Re: Passing user/pw in to BPXBATCH SFTP

2021-10-11 Thread Paul Gilmartin 
On Mon, 11 Oct 2021 02:57:56 -0500, Jantje.  wrote:

>Co:ZBatch, Co:Z sftp and passwordless authentication (using ssh keys) have 
>done it very well for me.
>
Up to a point.  I once chatted with our sysprog.  We intended to
exchange data with another organization.  The protocol verifieduser IDs.
They insisted on lower case IDs; z/OS UNIX on upper case.  Neither
side would budge.  USERIDALIASTABLE might have provided a
solution.  Instead,  the project was abandoned.

(Why USERIDALIASTABLE rather than just a RACF OMVS entry?)

-- gil

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Passing user/pw in to BPXBATCH SFTP

2021-10-11 Thread Jantje. 
Co:ZBatch, Co:Z sftp and passwordless authentication (using ssh keys) have done 
it very well for me.

Cheers,

Jantje.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Passing user/pw in to BPXBATCH SFTP

2021-10-09 Thread Paul Gilmartin 
On Sat, 9 Oct 2021 20:31:05 -0400, Billy Ashton wrote:

>Well, when you are working in JCL, the line is 72/80 bytes for most 
>
JES2 abolished that restriction for SYSIN data sets circa z/OS 1.6;
JES32 far earlier.  I've found it liberating to be able to use longer
SYSIN lines.

>libraries. So then the question is, how do you continue the command to a
>second or third line in these standard JCL libraries?
>Billy
>>> What Line limit are you dealing with?  72 or larger?
>>>
>> With BPXBATCH STDPARM, the limit is not 72, nor 100, but 32767.

-- gil

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Passing user/pw in to BPXBATCH SFTP

2021-10-09 Thread Billy Ashton 
Well, when you are working in JCL, the line is 72/80 bytes for most 
libraries. So then the question is, how do you continue the command to a 
second or third line in these standard JCL libraries?

Billy

What Line limit are you dealing with?  72 or larger?


With BPXBATCH STDPARM, the limit is not 72, nor 100, but 32767.

-- gil

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN



--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Passing user/pw in to BPXBATCH SFTP

2021-10-09 Thread Amr@Systemz 
 This is probably not going answer your question. Linux Windows admin prefer to 
turn off password authentication on SSHD. Using shared keys would be a 
preferred approach. Afaik till openssh 7.6 password authentication was not 
allowed on Z/OS but I could be wrong or things could have changed. You can 
modify the source and rebuild if required. 
 On Friday, October 8, 2021, 01:19:40 PM PDT, Billy Ashton 
 wrote:  
 
 Hi all! I see we have been talking some about FTPS, so now I want to 
spin the letters around for SFTP with an easy question-I hope!

Does anyone have a batch job/JCL that they use for SFTP that hides a 
user/password? I have looked for some hours at Google, and everything I 
see has the user and password in clear text. I am looking for something 
like the NETRC file, or some other method you folks use for running SFTP 
in BPXBATCH.

Also, I could be running up against the line limit for a single line 
SFTP command with my different options (I am specifying particular 
ciphers), and wonder if there is a way to make SFTP a multi-line command.

Thanks for all your help!
Billy

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Passing user/pw in to BPXBATCH SFTP

2021-10-08 Thread David Crayford 
That's a really bad idea! Just use "ssh-keygen" to create an SSH key. 
You can use "ssh-copy-id" to copy your SSH key to the target system you 
want to connect to.


On 9/10/2021 4:19 am, Billy Ashton wrote:
Hi all! I see we have been talking some about FTPS, so now I want to 
spin the letters around for SFTP with an easy question-I hope!


Does anyone have a batch job/JCL that they use for SFTP that hides a 
user/password? I have looked for some hours at Google, and everything 
I see has the user and password in clear text. I am looking for 
something like the NETRC file, or some other method you folks use for 
running SFTP in BPXBATCH.


Also, I could be running up against the line limit for a single line 
SFTP command with my different options (I am specifying particular 
ciphers), and wonder if there is a way to make SFTP a multi-line command.


Thanks for all your help!
Billy

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Passing user/pw in to BPXBATCH SFTP

2021-10-08 Thread Michael Oujesky 

Must be quite a set of parameters to bust 32K,

At 05:15 PM 10/8/2021, Paul Gilmartin wrote:


On Fri, 8 Oct 2021 16:19:56 -0500, Michael Oujesky wrote:

>If I recollect correctly, we had both the userid and password in an
>encrypted file that duirng the file transfer job was decrypted to a
>VIO dataset that was used as the input to the data transfer facility.
>
How did you keep the key to decrypt?  I supose ICSF would do.
Is it in storage momentarily in the clear?

>What Line limit are you dealing with?  72 or larger?
>
With BPXBATCH STDPARM, the limit is not 72, nor 100, but 32767.

-- gil

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Passing user/pw in to BPXBATCH SFTP

2021-10-08 Thread Paul Gilmartin 
On Fri, 8 Oct 2021 16:19:56 -0500, Michael Oujesky wrote:

>If I recollect correctly, we had both the userid and password in an
>encrypted file that duirng the file transfer job was decrypted to a
>VIO dataset that was used as the input to the data transfer facility.
> 
How did you keep the key to decrypt?  I supose ICSF would do.
Is it in storage momentarily in the clear?

