On Sat, 2012-04-14 at 00:54 +, Gibney, Dave wrote:
-Original Message-
snip
And, I've always found FTPS (granted no client identification certs yet)
easier.
None of that USS , sometimes called OMVS, perhaps properly called z/OS Unix
System Services, involved :)
Actually, I
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On
Behalf Of John McKown
Sent: Saturday, April 14, 2012 1:16 PM
To: IBM-MAIN@bama.ua.edu
Subject: Re: Secure FTP (Was: z/OS every two years)
On Sat, 2012-04-14 at 00:54 +, Gibney, Dave wrote
. Nothing detailed... just curious.
We have customers that insist on 'secure' FTP for sending dumps, downloading
files, etc. We set up an SFTP server on our public Internet site and that seems
to have satisfied all requirements thus far. We don't currently support FTPS
with x.509 certificates
-Original Message-
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@bama.ua.edu] On
Behalf Of Edward Jaffe
Sent: Friday, April 13, 2012 5:23 PM
To: IBM-MAIN@bama.ua.edu
Subject: Secure FTP (Was: z/OS every two years)
On 4/13/2012 5:04 PM, Art Gutowski wrote:
I see. Anyone
This came across my inbox. Since there has been some discussion on Secure FTP
I thought I would pass it along.
Dino-Software » NEWS EVENTS » Webinars »
Educational Webinars
How to Secure Mainframe FTP
Hal Merritt wrote:
We are trying to set up a TLS FTP with a customer with us as client. The
customer's software vendor seems to be baffled.
Any Windows based TLS/SSL FTP server software that works for you for exchanges
with z/os? For example, one of our customers is using a product from
Dumb question, but what sort of information would you be FTPing?
- - - - -
Timothy Sipples
IBM Consulting Enterprise Software Architect
Based in Tokyo, Serving IBM Japan / Asia-Pacific
E-Mail: timothy.sipp...@us.ibm.com
--
For
I use the Filezilla client, http://filezilla-project.org. Their web
page says they have a server but I've never used it.
Len Rugen
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to
We also demo'd www.sslftp.com. It has a server that worked, but we only use
the client piece.
Jim Wangler
214-502-6445
We are trying to set up a TLS FTP with a customer with us as client. The
customer's software vendor seems to be baffled.
Any Windows based TLS/SSL FTP server software that
: Secure FTP Server software vendors
We are trying to set up a TLS FTP with a customer with us as client. The
customer's software vendor seems to be baffled.
Any Windows based TLS/SSL FTP server software that works for you for
exchanges with z/os? For example, one of our customers is using
FTPS (FTP/TLS) can be tricky wrt implementation incompatibilities.
There are a couple of other options:
1) Tunnel regular FTP in an SSH connection. This would require that the
Windows server also run SSHD, but OpenSSH for Windows is free and very easy
to setup. We have a free / open source
use Ipswitch's.
Dave Gibney
Information Technology Services
Washington State University
-Original Message-
From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu] On
Behalf Of Rugen, Len
Sent: Thursday, February 19, 2009 6:48 AM
To: IBM-MAIN@bama.ua.edu
Subject: Re: Secure
Rafael Fernandez L. wrote:
Nobody mentioned ftp with GSSAPI (kerberos) ?
Ignacio Landín Villegas
Probably because there is rarely anyone using it.
Furthermore, it was all but unusable for a long time: although the
Kerberos ticket provided the cross-reference with the RACF userid,
support
Nobody mentioned ftp with GSSAPI (kerberos) ?
Ignacio Landín Villegas
-Original Message-
From: IBM Mainframe Discussion List
[mailto:[EMAIL PROTECTED] On Behalf Of Hal Merritt
Sent: Tuesday, July 29, 2008 10:39 PM
To: IBM-MAIN@BAMA.UA.EDU
Subject: Re: secure ftp on the mainframe
Oh
Do you have any links to SFTP sources? Google search results were
confusing and ambiguous.
