W;ere going thru the same process right now with Sftp, we found out we needed ICSF up, we don';t have any crypto express hardware, but do have CPAF enabled
----- Original Message ----- From: "Mark Jacobs - Listserv" <[email protected]> To: [email protected] Sent: Saturday, February 4, 2017 3:21:16 PM Subject: Re: SFTP on z/OS If you don't have CryptoExpress processors, but do have CPAF enabled on your processor/LPAR, you still might need ICSF active. I don't know off hand if ssh will directly use the CPAF facilities without ICSF being available. Mark Jacobs > scott Ford <mailto:[email protected]> > February 4, 2017 at 4:15 PM > Guys: > > I have a SSH question, we dont have a ICSF , do i need one to do SSH ? We > want to do scp from Windows to > z/OS . I want stepping thru the ICSF stc doc and read about 'head > 'dev/random' and its not working returning an error > > Scott > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > > > Please be alert for any emails that may ask you for login information > or directs you to login via a link. If you believe this message is a > phish or aren't sure whether this message is trustworthy, please send > the original message as an attachment to '[email protected]'. > > Kirk Wolf <mailto:[email protected]> > February 3, 2017 at 8:58 AM > Standard SSH/SFTP doesn't support X.509 certificate's for authentication, > so I don't understand your reference to a CA. > > (z/OS OpenSSH does allow you to put SSH public and private keys in a Key > Ring Certificate, but only the keys are used; the certificate and its > signature are irrelevant.) > > Kirk Wolf > Dovetailed Technologies > http://dovetail.com > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > > > Please be alert for any emails that may ask you for login information > or directs you to login via a link. If you believe this message is a > phish or aren't sure whether this message is trustworthy, please send > the original message as an attachment to '[email protected]'. > > Jantje. <mailto:[email protected]> > February 3, 2017 at 6:48 AM > > The issue I have with that is one of trust: In the end, I just have to > trust whatever the Root Certification Authority is. Or actually, I > have to trust Microsoft to have correctly verified the identity of > that RCA and the integrity of the certificate they present, because it > is MS that installed that certificate in my browser. (s/MS/Google/g > for Chrome...) > > Cheers, > > Jantje. > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > > > Please be alert for any emails that may ask you for login information > or directs you to login via a link. If you believe this message is a > phish or aren't sure whether this message is trustworthy, please send > the original message as an attachment to '[email protected]'. > -- Mark Jacobs Time Customer Service Global Technology Services The standard you walk past is the standard you accept. Lt. Gen. David Morrison ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
