, such as public key authentication and compression. sftp
connects and logs into the specified host and then enters an interactive
command mode."
For those who use sftp on zOS, do you enter this interactive mode using the
uss shell? I haven't made much progress trying to get an interactive
session under the uss shell, and wanted to make sure this is the way that
it's supposed to be done. Or is otelnet the only way to establish the
interactive mode?
Thanks,
Joel
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to list...@bama.ua.edu with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
gil...@ibm-main.lst
> Date: Wed, 23 Nov 2005 11:33:14 -0600
>
> For those who use sftp on zOS, do you enter this interactive mode using the
> uss shell? I haven't made much progress trying to get an interactive
> session under the uss shell, and wanted to make sure this is the way that
> it's supposed to be done. Or is otelnet the only way to establish the
> interactive mode?
>
How would you use otelnet without getting to a "uss" shell?
-- gil
--
StorageTek
INFORMATION made POWERFUL
McKown, John
> From: IBM Mainframe Discussion List
> [mailto:IBM-...@BAMA.UA.EDU] On Behalf Of Paul Gilmartin
> Sent: Wednesday, November 23, 2005 12:19 PM
> To: IBM-...@BAMA.UA.EDU
> Subject: Re: sftp interactive under uss shell?
>
>
> In a recent note, Joel Ivey said:
>
> > Date: Wed, 23 Nov 2005 11:33:14 -0600
> >
> > For those who use sftp on zOS, do you enter this
> interactive mode using the
> > uss shell? I haven't made much progress trying to get an
> interactive
> > session under the uss shell, and wanted to make sure this
> is the way that
> > it's supposed to be done. Or is otelnet the only way to
> establish the
> > interactive mode?
> >
> How would you use otelnet without getting to a "uss" shell?
>
> -- gil
> --
> StorageTek
> INFORMATION made POWERFUL
Well, if you're a masochist, you use TSO OMVS to get a UNIX shell. I
confess to doing this sometimes. This is an interactive shell. I have
used it to do ftp (not sftp) functions with no problems. Granted, it is
just as easy to do ftp from TSO ISPF option 6 or the "READY" prompt.
Or did you mean that otelnet will only get a "uss" shell. I.e. it cannot
be used for anything else. Well, I guess that depends on what you call a
"shell". If you are strange enough, you could make a person's "shell"
something like: "tn3270 127.0.0.1 xxxx" where "xxxx" is a port defined
to TCPIP as a TN3270 port. Also assuming that you find a tn3270 program
for z/OS UNIX (there doesn't appear to be one in z/OS 1.4). Most
"server" userids that I have defined which must have an OMVS segment,
end up with "/bin/true" as the "shell". And they don't have a TSO
segment or CICS segment. Neither are they on the APPL profiles for our
CICS regions. This stops them from being used "interactively".
--
John McKown
Senior Systems Programmer
UICI Insurance Center
Information Technology
This message (including any attachments) contains confidential
information intended for a specific individual and purpose, and its'
content is protected by law. If you are not the intended recipient, you
should delete this message and are hereby notified that any disclosure,
copying, or distribution of this transmission, or taking any action
based on it, is strictly prohibited.
John S. Giltner, Jr.
> The user's guide for openSSH states,
>
> "sftp is an interactive file transfer program similar to ftp which performs
> all operations over an encrypted ssh transport. It may also use many
> features of ssh, such as public key authentication and compression. sftp
> connects and logs into the specified host and then enters an interactive
> command mode."
>
> For those who use sftp on zOS, do you enter this interactive mode using the
> uss shell? I haven't made much progress trying to get an interactive
> session under the uss shell, and wanted to make sure this is the way that
> it's supposed to be done. Or is otelnet the only way to establish the
> interactive mode?
>
> Thanks,
> Joel
I'm not sure what is meant by "interactive mode".
You must have ssh up and working. You do not really ssh to the z/OS
host, you actually must have a sftp client and you "sftp" to z/OS.
Under the covers this does create a ssh session to Unix System Services.