-Original Message-
From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On
Behalf Of Walt Farrell
Sent: Thursday, July 24, 2008 11:04 AM
To: IBM-MAIN@BAMA.UA.EDU
Subject: Re: secure ftp
-Original Message-
From: IBM Mainframe Discussion List
[mailto:[EMAIL PROTECTED] On Behalf Of Hal Merritt
Sent: Tuesday, July 29, 2008 10:27 AM
To: IBM-MAIN@BAMA.UA.EDU
Subject: Re: secure ftp on the mainframe
Do you have any links to SFTP sources? Google search results were
@BAMA.UA.EDU
Subject: Re: secure ftp on the mainframe
Do you have any links to SFTP sources? Google search results were
confusing and ambiguous.
-Original Message-
From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On
Behalf Of Walt Farrell
Sent: Thursday, July 24, 2008 11:04 AM
sftp usually refers to the file transfer protocol that works as an
ssh subsystem (although some use the term to refer to FTP/TLS).
In the OpenSSH implementation, sftp and sftp-server are separate
binaries that are shipped as part of OpenSSH.
The sources for sftp and sftp-server are available
I was referring to the sftp that Walt mentioned. My take was that it was
neither TLS nor SSH.
SFTP is not FTP at all. It is a secure, FTP-like communication
protocol.
-Original Message-
From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On
Behalf Of Dooley, Robert
Sent
On Tue, 29 Jul 2008 11:22:16 -0500, Hal Merritt [EMAIL PROTECTED] wrote:
I was referring to the sftp that Walt mentioned. My take was that it was
neither TLS nor SSH.
SFTP is not FTP at all. It is a secure, FTP-like communication
protocol.
Perhaps you didn't see the next sentence
Its all a little confusing...
SSH is a tool/protocol for providing a secure connection over IP networks.
Once you have a connection, you can have multiple channels routed over
it. Channels could be interactive terminal sessions (to replace telnet),
port-forwarding channels, command redirection
things, like telnet, web service,
etc, right?
My head hurts :-)
-Original Message-
From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On
Behalf Of Walt Farrell
Sent: Tuesday, July 29, 2008 2:13 PM
To: IBM-MAIN@BAMA.UA.EDU
Subject: Re: secure ftp on the mainframe
On Tue, 29
Thank you to everyone who responded to my post about 'secure ftp on the
mainframe'.
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: GET IBM-MAIN INFO
Search
Hello,
First off let me say I am not an FTP expert.
We currently use FTP on the mainframe to send files to various sites. We also
use SFTP on the UNIX boxes to send files to various sites. I am looking for any
information or help on using SFTP, which I understand to be 'secure ftp
to be 'secure ftp' on the mainframe to send files with sensitive information in them.
Is SFTP really a 'secure ftp'?
There are several flavours of secure ftp.
It can be FTP over SSL/TLS, it's sometimes called FTPS - this is what
you surely have.
It can be sftp - AFAIK ftp over SSH. It is available
State University
515-294-3088
-Original Message-
From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf Of Kurt
Eastwood
Sent: Thursday, July 24, 2008 10:01 AM
To: IBM-MAIN@BAMA.UA.EDU
Subject: secure ftp on the mainframe
Hello,
First off let me say I am not an FTP
am looking for any information or
help on using SFTP, which I understand to be 'secure ftp' on
the mainframe to send files with sensitive information in them.
Is SFTP really a 'secure ftp'?
Yes, if you accept encrypted transfers as secure.
Can SFTP be used on the mainframe and if so can
10:01 AM
To: IBM-MAIN@BAMA.UA.EDU
Subject: secure ftp on the mainframe
Hello,
First off let me say I am not an FTP expert.
We currently use FTP on the mainframe to send files to various sites. We also
use SFTP on the UNIX boxes to send files to various sites. I am looking for any
information
-Original Message-
From: IBM Mainframe Discussion List
[mailto:[EMAIL PROTECTED] On Behalf Of Hal Merritt
Sent: Thursday, July 24, 2008 10:47 AM
To: IBM-MAIN@BAMA.UA.EDU
Subject: Re: secure ftp on the mainframe
[snip]
SSH is very popular in tinkertoyland, but is currently
[mailto:[EMAIL PROTECTED] On Behalf
Of McKown, John
Sent: Thursday, July 24, 2008 5:49 PM
To: IBM-MAIN@BAMA.UA.EDU
Subject: Re: secure ftp on the mainframe
-Original Message-
From: IBM Mainframe Discussion List
[mailto:[EMAIL PROTECTED] On Behalf Of Hal Merritt
Sent: Thursday, July 24, 2008
of secure ftp, but I can't remember
any details.
