On Friday, 07/23/2010 at 04:41 EDT, Edward M Martin <[email protected]> wrote: > Ok I need some comments and guidance. FTP using the SSH is not what we want, I > believe.
That is called "sftp" and is what the IBM Ported Tools gives you. > We want FTP/SSL or FTPS (implicit SSL). Which from my earlier question about > FTP and TCP/IP on z/OS is not in the BASE TCP/IP suite. z/OS *does* include FTP/SSL (via System SSL) and FTPS (via AT-TLS). There may be other FMIDs that have to be installed. I'm not an MVS guru. > Alan this statement would this be the part of the IBM PORTED Tools that you > are talking about (see below). > > If it is then, That would SFTP and not the FTP/SSL (FTPS) that we require. >> TCP/IP is part of z/OS Communications Server (nee VTAM). It is not a part of >> the base z/OS. It is a charge feature of z/OS. "sftp" is available for z/OS, >> but must be ordered. It is part of the OpenSSH port ( 5655-M23). It is free. >> This version of sftp only support z/OS UNIX files. I don't worry too much about the fact that you can "snap out" things like RACF and TCP/IP. You really need to talk to your in-house z/OS folks to know what they have/haven't ordered/installed. > ?. SFTP, for our purposes here at <name removed> , is for Implicit SSL > connections. FTPS, is for SSH connections which we don?t accept at all in > fact. ? Feel free to correct them. SFTP has only one meaning: file transfer using an ssh tunnel. FTPS can be either RFC 4217 (dynamic) or implicit SSL (a la https). Some ftps clients are smart enough to connect in clear-text and find out if the server supports RFC 4217 and, if not, disconnect and reconnect with implicit SSL. But given that a lot of people don't believe or know that FTP is secure (they live in the distant past), they feel free to use sftp and ftps and 'secure ftp' interchangeably. I even saw a web browser incorrectly process an ftp:// URL, using "binary" transfers for text data, on the bogus assumption that they are the same. Morons. Alan Altmark z/VM Development IBM Endicott