Depending on your requirments we found that ftps (FTP SSL'ed) was easier
to implment and use. One big advantage of FTP SSL is that it is full
real ftp and so you can ftp to/from MVS data sents. ssh FTP only allows
you to ftp files in HFS or ZFS systems.
Stuart Holland
initiatate the file transfer on z/OS, and connect to a server somewhere
else), you must access z/OS using an ssh connection. The sftp command
will not allow a connection from OMVS or a telnet session. This is to
ensure the security of the transfer. If you are logged on to z/OS using
any method that ssh/sftp can not ensure is secure, it defeats the point
of using ssh/sftp. You must use an ssh client to access z/OS, which will
put you into a command shell under USS. You will only have access to the
USS file system and commands. From there, you can use the sftp command
to perform file transfer with other computers.
As others have mentioned, ftps is easier. However, if you work in a shop
like mine, it is not an option (except for z/OS to z/OS). Our Unix and
Windows systems only support sftp.
Chris Mason
If there has been any further chat about this I've missed it or maybe
Thanksgiving has quieted everything down for the long weekend.
I'm here just to make a quick comment over "interactive mode".
I guess this is a reference to the FTP connection over which commands and
responses are exchanged - and which, I believe, uses some cut-down version
of TELNET. This exchange is characterised by the use of port 21 on the
machine running the FTP server.
Simple use of the traditional FTP actually performs data transfers using
port 20 on the FTP server. I expect it can all get a lot more complicated
than this.
I know this well since, in a long forgotten flavour of AnyNet, the sockets
over SNA version which permi - I guess I'm obliged to use the past tense -
permitted a customer to run these wonderful IP-based programs over his
well-established, well-understood, well-ordered and predictable SNA network,
marketing people, check the bumpf if it's still to be found, always used the
TELNET port, 23, as an example of a port which should be mapped to the SNA
"interactive" class of service (COS) and the FTP port, 21, as an example of
a port which should be mapped to the SNA "batch" COS - which is rubbish, of
course. What they should have said - if there was an ounce of savvy among
them - is that port 21 should also be associated with the SNA "interactive"
COS and it's port 20 which should have been used as an example of a port to
be associated with the SNA "batch" COS.
Chris Mason
Again today the newsgroup server is obliging me to remove the "Original
Message". In essence, as far as this post is concerned, John Giltner, was
asking what "interactive mode" in connection with some flavour of FTP called
SFTP which is what the thread is really all about.
If someone knows how to get round this unfriendly behaviour of the server,
please let me know.
John S. Giltner, Jr.
Chris,
Thanks, I know how ftp works, I just never heard it called "interactive
mode" before. Normally port 21 is the control/command
connection/session and "the other port" (number depends on if it is
passive or active) is the data connection/session.
As for the other problem I find that sometimes i can get the message
through if I remove the "For IBM-MAIN subsriber ... " text that is added
to the end of the posts.
John Giltner
Shmuel Metz , Seymour J.
at 11:33 AM, Joel Ivey <ji...@SCES.ORG> said:
>For those who use sftp on zOS, do you enter this interactive mode
>using the uss shell?
What are you trying to ask? You can get into a Unix (*not* USS, which
is something unrelated) from TSO or by logging on directly, e.g., via
Telnet. If you log on via ssh, you get the same shell, but in a more
secure fashion. Are you saying that sftp behaves differently for two
of those three environments?
>Or is otelnet the only way to establish the interactive mode?
I doubt it.
--
Shmuel (Seymour J.) Metz, SysProg and JOAT
ISO position; see <http://patriot.net/~shmuel/resume/brief.html>
We don't care. We don't have to care, we're Congress.
(S877: The Shut up and Eat Your spam act of 2003)
Joel Ivey
From my linux workstation, I can sftp all day. In zOS, I cannot establish
an sftp session in what the zOS Ported Tools manual calls "interactive mode"
under the uss shell. (sftp can not be executed under OMVS, according to the
error message stating so when that attempt is made.) My question is simply
how do I enter into this "interactive mode" with sftp (ssh) using the uss
shell? I need to be prompted for a password under zOS as in Linux.