The IBM Ported Tools for z/OS provides a free, and as far as I know
supported, implementation of OpenSSH for z/OS. That will give sftp support,
and other ssh functionality.
--
Walt Farrell, CISSP
IBM STSM, z/OS Security Design
On Thu, 24 Jul 2008 08:00:55 -0700, Kurt Eastwood [EMAIL PROTECTED] wrote:
Is SFTP really a 'secure ftp'?
SFTP is not FTP at all. It is a secure, FTP-like communication protocol.
(SFTP here, is a function provided by the ssh protocols.) I'm not sure
anyone has really stated
On Fri, 7 Mar 2008 16:21:25 -0600, Miller, Pat [EMAIL PROTECTED]
wrote:
I need to exchange files with an agency that uses sftp and SSH-2. From
looking at the archives and the TCP/IP Implementation red book (vol 2, std
apps), I am unclear whether I can use ftps and AT-TLS or am stuck with sftp.
Miller, Pat wrote:
I need to exchange files with an agency that uses sftp and SSH-2. From looking
at the archives and the TCP/IP Implementation red book (vol 2, std apps), I am
unclear whether I can use ftps and AT-TLS or am stuck with sftp.
I'm not sure what platform they operate from,
on the status bar to see which suite
was negotiated. You can change the list on the mainframe and try it again.
Steve Bireley
Vice-President
Product Development
BlueZone Software
www.bluezonesoftware.com
Free BlueZone Secure FTP
--
Date:Thu, 18 Oct 2007 09:33:17 -0500
From
Hi, All,
Is it better to order the CIPHERSUITE statements from weaker to
stronger, or from stronger to weaker?
Why?
TIA,
-jc-
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL
Chase, John wrote:
Hi, All,
Is it better to order the CIPHERSUITE statements from weaker to
stronger, or from stronger to weaker?
Why?
TIA,
-jc-
Logically I would go from stronger to weaker since you want the
strongest encryption that both sides can understand.
--
Mark Jacobs
I got this via private e-mail. I'm posting it here for completeness.
Ed R.
From: [EMAIL PROTECTED]
Sent: Tuesday, March 14, 2006 12:52 PM
Subject: Re: Secure FTP
There's a few things you need to configure ...
* ICSF -- if you're going to use hardware encryption
SA22-7520 ICSF System
are mvs files we found it made our life
easier.
I'm interested in enabling the secure part of secure FTP, secure TN3270
Server, etc. Am I to understand that to get those secure parts working
you have to have TLS/SSL working on your system first? Can you point me to
the most complete and useful
How about secure FTP on OS/390 2.9?
Is there any hope?
Thanks,
Jim Weidt
Senior Systems Engineer
Jostens Inc.
The Ponds
Office: 952-838-7555
Cell: 612-419-3738
[EMAIL PROTECTED]
** GBA **
CONFIDENTIALITY NOTICE: The information contained in this e-mail
communication and any attached
Don't think so.
TSL/SSL FTP (FTPS) was introduced in z/OS 1.2. SSH FTP (SFTP) was in
1.4 I think, as a optional free package offically supported by IBM.
Weidt, James wrote:
How about secure FTP on OS/390 2.9?
Is there any hope?
Thanks,
Jim Weidt
Senior Systems Engineer
Jostens Inc
We are exploring our options to meet a requirement to do a secure FTP
from the Mainframe. I was wondering what others have done in this area.
Any product suggestions or methodologies to accomplish this?
Thanks
***
Cletus McGee
Technical Services
(334) 394-3320
Have
: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf
Of McGee, Cletus
Sent: Monday, March 13, 2006 10:39 AM
To: IBM-MAIN@BAMA.UA.EDU
Subject: Secure FTP
We are exploring our options to meet a requirement to do a secure FTP from
the Mainframe. I was wondering what others have done
On 13/03/06, McGee, Cletus [EMAIL PROTECTED] wrote:
We are exploring our options to meet a requirement to do a secure FTP
from the Mainframe. I was wondering what others have done in this area.
Any product suggestions or methodologies to accomplish this?
We have used a SSH tunnel carrying FTP
we're just in the throes of it now. looks like ibm's free 5655-m23 does
the job
Jack Kelly
LA Systems @ US Courts
x 202-502-2390
--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED]
easier. We also found it easier to automate, as we already were using
the FTP SMF exit to issue WTO for NetView to see when transmissions ended.
