IMO, do not even bother. Petition the powers that be to allow you to install
the Co:Z series of products. They have a zero cost option. Persuing this option
gives you all the functionality, just no support. A support contract is
available, if you want it. In over 3 years of using it, I've never had a
problem. You can download them starting at this web site:
http://dovetail.com/solutions.html . At the very least, get Co:Z Batch and Co:Z
launcher. To make it really simple, get Co:Z Data Set Pipes as well. This
latter does require installing some programs on the UNIX system.
The z/OS programs DO NOT require APF authorization or any special RACF
authority. They are simply batch programs. The UNIX programs do not need to run
setuid or setgid. Again, they run with no special authorization. Just put them
somewhere on you normal ${PATH}. If, like me, you have your own ~/bin set up
via your ~/.bashrc to be on the PATH, then you can install the Co:Z programs in
it. Or you could even load the Co:Z programs in ~/coz and then in the "in
stream" commands sent to your UNIX system, put ~/coz on the PATH. Example below.
Co:Z launcher, possibly with Co:Z Data Set Pipes, seems to be exactly what you
want. What is does is establish an SSH connection to the remote UNIX system. It
then sends the commands in DD STDIN to the remote UNIX system to be executed.
The UNIX "stdout" and "stderr" come back to the z/OS job for printing on STDOUT
and STDERR respectively.
Oh, I forgot to mention that use of the UNIX commands to transfer files does
require one change to z/OS UNIX sshd_config configuration file. It requires a
single line similar to "subsystem dspipes /usr/local/coz/bin/dspipes".
And remember! THIS COST YOU NOTHING TO USE! You don't even need to "register"
your name or any other information with Dovetailed Technologies. Just go to the
web site and download the software. They have a presence here and on MVS-OE.
Kirk is very good about answering questions. They also have a free to use Web
based forum to ask questions and get answers too.
//PROCLIB JCLLIB ORDER=coz.samplib
//XFER EXEC PROC=COZPROC,ARG='user@unix'
//STDIN DD *
# example commands run on "unix" as "user"
uname -a
ls -laR
scp unix.file user@unix:zos.file #translated to EBCDIC
# if you have the Co:Z UNIX program in ~/coz
export PATH=${PATH}:~/coz
# send file to z/OS data set, allocated to job
# using DD OUT1
todsn unix.file "//DD:OUT1"
/*
//OUT1 DD DISP=(NEW,CATLG),
// DSN=hlq.UNIX.FILE,
// LRECL=?,RECFM=?,DSORG=PS,
// SPACE=(CYL,(20,10),RLSE)
// UNIT=SYSDA VOL=SER=??????
//
Also, if you use a shell prompt on your non-z/OS UNIX system, you can do file
transfers with the UNIX based commands. I do this with Linux. On Linux, I have
~/.ssh/config set up with:
host *
controlmaster auth
controlpath /home/myid/.ssh/ssh-%r@%h:%p
controlpersist yes
host zos1
User myRACF
IdentityFile /home/myid/.ssh/id_rsa.zos1
The z/OS system has id_rsa.zos1.pub contents placed into the authorized_keys
file. I also have a symlink name authorized_keys2 to authorized_keys.
Now, on your non-z/OS UNIX shell, you can ssh into z/OS
ssh -Y zos1
# reply the proper passphrase
exit #terminate z/OS shell
# return to non-z/OS UNIX shell
#
# Note that "controlpersist yes" means that the SSH connection to zos1
# is still active!
# get a copy of SYS1.MACLIB(READ), for instance:
fromdsn -ssh myRACF@zos1 "//'sys1.maclib(read)'" >sys1.maclib_read.txt
# Due to the controlpersist yes, you aren't prompted for you passphrase
#
# terminate SSH tunnel to zos1
ssh -O exit zos1
--
John McKown
Systems Engineer IV
IT
Administrative Services Group
HealthMarkets(r)
9151 Boulevard 26 * N. Richland Hills * TX 76010
(817) 255-3225 phone *
[email protected] * www.HealthMarkets.com
Confidentiality Notice: This e-mail message may contain confidential or
proprietary information. If you are not the intended recipient, please contact
the sender by reply e-mail and destroy all copies of the original message.
HealthMarkets(r) is the brand name for products underwritten and issued by the
insurance subsidiaries of HealthMarkets, Inc. -The Chesapeake Life Insurance
Company(r), Mid-West National Life Insurance Company of TennesseeSM and The
MEGA Life and Health Insurance Company.SM
> -----Original Message-----
> From: IBM Mainframe Discussion List
> [mailto:[email protected]] On Behalf Of Uriel Carrasquilla
> Sent: Wednesday, July 25, 2012 5:12 PM
> To: [email protected]
> Subject: Re: Using SSH or SCP in REXX under TSO
>
> I need to copy files from zOS 1.11 to a Unix machine on a
> regular basis (not to USS or Linux under zVM).
> I came across a sample REXX under the IBM web site to execute
> USS shell commands (not a JCL solution but Rexx).
> The /bin directory has ssh and scp.
> I set up the id_rsa.pub so I can now ssh into my zOS/USS and
> from there I can "scp" files to my Unix machine.
> Once I ssh into zOS/USS, I can also ssh from zOS/USS to the
> same Unix machine with the id_rsa.pub set up.
> The above ssh and scp can be accomplished without a password
> because of the id_rsa.pub that was set up on remote Unix machine.
> Known hosts was properly set up the first time I went from
> zOS to Unix machine.
> But my task is not to sign on from remote machine via SSH to
> zOS/USS.
> My work needs to be originated from zOS and in some cases from TSO.
> The problem is that when I try to use my REXX from TSO, I
> cannot scp or ssh into my remote Unix machine.
> (yes, the one that when I used ssh to get to zOS/USS, I can
> go from there to my Unix machine - I hope I am not confusing
> everybody here).
> The REXX is using "BPXBATSL PGM /bin/scp uss-file [email protected]:/tmp"
> I tried "BPXBATSL PGM /bin/ssh [email protected] 'ls" to no avail.
> I keep on getting a return code of 2 without anything in
> STDOUT or STDERR.
>
> Does anybody have a sample REXX that can be shared to either
> scp or ssh to remote Unix from TSO?
> I have seen JCL to that effect using BPXBATCH but I have not
> tried it since I need the REXX.
>
> ps/ I am able to get "BPXBATSL PGM /bin/ls" to work by going
> to USS and pulling the "ls" listing.
> ----------------------------------------------------------------------
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to [email protected] with the message: INFO IBM-MAIN
>
>
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
