Secure FTP (FTPS or SFTP)
Hans Rempel, HMR Consultants
I have been reviewing posts and it appears that VSE (IBM or CSI) stack does not support Secure FTP using SSH.
Does that mean if I have a Secure FTP server on the LAN using only SSH protocol that from VSE I cannot connect and FTP files using the PUT method?
Hans
From: owner...@Lehigh.EDU [mailto:owner...@Lehigh.EDU] On Behalf Of McBride, Catherine
Sent: September-13-07 8:04 PM
To: VSE Discussion List
Subject: FTPS
Anybody tried FTPS (NOT SFTP, this is not a type-o) using CSI's stack without the additional SecureFTP add-on? Am of the belief that all we need is SSL to pull it off, but would like to hear it from someone who's actually done it..
Thanks in advance and kind regards,
Cathy McBride
Jeffrey Barnard
SFTP (FTP over an SSH connection) is not supported by z/VSE.
FTPS (FTP over an SSL connection) is supported by z/VSE. Both BSI and CSI
support this type of FTP.
On 11/05/2013 09:23 AM, Hans Rempel, HMR Consultants wrote:
> Does that mean if I have a Secure FTP server on the LAN using only SSH
> protocol that from VSE I cannot connect and FTP files using the PUT method?
not supported by z/VSE.
You might check into the features of your FTP server. Many support implicit
FTPS usually using port 990. Perhaps you can enable this feature.
Regards,
Jeff
_______________________________________________
VSE-L mailing list
VS...@lists.lehigh.edu
https://lists.lehigh.edu/mailman/listinfo/vse-l
Frank M. Ramaekers
for FTPS. (SSL license is insufficient.)
Frank M. Ramaekers Jr.
Hans Rempel, HMR Consultants
Our license is with IBM. I believe SSL is included. Does anyone with IBM
licenses know if the FTPS client is also included in the IBM VSE package.
Hans
Andy Engels
We just added Secure FTP to our long list of stuff. From CSI….
__________________________________
Andy Engels
IS Team Leader - Technical Services
Illinois Municipal Retirement Fund
Oak Brook, IL
630-368-5346
Hans Rempel, HMR Consultants
I have been asked if the “mainframe does active FTPS connections with explicit SSL encryption?”
The big issue here is ACTIVE vs PASSIVE. Using ACTIVE reduces the ports needed to be opened in the firewall.
Does CSI/IBM TCPIP 1.5F support ACTIVE FTP? If so is it the default or do I need to set a parm in my JCL.
I’m currently using the following JCL.
// EXEC FTPBATCH,SIZE=FTPBATCH,PARM='SSL=CLIENT'
SET SSL PRIVATE CRYPTO.KEYRING.TCSSL01 NOCLAUTH ALL
LOPEN
LUSER REMPELH
LPASS xxxx
LAUTH SSL
OPEN gallo.humber.ca
AUTH SSL
PROT P
USER yyyyuser
PASS xxxxxx
DIR
Thanks for your comments.
Hans
From: vse-l-bounces+hans=hmrconsul...@lists.lehigh.edu [mailto:vse-l-bounces+hans=hmrconsul...@lists.lehigh.edu] On Behalf Of Edward M. Martin
Sent: November-05-13 11:35 AM
To: VSE Discussion List
Subject: RE: Secure FTP (FTPS or SFTP)
Hello Everyone,
I have noticed that the Secure FTP world is crazy with labels and is very confusing.
I have attached a doc explaining each type of FTP, FTP/SSL, SFTP, FTPS, etc.
If I remember correctly CSI does have FTP/SSL or FTP over TLS/SSL (same thing).
Please let me know if my attachment helps or needs more information.
From: vse-l-bounces+emartin=aultm...@lists.lehigh.edu [mailto:vse-l-bounces+emartin=aultm...@lists.lehigh.edu] On Behalf Of Andy Engels
Sent: Tuesday, November 05, 2013 11:05 AM
To: vs...@lehigh.edu; VSE Discussion List
Edward M. Martin
Hello Hans,
I am not sure if PASSIVE or ACTIVE plays in the SSL world.
From the CSI Optional Features manual, you define the ports that you are going to use.
An implicit SSL client uses a port number of 990. An
explicit SSL client uses other port numbers. An implicit
client is more secure because the SSL handshake occurs
just after the connection is opened, before any messages
are exchanged. With explicit clients, the SSL handshake
does not occur until the AUTH SSL command is received.