McGee, Cletus wrote:
We are exploring our options to meet a requirement to do a secure FTP
from the Mainframe. I was wondering what others have done
found it made our life
easier.
I'm interested in enabling the secure part of secure FTP, secure TN3270
Server, etc. Am I to understand that to get those secure parts working
you have to have TLS/SSL working on your system first? Can you point me to
the most complete and useful manual to enable TLS/SSL
To: IBM-MAIN@BAMA.UA.EDU
Subject: Re: Secure FTP
John S. Giltner, Jr. wrote:
We originally tried SFTP (SSH FTP) but ended up using FTPS (FTP
TSL/SSL) instead.
SSH FTP can only access files in a HFS/ZFS, no real mvs files, FTP
TSL/SSL can access all files no matter where they live
, July 19, 2005 6:58 PM
To: IBM-MAIN@BAMA.UA.EDU
Subject: Re: Secure FTP on z/OS
Neal Eckhardt wrote:
I have seen it documented that SSL/TLS is supported in the FTP server
from z/OS 1.2 and later. Does the FTP client also support SSL/TLS? I
can't find anything in the z/OS 1.4 configuration manual
Neal Eckhardt wrote:
I have seen it documented that SSL/TLS is supported in the FTP server
from z/OS 1.2 and later. Does the FTP client also support SSL/TLS? I
can't find anything in the z/OS 1.4 configuration manual referencing
SSL/TLS in the CLIENT.
Thanks,
Neal
Not sure about the 1.4
On Tue, Jul 12, 2005 at 08:15:05AM -0500, Joel Ivey wrote:
Peter, thanks for the response. Our firewall is by Symantec. According to
the firewall folks, they cannot set up a separate set of rules to allow ftps
traffic through 21/20 from certain ip addresses.It's either all or
nothing.
Joel,
I would suspect that the issue you're running into is that your firewall is
doing stateful inspection. The problem is not that the firewall doesn't
recognize AUTH TLS, but that it's having a problem during the TLS negotiation.
It is something that we ran into when first starting with
for the protocol. Earlier IETF drafts recommended using implicit port
990-989, but this evidently has been dropped. IBM also does not recommend
990 for their ftps on zOS (II13516). The firewall folks are balking at
allowing our secure ftp traffic through on port 21-20.
One suggestion we've come up
, June 17, 2005 12:50 PM
To: IBM-MAIN@BAMA.UA.EDU
Subject: Re: ftps secure ftp auth tls
Dave, just for clarification, I should have specified that the server in
every scenario is a zos server. Seagull ftp pro works fine as a client
to zos server.
Richard, I've specified FWFRIENDLY true to no avail
I've browsed thru the much discussion on secure ftp lately, picked up some
good tips, but have not come across this particular problem. Any help will
be appreciated.
(Sorry if this gets confusing. Internal means behind the network firewall.
External means outside. IP addresses are just
their attention and ask them to fix this.
-Original Message-
From: IBM Mainframe Discussion List [mailto:[EMAIL PROTECTED] On Behalf
Of Joel Ivey
Sent: Friday, June 17, 2005 11:49 AM
To: IBM-MAIN@BAMA.UA.EDU
Subject: ftps secure ftp auth tls
I've browsed thru the much discussion on secure ftp
-Original Message-
From: IBM Mainframe Discussion List
[mailto:[EMAIL PROTECTED] On Behalf Of Joel Ivey
Sent: Friday, June 17, 2005 2:50 PM
To: IBM-MAIN@BAMA.UA.EDU
Subject: Re: ftps secure ftp auth tls
Dave, just for clarification, I should have specified that
the server
I needed FWFRIENDLY to allow PASV mode commands.
I had to work with the network guy before I could connect as a FTP client,
using TLS/SSL, outside of our firewall.
[EMAIL PROTECTED] 06/17/05 03:49PM
Dave, just for clarification, I should have specified that the server in
every scenario is a
:[EMAIL PROTECTED] On Behalf
Of Joel Ivey
Sent: Friday, June 17, 2005 12:50 PM
To: IBM-MAIN@BAMA.UA.EDU
Subject: Re: ftps secure ftp auth tls
Dave, just for clarification, I should have specified that the server in
every scenario is a zos server.Seagull ftp pro works fine as a client
to zos
I believe the software looks for the key database password
in the stash file. When I ran into this recently, I was using
gskkyman to manage my key file, and there's an option in gskkyman
10 - Store database password to create the stash file.