Note the differences in the debug log between my linux ws and zOS...
LINUX ws:
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/bubbajoe/.ssh/id_rsa
debug3: no such identity: /home/bubbajoe/.ssh/id_rsa
debug1: Trying private key: /home/bubbajoe/.ssh/id_dsa
debug3: no such identity: /home/bubbajoe/.ssh/id_dsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
yy...@x.x.x.x's password:
(NOTE WE HAVE A PASSWORD PROMPT)
zOS under USS shell:
debug1: Authentications that can continue: publickey,password.
debug3: start over, passed a different list publickey,password.
debug3: preferred publickey,keyboard-interactive,password.
debug3: authmethod_lookup publickey.
debug3: remaining preferred: keyboard-interactive,password.
debug3: authmethod_is_enabled publickey.
debug1: Next authentication method: publickey.
debug1: Trying private key: /SSHROOT/jivey/.ssh/id_rsa.
debug3: no such identity: /SSHROOT/jivey/.ssh/id_rsa.
debug1: Trying private key: /SSHROOT/jivey/.ssh/id_dsa.
debug3: no such identity: /SSHROOT/jivey/.ssh/id_dsa.
debug2: we did not send a packet, disable method.
debug3: authmethod_lookup password.
debug3: remaining preferred: ,password.
debug3: authmethod_is_enabled password.
debug1: Next authentication method: password.
debug3: packet_send2: adding 64 (len 52 padlen 12 extra_pad 64).
debug2: we sent a password packet, wait for reply.
debug1: Authentications that can continue: publickey,password.
Permission denied, please try again..
debug3: packet_send2: adding 64 (len 52 padlen 12 extra_pad 64).
debug2: we sent a password packet, wait for reply.
debug1: Authentications that can continue: publickey.
debug3: start over, passed a different list publickey.
debug3: preferred publickey,keyboard-interactive,password.
debug3: authmethod_lookup publickey.
debug3: remaining preferred: keyboard-interactive,password.
debug1: No more authentication methods to try..
Permission denied (publickey)..
Connection closed.
NOTE WE DO NOT RECEIVE A PASSWORD PROMPT, yet it appears a password is being
sent, hence no "interactive mode". How do I enter a password on zOS
without it being interactive??
Thanks,
Joel
SC Employment Security Commission
John S. Giltner, Jr.
> Sorry, I should have been more thorough in my first message.
>
> From my linux workstation, I can sftp all day. In zOS, I cannot establish
> an sftp session in what the zOS Ported Tools manual calls "interactive mode"
> under the uss shell. (sftp can not be executed under OMVS, according to the
> error message stating so when that attempt is made.) My question is simply
> how do I enter into this "interactive mode" with sftp (ssh) using the uss
> shell? I need to be prompted for a password under zOS as in Linux.
>
> Note the differences in the debug log between my linux ws and zOS...
>
<--- End Snip ---->
>
> NOTE WE DO NOT RECEIVE A PASSWORD PROMPT, yet it appears a password is being
> sent, hence no "interactive mode". How do I enter a password on zOS
> without it being interactive??
>
>
> Thanks,
> Joel
> SC Employment Security Commission
To verify a couple more things.
When you are using the Linux as the client you are using z/OS as the
sftp server?
When you are using z/OS as the client, you are using z/OS as the sftp
server?
--
John G.
Aaron Walker
have to telnet into OMVS, with a telnet client or ssh client.
Thanks,
Aaron
On Tue, 29 Nov 2005 16:47:17 -0600, Joel Ivey <ji...@SCES.ORG> wrote:
>Sorry, I should have been more thorough in my first message.
>
>From my linux workstation, I can sftp all day. In zOS, I cannot establish
>an sftp session in what the zOS Ported Tools manual calls "interactive
mode"
>under the uss shell. (sftp can not be executed under OMVS, according to
the
>error message stating so when that attempt is made.) My question is simply
>how do I enter into this "interactive mode" with sftp (ssh) using the uss
>shell? I need to be prompted for a password under zOS as in Linux.
----------------------------------------------------------------------