On Thu, 24 Apr 2008 00:08:36 -0400, Alan Altmark <[EMAIL PROTECTED]
>
wrote:
>There is an inherent architectural problem with an ssh *server* on VM: T
he
>IP connection does not terminate in your virtual machine. When you logi
n
>to a system with ssh, you are expected to have logged into your own
>account (a la telnet), not have a proxy login (a la ftp). Your profile
>runs, your disks are set up. An scp command would have as its local
>context, all the files you have accessed (or have access to) in your
>virtual machine.
>
>If ssh were just an alternate way to transfer files, that wouldn't be a
>big deal since the ftp server has to deal with the same issues. But it
>isn't. It's a network connection has an endpoint in your virtual machin
e
>that scp, sftp, other ssh services (e.g. interactive console/keyboard) c
an
>use.
>
>In previous discussions here, there was a feeling that an ssh *client* i
n
>CMS was more important than having the ability to ssh *into* the system.
>The client is technically doable, and I await the day that z/OS has one
>that is not dependent on openSSH.
>
>Alan Altmark
>z/VM Development
>IBM Endicott
>========================
=========================
========================
Why is this "an inherent architectural problem"? Is the problem that VM
doesn't allow multiple logons to the same virtual machine, while Unux doe
s?
I don't understand why the Unix/Linux world prefers SFTP to FTPS, but it
does, and in this shop that preference is encoded into Information
Security rules. The user who enquired is getting dinged because a piece o
f
software is running around looking for violations, and he is in violation
,
since he is using only FTP. FTPS is not an approved option, SFTP is.
The user's only solution is to stop using z/VM.
I'm not sure I want to do battle with Information Security. Should I?
I cannot defend IBM's failure to support SFTP or SSH. I don't even
understand it.
Alan Ackerman
Alan (dot) Ackerman (at) Bank of America (dot) com
