Hello Alan, Thank you very much. We do not have any in-house z/OS people. We are just gathering information.
I do thank you all for the information. Ed Martin Aultman Health Foundation 330-363-5050 ext 35050 -----Original Message----- From: The IBM z/VM Operating System [mailto:ib...@listserv.uark.edu] On Behalf Of Alan Altmark Sent: Friday, July 23, 2010 5:11 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: SFTP versus FTPS On Friday, 07/23/2010 at 04:41 EDT, Edward M Martin <emar...@aultman.com> wrote: > Ok I need some comments and guidance. FTP using the SSH is not what we want, I > believe. That is called "sftp" and is what the IBM Ported Tools gives you. > We want FTP/SSL or FTPS (implicit SSL). Which from my earlier question about > FTP and TCP/IP on z/OS is not in the BASE TCP/IP suite. z/OS *does* include FTP/SSL (via System SSL) and FTPS (via AT-TLS). There may be other FMIDs that have to be installed. I'm not an MVS guru. > Alan this statement would this be the part of the IBM PORTED Tools that you > are talking about (see below). > > If it is then, That would SFTP and not the FTP/SSL (FTPS) that we require. >> TCP/IP is part of z/OS Communications Server (nee VTAM). It is not a part of >> the base z/OS. It is a charge feature of z/OS. "sftp" is available for z/OS, >> but must be ordered. It is part of the OpenSSH port ( 5655-M23). It is free. >> This version of sftp only support z/OS UNIX files. I don't worry too much about the fact that you can "snap out" things like RACF and TCP/IP. You really need to talk to your in-house z/OS folks to know what they have/haven't ordered/installed. > ?. SFTP, for our purposes here at <name removed> , is for Implicit SSL > connections. FTPS, is for SSH connections which we don?t accept at all in > fact. ? Feel free to correct them. SFTP has only one meaning: file transfer using an ssh tunnel. FTPS can be either RFC 4217 (dynamic) or implicit SSL (a la https). Some ftps clients are smart enough to connect in clear-text and find out if the server supports RFC 4217 and, if not, disconnect and reconnect with implicit SSL. But given that a lot of people don't believe or know that FTP is secure (they live in the distant past), they feel free to use sftp and ftps and 'secure ftp' interchangeably. I even saw a web browser incorrectly process an ftp:// URL, using "binary" transfers for text data, on the bogus assumption that they are the same. Morons. Alan Altmark z/VM Development IBM Endicott
