And for giggles I setup another Linux FTP server - this one pure-ftpd - again no issues connecting with a windows FTPS client - still no connection with z/OS.
On Wed, May 7, 2014 at 2:39 PM, Mark Pace <pacemainl...@gmail.com> wrote: > Yes - it was at that time. Since I started working on the RACF > certs/keyring stuff the ftp.data has been updated as I go along. Currently. > > SECURE_CTRLCONN CLEAR > SECURE_DATACONN PRIVATE > SECURE_FTP REQUIRED > SECURE_HOSTNAME OPTIONAL > SECURE_MECHANISM TLS > KEYRING IBMUSER/FtpSecur > TLSPORT 21 > TLSRFCLEVEL CCCNONOTIFY > TLSTIMEOUT 10 > ; > ;CTRLCONN 7BIT > SECUREIMPLICITZOS FALSE > TLSMECHANISM FTP > CIPHERSUITE SSL_RC4_SHA > ; > DEBUG SEC > > > On Wed, May 7, 2014 at 2:06 PM, Gibney, Dave <gib...@wsu.edu> wrote: > >> You said latest, so maybe you have tried others. In the parms listed >> here, your keyring is commented out. >> >> > -----Original Message----- >> > From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] >> > On Behalf Of Mark Pace >> > Sent: Wednesday, May 07, 2014 5:26 AM >> > To: IBM-MAIN@LISTSERV.UA.EDU >> > Subject: z/OS FTPS Client & Linux FTP server >> > >> > Has anyone successfully sent data to a Linux FTP server using TLS >> security >> > from the z/OS FTP client? >> > >> > I have a Linux server running vsftpd - I've been using it for years to >> send SMF >> > data. I've added TLS support to this server. I've verified that the >> Secure >> > connect works via a Filezilla client, >> > >> > So now I would like to be able to send SMF data to the server. But I >> always >> > get an authentication failure. I've tried every combination of Security >> > parameters I can come up with. >> > >> > These are the latest parms in my ftp.data file. >> > >> > ;SECURE_CTRLCONN SAFE >> > SECURE_DATACONN CLEAR >> > SECURE_FTP REQUIRED >> > SECURE_HOSTNAME OPTIONAL >> > SECURE_MECHANISM TLS >> > SECUREIMPLICITZOS FALSE >> > CIPHERSUITE SSL_RC4_SHA >> > ;KEYRING IBMUSER/SecureFTPKeyRing >> > TLSPORT 21 >> > TLSRFCLEVEL CCCNONOTIFY >> > TLSTIMEOUT 10 >> > ;SECURE_PBSZ 16384 >> > ; >> > ;CTRLCONN 7BIT >> > >> > I'm beginning to think I am doing something fundamentally wrong instead >> of >> > it being a matter of wrong parameters. >> > >> > //FTP EXEC PGM=FTP,REGION=5M,PARM='(EXIT' >> > //SYSPRINT DD SYSOUT=* >> > //SYSFTPD DD DISP=SHR,DSN=MARPACE.JCL.CNTL(FTPSDATA) >> > //OUTPUT DD SYSOUT=* >> > //INPUT DD * USE LOWER CASE BELOW >> > ftp.s390.mainline.com >> > userid password >> > dir >> > quit >> > >> > >> > EZA1736I FTP >> > (EXIT >> > >> > EZY2640I Using dd:SYSFTPD=MARPACE.JCL.CNTL(FTPSDATA) for local site >> > configuration parameters. >> > EZA1450I IBM FTP CS >> > V2R1 >> > EZA1772I FTP: EXIT has been >> > set. >> > EZA1456I Connect to >> > ? >> > EZA1736I ftp.s390.mainline.com >> > >> > EZA1554I Connecting to: ftp.s390.mainline.com 10.6.0.10 port: >> > 21. >> > EZA2897I Authentication negotiation >> > failed >> > EZA2898I Unable to successfully negotiate required authentication >> EZA1735I >> > Std Return Code = 10000, Error Code = >> > 00017 >> > >> > >> > >> > >> > >> > >> > >> > >> > -- >> > The postings on this site are my own and don’t necessarily represent >> > Mainline’s positions or opinions >> > >> > Mark D Pace >> > Senior Systems Engineer >> > Mainline Information Systems >> > >> > ---------------------------------------------------------------------- >> > For IBM-MAIN subscribe / signoff / archive access instructions, send >> email to >> > lists...@listserv.ua.edu with the message: INFO IBM-MAIN >> >> ---------------------------------------------------------------------- >> For IBM-MAIN subscribe / signoff / archive access instructions, >> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN >> > > > > -- > The postings on this site are my own and don’t necessarily represent > Mainline’s positions or opinions > > Mark D Pace > Senior Systems Engineer > Mainline Information Systems > > > > -- The postings on this site are my own and don’t necessarily represent Mainline’s positions or opinions Mark D Pace Senior Systems Engineer Mainline Information Systems ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
