Batch SFTP without client keys or USS files?

Thu, 15 Oct 2020 17:37:24 -0700 

Is it possible to code a proc that would invoke SFTP to transfer a file to or 
from a non-z/OS ftp server using only that server's public key and a 
userid/password combination like you would use for FTP or FTPS?

I need to distribute this outside our company, so using CO:Z isn't an option.  
Adding keys to the server for the clients is not either.  And modifying USS 
files like /etc/ssh/config or even ~/.ssh/anything is probably also off limits. 
 I might be able to get away with stashing something in /tmp, but even that 
might be a problem. I can (since I have to) assume z/OS 2.2 or later for 
OpenSSH availability. 

I was able to do this for FTPS by distributing the FTP server's public key as a 
.PEM file & installing it into RACF, then adding it to a keyring.  But so far 
with SFTP, I'm stumped.  Has anyone tried this?

TIA, 
Wendell

fwiw, here is the FTPS proc:

//*-------------------------------------------------------------------
//* TERSE a file & FTP it
//*-------------------------------------------------------------------
//FTPSTRS  PROC ZOSFILE=,
//             FTPFILE=,
//             OUTCLS=*,
//             TMPHLQ=&SYSUID,
//             TRSDISP=(NEW,PASS),
//             KEYOWNR=TCPIP,
//             KEYRING=FTPS.KEYRING
//*
//EXP   EXPORT SYMLIST=*
//      SET    FTPFID=&FTPFILE
//      SET    FTPOWN=&KEYOWNR
//      SET    FTPKEY=&KEYRING
//*
//*-------------------------------------------------------------------
//TERSE    EXEC PGM=TRSMAIN,PARM=PACK
//SYSPRINT  DD SYSOUT=&OUTCLS
//INFILE       DD DISP=SHR,DSN=&ZOSFILE
//OUTFILE    DD DSN=&TMPHLQ..TEMP.TRS,
//             DISP=(&TRSDISP.),
//             RECFM=FB,BLKSIZE=0,LRECL=1024,
//             LIKE=&ZOSFILE
//*-------------------------------------------------------------------
//FTPS     EXEC PGM=FTP,REGION=4M,COND=(0,LT),
// PARM=('ENVAR("_CEE_ENVFILE_S=DD:STDENV")/ftp.server.com 21 -e')
//STDENV   DD *
GSK_PROTOCOL_TLSV1_2=ON
//SYSFTPD  DD *,SYMBOLS=(JCLONLY)
CLIENTERRCODES       EXTENDED
EPSV4                        TRUE
EXTENSIONS              AUTH_TLS
FWFRIENDLY              TRUE
KEYRING                    &FTPOWN/&FTPRING
PASSIVEIGNOREADDR TRUE
SECUREIMPLICITZOS   FALSE
SECURE_FTP               REQUIRED
SECURE_MECHANISM  TLS
SECURE_DATACONN    PRIVATE
SECURE_CTRLCONN    PRIVATE
SECURE_HOSTNAME   REQUIRED
TLSMECHANISM          FTP
TLSRFCLEVEL             RFC4217
//* TRACE
//TRSFILE   DD DISP=SHR,DSN=*.TERSE.OUTFILE
//OUTPUT   DD SYSOUT=&OUTCLS
//INPUT      DD *,SYMBOLS=(JCLONLY)
ftpuser
ftppwd
sendsite
cd /somedir
BINARY
PUT //DD:TRSFILE &FTPFID
QUIT
//*
// PEND

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN

Reply via email to