>What Line limit are you dealing with?  72 or larger?
> 
With BPXBATCH STDPARM, the limit is not 72, nor 100, but 32767.

-- gil

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Passing user/pw in to BPXBATCH SFTP

2021-10-08 Thread Allan Staller 
Classification: Confidential

There are a number of hacks that obscure the password in SFTP batch.
The easiest and best method I have come across are public/private keypairs

The keypairs may be stored in your ESM, or in the Unix File System.
I heartily recommend CoZ:SFTP Toolkit (WWW.DOVETAIL.COM) . Free to use, $$$ for 
support.

The major enhancement over IBM "vanilla" SFTP is support for z/OS datasets. 
"Vanilla SFTP" from IBM does not do this.

There is far more to be discussed, if you decide t o go down this road,

HTH,

-Original Message-
From: IBM Mainframe Discussion List  On Behalf Of 
Billy Ashton
Sent: Friday, October 8, 2021 3:19 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Passing user/pw in to BPXBATCH SFTP

[CAUTION: This Email is from outside the Organization. Unless you trust the 
sender, Don’t click links or open attachments as it may be a Phishing email, 
which can steal your Information and compromise your Computer.]

Hi all! I see we have been talking some about FTPS, so now I want to spin the 
letters around for SFTP with an easy question-I hope!

Does anyone have a batch job/JCL that they use for SFTP that hides a 
user/password? I have looked for some hours at Google, and everything I see has 
the user and password in clear text. I am looking for something like the NETRC 
file, or some other method you folks use for running SFTP in BPXBATCH.

Also, I could be running up against the line limit for a single line SFTP 
command with my different options (I am specifying particular ciphers), and 
wonder if there is a way to make SFTP a multi-line command.

Thanks for all your help!
Billy

--
For IBM-MAIN subscribe / signoff / archive access instructions, send email to 
lists...@listserv.ua.edu with the message: INFO IBM-MAIN
::DISCLAIMER::

The contents of this e-mail and any attachment(s) are confidential and intended 
for the named recipient(s) only. E-mail transmission is not guaranteed to be 
secure or error-free as information could be intercepted, corrupted, lost, 
destroyed, arrive late or incomplete, or may contain viruses in transmission. 
The e mail and its contents (with or without referred errors) shall therefore 
not attach any liability on the originator or HCL or its affiliates. Views or 
opinions, if any, presented in this email are solely those of the author and 
may not necessarily reflect the views or opinions of HCL or its affiliates. Any 
form of reproduction, dissemination, copying, disclosure, modification, 
distribution and / or publication of this message without the prior written 
consent of authorized representative of HCL is strictly prohibited. If you have 
received this email in error please delete it and notify the sender 
immediately. Before opening any email and/or attachments, please check them for 
viruses and other defects.


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Passing user/pw in to BPXBATCH SFTP

2021-10-08 Thread Michael Oujesky 
If I recollect correctly, we had both the userid and password in an 
encrypted file that duirng the file transfer job was decrypted to a 
VIO dataset that was used as the input to the data transfer facility.


What Line limit are you dealing with?  72 or larger?

At 03:19 PM 10/8/2021, Billy Ashton wrote:

Content-Transfer-Encoding: 7bit

Hi all! I see we have been talking some about FTPS, so now I want to 
spin the letters around for SFTP with an easy question-I hope!


Does anyone have a batch job/JCL that they use for SFTP that hides a 
user/password? I have looked for some hours at Google, and 
everything I see has the user and password in clear text. I am 
looking for something like the NETRC file, or some other method you 
folks use for running SFTP in BPXBATCH.


Also, I could be running up against the line limit for a single line 
SFTP command with my different options (I am specifying particular 
ciphers), and wonder if there is a way to make SFTP a multi-line command.


Thanks for all your help!
Billy

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: Passing user/pw in to BPXBATCH SFTP

2021-10-08 Thread Paul Gilmartin 
On Fri, 8 Oct 2021 16:19:29 -0400, Billy Ashton wrote:
>
>Does anyone have a batch job/JCL that they use for SFTP that hides a
>user/password? I have looked for some hours at Google, and everything I
>see has the user and password in clear text. I am looking for something
>like the NETRC file, or some other method you folks use for running SFTP
>in BPXBATCH.
> 


>Also, I could be running up against the line limit for a single line
>SFTP  ...

What's the "line limit"?

-- gil

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Passing user/pw in to BPXBATCH SFTP

2021-10-08 Thread Billy Ashton 
Hi all! I see we have been talking some about FTPS, so now I want to 
spin the letters around for SFTP with an easy question-I hope!


Does anyone have a batch job/JCL that they use for SFTP that hides a 
user/password? I have looked for some hours at Google, and everything I 
see has the user and password in clear text. I am looking for something 
like the NETRC file, or some other method you folks use for running SFTP 
in BPXBATCH.


Also, I could be running up against the line limit for a single line 
SFTP command with my different options (I am specifying particular 
ciphers), and wonder if there is a way to make SFTP a multi-line command.


Thanks for all your help!
Billy

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN