Scribd
Upload
371 views

SFTP For The Mainframe PDF

The document discusses configuration and usage of the secure file transfer protocol (SFTP) between a mainframe system and remote servers. It provides details on generating SSH keys, configuring SSH and known_hosts files, using JCL and OMVS batch programs to execute SFTP commands, and troubleshooting authentication issues.

Uploaded by

Tube10 r
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
371 views

SFTP For The Mainframe PDF

The document discusses configuration and usage of the secure file transfer protocol (SFTP) between a mainframe system and remote servers. It provides details on generating SSH keys, configuring SSH and known_hosts files, using JCL and OMVS batch programs to execute SFTP commands, and troubleshooting authentication issues.

Uploaded by

Tube10 r
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 22

Nick Harley

Blue Cross and Blue Shield of Alabama


nickharley@bcbsal.org
 Unix System Service executable
 Runs from batch
 No interactive sessions
 Public key authentication for automation
 /.ssh – Default location sftp looks for keys,
known_hosts file; can be changed in ssh_config
 /etc/ssh – Default location for ssh_config file;
can be changed dynamically with –F flag
 ssh-keygen -t dsa -f
/etc/ssh/ssh_host_dsa_key -N ""
 ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key
-N ""

 Utilities are in /bin if that directory isn’t


already in PATH statement
 Copy keys to /.ssh; copy in /etc/ssh acts as a
backup
 ssh_config – Contains parameters that
configure sftp on use
 sshd_config – Only needed if implementing a
sshd server for inbound connections
 known_hosts – List of servers and associated
public key identifiers

 Configuration files located in /sample


 Servername,ip address key-type key

 sftp.somecompany.com ssh-rsa <key string>


 Give id_rsa.pub public key to target server
administrator to associate with login ID
 Get public key for target server from its
administrator and add to known_hosts for
server authentication
• IKJEFT01 – JCL program for executing copy commands
• OCOPY, OPUT, OGET – Move commands; best bet is
OCOPY as it works both ways
• !cp from batch process during sftp execution
//STEP1 EXEC PGM=IKJEFT01
//INMVS DD DSN=TEST.SFTP.DATA,
// DISP=SHR
//OUTHFS DD FILEDATA=TEXT,
// PATHOPTS=(OWRONLY,OCREAT,OTRUNC),
// PATHMODE=SIRWXU,
// PATH='/sftpdir/outbound.txt’
//SYSTSIN DD *
OCOPY IND(INMVS) OUTDD(OUTHFS)
//*
//SYSTSPRT DD SYSOUT=*
//SYSPRINT DD SYSOUT=*
//STEP5 EXEC PGM=IKJEFT01
//INHFS DD
PATH='/sftpdir/sftp.stderr',PATHOPTS=(ORDONLY)
//OUTMVS DD DSN='TEST.SFTP.STDERR',DISP=SHR
//*
//SYSTSIN DD *
OCOPY IND(INHFS) OUTDD(OUTMVS) TEXT
CONVERT(YES) PATHOPTS(USE)
/*
//SYSTSPRT DD SYSOUT=*
//SYSTSIN DD *
ASCII
cd targetdir/
!cp -F crnl "//‘TEST.DATA.FILE'"
/sftpdir/winconvert
put '/sftpdir/winconvert' newfile.name
!rm /sftpdir/winconvert

 -F crnl used to add line feed/carriage return in


mainframe data sets sent to Windows servers
• BPXBATCH – JCL program for executing OMVS
processes
• Executes as a PARM
• –b for batch commands
//STEP3 EXEC PGM=BPXBATCH,PARM='sh sftp -b
/sftpdir/sftp.cmds account@sftp.somecompany.com’
//STDOUT DD PATH='/sftp/log/test.ftp.stdout',
// PATHOPTS=(OWRONLY,OCREAT,OTRUNC),
// PATHMODE=SIRWXU
//STDERR DD PATH='/SFTP/log/test.ftp.stderr,
// PATHOPTS=(OWRONLY,OCREAT,OTRUNC),
// PATHMODE=SIRWXU
//SYSOUT DD SYSOUT=*
//SYSPRINT DD SYSOUT=*
 PARM line can be ended at column 71 and
continued at column 16 on the next line
 STDPARM can be used to put long batch
command lines in OMVS files
 STDPARM lines end with ; and new lines add a
space between quoted phrases
//STEP1 EXEC PGM=BPXBATCH
//STDPARM DD *
SH echo "Let's see if"
"I can get the echo"
"command to concatenate lines" > /sftpdir/sftpcont ;
echo "ascii" >> /sftpdir/sftpcont ;
echo "put /path/to/file2 remote" >> /sftpdir/sftpcont ;
/*
//STDOUT DD SYSOUT=*
//STDERR DD SYSOUT=*
 Physical files in OMVS for STDOUT and
STDERR
 STDERR and STDOUT redirected to SYSOUT
//STEP3 EXEC PGM=BPXBATCH,PARM='sh sftp -b
/sftpdir/sftp.cmds account@sftp.somecompany.com’
//STDOUT DD SYSOUT *
//STDERR DD SYSOUT *
//SYSOUT DD SYSOUT=*
//SYSPRINT DD SYSOUT=*
 If the target server fails to authenticate to
known_hosts, connection ends
 Occurs if incorrect public key is given, public
key added incorrectly or target server presents
key as IP and/or hostname and doesn’t match
known_hosts
 StrictHostKeyChecking in ssh_config can be set
to no temporarily to allow the target server’s
public key to automatically be loaded to
known_hosts
 If public key authentication fails for login ID,
make sure target system is correctly configured
 Corruption or mistakes sometimes occur when
manually copying public key; download
directly from OMVS to avoid problems
 Check logs to make sure the right keyring is
being used on host system
 FTP key to OMVS directory and move to
known_hosts directory
 echo "sftp.server.com `cat target.pub`" >>
known_hosts
 Can also edit on a PC and upload to OMVS
directory
 ssh_config for security options
 Use StrictHostKeyChecking to maintain
integrity of connections; enabled by default
 Disable use of protocol 1 by explicitly stating
Protocol 2

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy