AT-TLS & FTP troubles - cannot get very simple setup working

Wed, 25 May 2022 06:46:32 -0700 

I am struggling to get AT-TLS and FTP working on my new z/OS 2.5 system and
I don’t know why. I’m sure I am

missing something very simple, but I have spent a lot of time over the last
few weeks trying to figure it out

and I cannot.  Note that ftp without encryption does work and I have
nothing else using PAGENT or AT-TLS.



I originally started with a configuration created by z/OSMF Network
Configuration Assistant, but after

numerous attempts to get it working I have pared it down to the very
minimum configuration below.



I’m not even sure what info to share.



When I try to connect using WinSCP I just get this:



d:\>"c:\Program Files (x86)\WinSCP\WinSCP" /log=d:\WinSCP.log /loglevel=2
testmvs

Searching for host...

Network error: Connection to "testmvs" refused.

The server rejected SFTP connection, but it listens for FTP connections.

Did you want to use FTP protocol instead of SFTP? Prefer using encryption.

winscp>



And the WinSCP log doesn’t show much more:



Looking up host "testmvs" for SSH connection

Connecting to 10.80.63.94 port 22

Failed to connect to 10.80.63.94: Network error: Connection refused



And here are the related configuration files.



Here’s the pagent.conf:



LogLevel   511

TcpImage   TCPIP FLUSH

TTLSConfig /etc/TTLSConfig.conf FLUSH



And here is the TTLSConfig.conf:



TTLSGroupAction       ftp_server_group

{

   TTLSEnabled On

   Trace 30

}

TTLSEnvironmentAction ftp_server_env

{

   HandshakeRole      Server

   TTLSCipherParmsRef ftp_server_ciphers

   TTLSKeyringParms

   {

      Keyring mtskeyring

   }

   TTLSEnvironmentAdvancedParms

   {

      ApplicationControlled On

      SecondaryMap          On

      TLSv1.2               On

      TLSv1.3               On

   }

}

TTLSCipherParms       ftp_server_ciphers

{

   V3CipherSuites TLS_RSA_WITH_AES_256_CBC_SHA

   V3CipherSuites TLS_RSA_WITH_3DES_EDE_CBC_SHA

   V3CipherSuites TLS_RSA_WITH_NULL_SHA

}

TTLSRule              ftp_server_rule

{

   LocalPortRange           21-22

   Direction                Inbound

   TTLSGroupActionRef       ftp_server_group

   TTLSEnvironmentActionRef ftp_server_env

}



Here is a ‘netstat ttls group’ command:



MVS TCP/IP NETSTAT CS V2R5       TCPIP Name: TCPIP           13:14:46

TTLSGrpAction                             Group ID           Conns

----------------------------------------  -----------------  -----

ftp_server_group                          00000003               0



Does that Conns=0 mean anything?



Let me know if there is some other info that might help.



Thank you VERY MUCH for any  suggestions you can offer.



Bob Lamerand

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Reply via email to