I see you have pasv_enable=yes
I think there's a setting in z/OS parms maybe related. EPSV4 True
On 5/7/2014 3:36 PM, Mark Pace wrote:
I had looked at that also. The vsftpd config - comments removed for
brevity.
listen=YES
max_clients=20
use_localtime=YES
log_ftp_protocol=YES
# enable FTPS
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=NO
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
ssl_request_cert=NO
rsa_cert_file=/etc/vsftpd/mainline-wc-2011.crt
rsa_private_key_file=/etc/vsftpd/mainline-wc-2011.key
ssl_ciphers=RC4-SHA
debug_ssl=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
anon_umask=666
anon_upload_enable=NO
dirmessage_enable=YES
message_file=.message
xferlog_enable=YES
connect_from_port_20=YES
xferlog_file=/var/log/vsftpd.log
banner_file=/etc/vsftpd.banner
deny_email_enable=YES
banned_email_file=/etc/vsftpd.banned_emails
chroot_local_user=YES
pasv_enable=YES
listen_ipv6=NO
On Wed, May 7, 2014 at 3:20 PM, Gibney, Dave <gib...@wsu.edu> wrote:
I am now reminded of a difficulty I had with this once. My plea to the
list(s) resulted in this:
Skip to site navigation (Press enter)
Re: FTP TLS Handshake Fails with SSL RC 410 Cal McCracken Thu, 10 Mar 2011
07:44:54 -0800
Thanks to a private responder, I was able to get this resolved. I don't
know if the SSL RC 410 covers other error situations, but in my case, the
resolution was to set configuration parm, ssl_request_cert to NO (defaults
to YES). This is a config parm for the vsftpd FTP server on our Linux
system.
My humble thanks to the responder.
-----Original Message-----
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU]
On Behalf Of Mark Pace
Sent: Wednesday, May 07, 2014 12:02 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: z/OS FTPS Client & Linux FTP server
And for giggles I setup another Linux FTP server - this one pure-ftpd -
again no
issues connecting with a windows FTPS client - still no connection with
z/OS.
On Wed, May 7, 2014 at 2:39 PM, Mark Pace <pacemainl...@gmail.com>
wrote:
Yes - it was at that time. Since I started working on the RACF
certs/keyring stuff the ftp.data has been updated as I go along.
Currently.
SECURE_CTRLCONN CLEAR
SECURE_DATACONN PRIVATE
SECURE_FTP REQUIRED
SECURE_HOSTNAME OPTIONAL
SECURE_MECHANISM TLS
KEYRING IBMUSER/FtpSecur
TLSPORT 21
TLSRFCLEVEL CCCNONOTIFY
TLSTIMEOUT 10
;
;CTRLCONN 7BIT
SECUREIMPLICITZOS FALSE
TLSMECHANISM FTP
CIPHERSUITE SSL_RC4_SHA
;
DEBUG SEC
On Wed, May 7, 2014 at 2:06 PM, Gibney, Dave <gib...@wsu.edu> wrote:
You said latest, so maybe you have tried others. In the parms listed
here, your keyring is commented out.
-----Original Message-----
From: IBM Mainframe Discussion List
[mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Mark Pace
Sent: Wednesday, May 07, 2014 5:26 AM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: z/OS FTPS Client & Linux FTP server
Has anyone successfully sent data to a Linux FTP server using TLS
security
from the z/OS FTP client?
I have a Linux server running vsftpd - I've been using it for years
to
send SMF
data. I've added TLS support to this server. I've verified that
the
Secure
connect works via a Filezilla client,
So now I would like to be able to send SMF data to the server. But
I
always
get an authentication failure. I've tried every combination of
Security parameters I can come up with.
These are the latest parms in my ftp.data file.
;SECURE_CTRLCONN SAFE
SECURE_DATACONN CLEAR
SECURE_FTP REQUIRED
SECURE_HOSTNAME OPTIONAL
SECURE_MECHANISM TLS
SECUREIMPLICITZOS FALSE
CIPHERSUITE SSL_RC4_SHA
;KEYRING IBMUSER/SecureFTPKeyRing
TLSPORT 21
TLSRFCLEVEL CCCNONOTIFY
TLSTIMEOUT 10
;SECURE_PBSZ 16384
;
;CTRLCONN 7BIT
I'm beginning to think I am doing something fundamentally wrong
instead
of
it being a matter of wrong parameters.
//FTP EXEC PGM=FTP,REGION=5M,PARM='(EXIT'
//SYSPRINT DD SYSOUT=*
//SYSFTPD DD DISP=SHR,DSN=MARPACE.JCL.CNTL(FTPSDATA)
//OUTPUT DD SYSOUT=*
//INPUT DD * USE LOWER CASE BELOW
ftp.s390.mainline.com
userid password
dir
quit
EZA1736I FTP
(EXIT
EZY2640I Using dd:SYSFTPD=MARPACE.JCL.CNTL(FTPSDATA) for local site
configuration parameters.
EZA1450I IBM FTP CS
V2R1
EZA1772I FTP: EXIT has been
set.
EZA1456I Connect to
?
EZA1736I ftp.s390.mainline.com
EZA1554I Connecting to: ftp.s390.mainline.com 10.6.0.10 port:
21.
EZA2897I Authentication negotiation failed EZA2898I Unable to
successfully negotiate required authentication
EZA1735I
Std Return Code = 10000, Error Code =
00017
--
The postings on this site are my own and don’t necessarily
represent Mainline’s positions or opinions
Mark D Pace
Senior Systems Engineer
Mainline Information Systems
-------------------------------------------------------------------
--- For IBM-MAIN subscribe / signoff / archive access instructions,
send
email to
lists...@listserv.ua.edu with the message: INFO IBM-MAIN
---------------------------------------------------------------------
- For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO
IBM-MAIN
--
The postings on this site are my own and don’t necessarily represent
Mainline’s positions or opinions
Mark D Pace
Senior Systems Engineer
Mainline Information Systems
--
The postings on this site are my own and don’t necessarily represent
Mainline’s positions or opinions
Mark D Pace
Senior Systems Engineer
Mainline Information Systems
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions, send
email to
lists...@listserv.ua.edu with the message: INFO IBM-MAIN
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
--
Brian W. France
Systems Administrator (Mainframe)
Pennsylvania State University
Administrative Information Services - Infrastructure/SYSARC
Rm 25 Shields Bldg., University Park, Pa. 16802
814-863-4739
b...@psu.edu
"To make an apple pie from scratch, you must first invent the universe."
Carl Sagan
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
