> -----Original Message----- > From: The IBM z/VM Operating System > [mailto:[EMAIL PROTECTED] On Behalf Of Alan Ackerman > Sent: Monday, November 05, 2007 11:13 AM > To: [email protected] > Subject: FTP without a Password > > > I got an email recently (EVERYTHING has been changed to protect the > guilty): > > Subject: Feed replacement > > Attached is the current Data file. > > The file is ftp'd hourly to the following location: > > ftp > open 10.1.10.2 > username: PHONEY123 > password: PHONEY123 > cd PHONEY123.CEA1 > get DATA.FILE > > I recognize the IP address as a VM system, so what this > person has just = > > done is send me the userid and password of a VM userid. That, > of course, = > > is against our information security rules. Before I complain > though, I = > > wish I could offer an alternative. > > 1. We have anonymous FTP turned off, again by information > security rules.= > > Even if we turned it on, this person would not be happy, > since he/she doe= > s > not want to make the data available to everyone. (Although of course > sending the password in email might have that effect.) > > 2. The reason for making it available by FTP is that it needs to be > accessed from outside of VM. (z/OS, Unix, or a PC.) > > 3. The file is very large. They could not send it out via > email; it would= > > be stripped off by our message limit. > > 4. They could put it on a web page. But there are userid and password > requirements there, also. > > What do other shops do to make large VM files available to a limited > audience without sending out a password? (FTP or not.) > > Alan Ackerman = > = > > Alan (dot) Ackerman (at) Bank of America (dot) com >
I use NFS on z/OS. I think that z/VM has NFS capability. I have the remote system (Linux Fedora 6) be the server. The only thing this requires is that the UID and GID on Linux and z/VM have the same value for the person involved. This is not really secure because NFS is not encrypted. But it is easily as secure as ftp (which also generally does not encrypt). Has IBM ported OpenSSH to z/VM? If you want an ASCII transfer, then OpenSSH will work. It doesn't work with binary because IBM had to make ssh on the mainframe translate everything from EBCDIC to ASCII (more likely CP-037 to ISO8859-1). The plus is that this is an encrypted transfer. You can make the ssh passphrase not have a key, so it then works without any prompting for a passphrase. But you do need to keep the "key" in a very secure place for this. Normally, in UNIX, it is kept in ~/.ssh AND that subdirectory must have a MODE of 600 (read/write to owner only, no access to anyone else). I used OpenSSH on z/OS to run scripts on the aforementioned Linux server. -- John McKown Senior Systems Programmer HealthMarkets Keeping the Promise of Affordable Coverage Administrative Services Group Information Technology The information contained in this e-mail message may be privileged and/or confidential. It is for intended addressee(s) only. If you are not the intended recipient, you are hereby notified that any disclosure, reproduction, distribution or other use of this communication is strictly prohibited and could, in certain circumstances, be a criminal offense. If you have received this e-mail in error, please notify the sender by reply and delete this message without copying or disclosing it.
