But is there any way to resolve this issue without any third party product.
On Jan 31, 2017 3:33 PM, "Carlos Bodra - Pessoal" <[email protected]> wrote: > Check MDI product at luminex.com for fast and secure SFTP or FTP > > Carlos Bodra > IBM System Certified System z > São Paulo - Brazil > > -----Mensagem original----- > De: IBM Mainframe Discussion List [mailto:[email protected]] Em > nome de venkat kulkarni > Enviada em: domingo, 29 de janeiro de 2017 14:38 > Para: [email protected] > Assunto: SFTP on z/OS > > Hello Group, > > > > We tested SFTP on our test z/OS system to Test AIX box and we are able to > transfer data between these host. But now, I am trying in production system > with below detail. > > > > 1) Our aim is to convert all our FTP jobs into SFTP. > > 2) We are using $universe as scheduler for submitting these FTP jobs on > time to time. > > 3) We using user called "STCSYS" all these jobs. > > 4) But in FTP jobs, for every other host ( Ex AIX1, AIX2,AIX3 etc) we are > using different user id password to login to target host and then start FTP > process. > > 5) But in SFTP, it create TSO env using IKJEFT01 program and then run SFTP > commands to transfer files between systems. > > > > Example of SFTP Job, we using > > > > > > //SFTPSFT JOB (7330),MSGCLASS=X,MSGLEVEL=(1,1),CLASS=P, > > // NOTIFY=&SYSUID > > //STEP1 EXEC PGM=IKJEFT01,REGION=0M > > //SYSEXEC DD DISP=SHR,DSN=SYS1.SBPXEXEC > > //SYSTSIN DD DSN=SFTPSFT.TEST.JCL(FTPTST1),DISP=SHR > > //OUTPUT DD SYSOUT=* > > //SYSTSPRT DD SYSOUT=* > > /* > > > > EDIT SFTPSFT.TEST.JCL(FTPTST1) - 01.02 > > Command ===> > > ****** ***************************** Top of Data **** > > 000800 OPUT 'SFTPSFT.SFTP.TEST(SFTP1)' '/u/SFTPSFT/vp12' > > 000900 OSHELL { echo 'lcd /u/stcsys' ; + > > 001000 echo 'ascii'; + > > 001100 echo 'cd /home/ftp4rpt/'; + > > 001200 echo 'mput test.txt'; } | + > > 001300 sftp -v [email protected] > > 001400 /* > > > > > > So, now I have stcsys user id created on mainframe with all > > > > # cd .ssh > > # ls -al > > total 96 > > drwx------ 2 MEAS OMVSGRP 8192 Jan 24 08:23 . > > drwxr-xr-x 3 MEAS OMVSGRP 8192 Jan 24 08:22 .. > > -rw------- 1 MEAS OMVSGRP 791 Jan 24 08:36 authorized_keys > > -rw------- 1 MEAS OMVSGRP 1675 Jan 24 08:23 id_rsa > > -rw-r--r-- 1 MEAS OMVSGRP 396 Jan 24 08:25 id_rsa.pub > > -rw-r--r-- 1 MEAS OMVSGRP 697 Jan 29 10:26 known_hosts > > # pwd > > /u/stcsys/.ssh > > > > > and in AIX1 side, I have ftprpt user defined and > > > > $ cd /home/ftprpt /.ssh > > $ ls -al > > total 48 > > drwx------ 2 ftprpt staff 256 Jan 13 15:37 . > > drwxr-xr-x 3 ftprpt staff 4096 Jan 15 12:15 .. > > -rw-r--r-- 1 ftprpt staff 791 Jan 15 12:12 authorized_keys > > -rw-r--r-- 1 ftprpt staff 395 Jan 13 15:37 > authorized_keys.old > > -rw------- 1 ftprpt staff 1675 Dec 11 14:25 id_rsa > > -rw-r--r-- 1 ftprpt staff 394 Dec 11 14:25 id_rsa.pub > > -rw-r--r-- 1 ftprpt staff 352 Jan 15 10:31 known_hosts > > $ > > > > > > > > and we exchanged rsa.pub key in authorized_keys file and exchanged > ECDSA.pub key in known_hosts file but while running Job, I am getting > below issue. > > > > OpenSSH_6.4, OpenSSL 1.0.1c 10 May 2012 > > > debug1: Reading configuration data /etc/ssh/ssh_config > > > debug1: Reading configuration data /etc/ssh/zos_ssh_config > > > debug1: zsshSmfSetConnSmfStatus: SMF status is 0 > > > debug1: Connecting to 10.22.22.220 Ý10.22.22.220¨ port 22. > > > debug1: Connection established. > > > debug1: cipher_init: none from source OpenSSL > > > debug1: cipher_init: none from source OpenSSL > > > debug1: permanently_set_uid: 0/1000 > > > debug1: identity file /u/stcsys/.ssh/id_rsa type 1 > > > debug1: identity file /u/stcsys/.ssh/id_rsa-cert type -1 > > > debug1: Enabling compatibility mode for protocol 2.0 > > > debug1: Local version string SSH-2.0-OpenSSH_6.4 > > > debug1: Remote protocol version 2.0, remote software version OpenSSH_6.0 > > > debug1: match: OpenSSH_6.0 pat OpenSSH* > > > FOTS1061 key_read: uudecode AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbm > lzdHAyNTYAAAB > > failed > > > debug1: SSH2_MSG_KEXINIT sent > > > debug1: SSH2_MSG_KEXINIT received > > > debug1: mac_setup_by_alg: hmac-sha1 from source OpenSSL > > > debug1: kex: server->client aes128-ctr hmac-sha1 none > > > debug1: mac_setup_by_alg: hmac-sha1 from source OpenSSL > > > debug1: kex: client->server aes128-ctr hmac-sha1 none > > > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<2048<8192) sent > > > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP > > > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent > > > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY > > > debug1: Server host key: RSA ce:14:d1:2f:b2:d1:7c:83:12:9a: > 16:1e:31:9d:b6:b7 > > > FOTS1061 key_read: uudecode AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbm > lzdHAyNTYAAAB > > failed > > > debug1: read_passphrase: can't open /dev/tty: EDC5128I No such device. > (errno2=0 > > FOTS1370 Host key verification failed. > > > debug1: zsshSmfSetConnSmfStatus: SMF status is 0 > > > FOTS0841 Connection closed > > > > > > Can you please help, if I am not following correct way on this new setup > or I should be using same userid on both mainframe and aix side for > exchanging keys with password less. > > > > Thanks in advance. > > > > Thanks & Regards > > Venkat > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send email > to [email protected] with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