Once I did that, the TLS handshake moved on to the
Of Richard Pinion
Sent: Thursday, May 26, 2005 11:42 AM
To: IBM-MAIN@BAMA.UA.EDU
Subject: Re: Secure FTP on the Mainframe
Nothing wrong with using RACF for the CERT stuff but you can generate
CERTS from OMVS using gskkyman. Maybe it is better to learn to crawl
first rather than trying to run
Howard Rifkind wrote:
Ulrich,
Can sFTP and FTP reside within the same z/OS partition and be used at the same time?
For instance, one person is FPT'ing a secure document using sFTP and another is using just plain old FTP for something else
You could use three different kinds of file
the key database password be supplied?
Thanks,
Craig
-Original Message-
Subject: Re: Secure FTP on the Mainframe
We would like to install Secure FTP in our maiframes TCP/IP configuration
and I have no idea how to do this.
Would some one be kind enough to point me in the right
Howard Rifkind wrote.
Howard Rifkind [EMAIL PROTECTED] wrote:We would like to install
Secure FTP in our maiframes TCP/IP configuration and I have no idea how
to do this.
Would some one be kind enough to point me in the right direction where
to start and what manuals to check out, and what
like to install Secure FTP in our maiframes TCP/IP configuration and
I have no idea how to do this.
Would some one be kind enough to point me in the right direction where to
start and what manuals to check out, and what to be aware of.
I'm not really prime time with TCP/IP. Thanks.
Which
Would you be interested in using FTP with SSL/TLS support? If so, it is
already installed. You need some parms and commands which I or other users of
ibm-main can provide.
[EMAIL PROTECTED] 05/26/05 10:21AM
We would like to install Secure FTP in our maiframes TCP/IP configuration and I
We would like to install Secure FTP in our maiframes TCP/IP configuration and I
have no idea how to do this.
Would some one be kind enough to point me in the right direction where to start
and what manuals to check out, and what to be aware of.
I'm not really prime time with TCP/IP. Thanks
The manuals are confusing as they seem to be focused on Websphere and
assume that is what you want to do. So far, I have achieved a secure
transfer, or at least so say the messages. I created the CA cert on one
system, then exported/imported it to another. Both systems are z/os 1.4
but do not
And here is the cross posing from the RACF list as promised:
QUOTE:
This is a foil that I presented in SHARE and Vanguard. People think this
helps them to clear things out. Would it help you?
Given:
? CA1 is the CA cert which signed the server cert S
? CA2 is the CA cert which
I've just recently done both secure FTP and TN3270 in z/OS 1.4
I used the redbook volume 7. I found gskkyman just as confusing as RACF, so
I used RACF :)
I also need to thank Sam for pointing out Filezilla, which is a good
FTP client and supports TLS
One recomendation I would make
I can't remember what I had to do to activate gskkyman. Oh yes, I had to add
GSK.SGSKLOAD
to PROG00 for APF and LNKLIST. Run gskkyman from TSO/OMVS. Once I had done
the z/OS setup
as below I had to work with the network guys to punch a hole thru our firewall
to allow FTP SSL.
Here are the
of trying to install the ICSF and have also found
some keywords in the IP Configuration manual for secure FTP.
Craig
Sorry to say but your manager is absolutely, positively clueless. SSL or
TLS definitely has to do with encryption. From a security standpoint, it
is one of the best
Howard Rifkind wrote:
We would like to install Secure FTP in our maiframes TCP/IP configuration and I
have no idea how to do this.
Would some one be kind enough to point me in the right direction where to start and what manuals to check out, and what to be aware of.
I'm not really prime
/OS V1R2 TCP/IP Implementation
Guide Volume 7: Security Chapters 910 mostly i think!
Link -- http://www.redbooks.ibm.com/redbooks/pdfs/sg246840.pdf
-Vik
Howard Rifkind [EMAIL PROTECTED] wrote:We would like to install Secure FTP in
our maiframes TCP/IP configuration and I have no idea how
74 matches
Mail list logo