Hal, IBM's Ported Tools for z/OS (OpenSSH) is fully supported by the IBM support center. There was an old (unsupported) "tools and toys" version, which is no longer available. I'm not sure what you mean by "openware".
IBM's port of OpenSSH, as you point out, does not include support for MVS datasets or PKI certificates. A commercial (non-free) product from SSH Communications is available for z/OS that does support both of these features. (PKI certificate support, however is not part of the ssh RFC, and as such is not supported by most implementations). Also, it is easy to confuse "ssh" with "sftp", since they are both included in OpenSSH. sftp is a program that uses ssh connections to do file transfer. We offer a free product - Co:Z which uses ssh connections to do file transfer and cooperative processing between z/OS and distributed systems. It *does* support MVS datasets. FTP with TLS has its own set of problems - mostly related to headaches for firewalls and NAT routers, since FTP uses multiple socket connections. SSH is much cleaner in this respect, which is one reason why it is so popular. It is also possible to use SSH connections as secure tunnels for FTP transfers, but this requires that the SSH implementation supports SOCKS proxies. IBM's current port of OpenSSH doesn't do this, but SSH Communication's version does. I agree with your overall sentiment that IBM's z/OS OpenSSH port needs improvement. IBM has several requirements open - everyone who feels similarly should file interest in these through the support center and (continue to) lobby at SHARE. Regards, Kirk Wolf Dovetailed Technologies http://dovetail.com On Wed, Jun 18, 2008 at 9:36 AM, Hal Merritt <[EMAIL PROTECTED]> wrote: > Hi Mary, and welcome to the gottahaveitnow club :-) > > You have two main paths to take: SSH (secure shell) or TLS (transport > layer security). > > TLS is a superset/replacement of SSL (secure sockets). > > Each has advantages/disadvantages. SSH is very popular with the *nix, > tinkertoy, and audit crowds, but a huge PITA for the Big Iron. SSH, for > example, can only send/receive HFS/zFS files. That means you have to > copy to/from your ZFS/HFS file system to real world. And ZFS/HFS files > systems tend to be LPAR specific (not shared). Worse, SSH sessions use > ZFS/HFS files, which tends to constrain to a single LPAR. SSH does not > come with z/os, but is 'openware' downloadable from IBM. > > TLS proper is nearly trivial to set up and use, but certificate > administration is a large can of nasty worms with bad attitudes and hard > to treat diseases :-) Worse, TLS is free on z/os, but often requires > expensive software on the remote hosts. > > I personally like TLS because the same base mechanisms apply to all of > web stuff, FTP, and telnet (TN3270). More, certificated based strategies > appear to be a 'best practice'. But I like the minimal administration of > SSH. > > We are driven by customer requests/demands, so we use both. > > HTH > > > > > > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On > Behalf Of Yukus, Mary J CIV USMEPCOM > Sent: Wednesday, June 18, 2008 8:37 AM > To: [email protected] > Subject: sFTP from/to z/OS > > Hi Everyone, > We have the need to start using sFTP on z/OS (via OMVS?) with a very > short > deadline (it always seems to work that way :-) ). We have had FTP > working > for years. Can anyone give me some direction/advice/good books on how > to get > s/FTP working? I'm not the one that configured the FTP, just inherited > it. > Thanks, > Mary :-) > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO > Search the archives at http://bama.ua.edu/archives/ibm-main.html > > NOTICE: This electronic mail message and any files transmitted with it are > intended > exclusively for the individual or entity to which it is addressed. The > message, > together with any attachment, may contain confidential and/or privileged > information. > Any unauthorized review, use, printing, saving, copying, disclosure or > distribution > is strictly prohibited. If you have received this message in error, please > immediately advise the sender by reply email and delete all copies. > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO > Search the archives at http://bama.ua.edu/archives/ibm-main.html > > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
