That's one I have changed back and forth 21 ... 22 ... 21 .. 22 ... 21 &22. The config I started with had 21 in it, but the WinSCP references 22 so I have been trying both ... without success. I changed it back to 21 now. Still fails.
I just added an ftp configuration parameter of FTPLOGGING TRUE and received this message: EZYFS51I ID=FTPD100000 CONN fails Reason=3 Text=getpeername failed Now I'm trying to figure out what that is telling me. On Wed, May 25, 2022 at 8:46 AM Michael Babcock <bigironp...@gmail.com> wrote: > I can SSH into z/OS USS but I don’t use pagent for port 22. You should > configure SSHD for that. Remove port 22 from PAGENT. > > On Wed, May 25, 2022 at 8:46 AM Bob <mvs...@gmail.com> wrote: > > > I am struggling to get AT-TLS and FTP working on my new z/OS 2.5 system > and > > I don’t know why. I’m sure I am > > > > missing something very simple, but I have spent a lot of time over the > last > > few weeks trying to figure it out > > > > and I cannot. Note that ftp without encryption does work and I have > > nothing else using PAGENT or AT-TLS. > > > > > > > > I originally started with a configuration created by z/OSMF Network > > Configuration Assistant, but after > > > > numerous attempts to get it working I have pared it down to the very > > minimum configuration below. > > > > > > > > I’m not even sure what info to share. > > > > > > > > When I try to connect using WinSCP I just get this: > > > > > > > > d:\>"c:\Program Files (x86)\WinSCP\WinSCP" /log=d:\WinSCP.log /loglevel=2 > > testmvs > > > > Searching for host... > > > > Network error: Connection to "testmvs" refused. > > > > The server rejected SFTP connection, but it listens for FTP connections. > > > > Did you want to use FTP protocol instead of SFTP? Prefer using > encryption. > > > > winscp> > > > > > > > > And the WinSCP log doesn’t show much more: > > > > > > > > Looking up host "testmvs" for SSH connection > > > > Connecting to 10.80.63.94 port 22 > > > > Failed to connect to 10.80.63.94: Network error: Connection refused > > > > > > > > And here are the related configuration files. > > > > > > > > Here’s the pagent.conf: > > > > > > > > LogLevel 511 > > > > TcpImage TCPIP FLUSH > > > > TTLSConfig /etc/TTLSConfig.conf FLUSH > > > > > > > > And here is the TTLSConfig.conf: > > > > > > > > TTLSGroupAction ftp_server_group > > > > { > > > > TTLSEnabled On > > > > Trace 30 > > > > } > > > > TTLSEnvironmentAction ftp_server_env > > > > { > > > > HandshakeRole Server > > > > TTLSCipherParmsRef ftp_server_ciphers > > > > TTLSKeyringParms > > > > { > > > > Keyring mtskeyring > > > > } > > > > TTLSEnvironmentAdvancedParms > > > > { > > > > ApplicationControlled On > > > > SecondaryMap On > > > > TLSv1.2 On > > > > TLSv1.3 On > > > > } > > > > } > > > > TTLSCipherParms ftp_server_ciphers > > > > { > > > > V3CipherSuites TLS_RSA_WITH_AES_256_CBC_SHA > > > > V3CipherSuites TLS_RSA_WITH_3DES_EDE_CBC_SHA > > > > V3CipherSuites TLS_RSA_WITH_NULL_SHA > > > > } > > > > TTLSRule ftp_server_rule > > > > { > > > > LocalPortRange 21-22 > > > > Direction Inbound > > > > TTLSGroupActionRef ftp_server_group > > > > TTLSEnvironmentActionRef ftp_server_env > > > > } > > > > > > > > Here is a ‘netstat ttls group’ command: > > > > > > > > MVS TCP/IP NETSTAT CS V2R5 TCPIP Name: TCPIP 13:14:46 > > > > TTLSGrpAction Group ID Conns > > > > ---------------------------------------- ----------------- ----- > > > > ftp_server_group 00000003 0 > > > > > > > > Does that Conns=0 mean anything? > > > > > > > > Let me know if there is some other info that might help. > > > > > > > > Thank you VERY MUCH for any suggestions you can offer. > > > > > > > > Bob Lamerand > > > > ---------------------------------------------------------------------- > > For IBM-MAIN subscribe / signoff / archive access instructions, > > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > > > -- > Michael Babcock > OneMain Financial > z/OS Systems Programmer, Lead > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN