MVS access: that's where the question of practicality arises. One can ftp
the file to the Linux image and if it heads across a hipersocket it can't
be sniffed therefore it needs not be encrypted. That leaves the
authentication issue to be dealt with, but I admit I haven't given that a
great deal of thought. Once the file is there a scheduler agent or
something similar can initiate the transfer from Linux to the final
location. One can reverse the flow and the situation is changed very
little, the agent lets the MVS system know to retrieve the file once it
arrives at the Linux image.
OpenSSH on MVS uses OpenSSL software encryption routines and can consume a
lot of cycles. That workload would likely be less expensive out of the
sysplex where it would not inflate all the related yet totally uninvolved
software license fees.
[EMAIL PROTECTED]
Sent by:
[EMAIL PROTECTED] To
ST.EDU LINUX-390@VM.MARIST.EDU
cc
01/09/2006 15:10 Subject
Re: Secure file transfers: thoughts
on zLinux as server for MVS
Please respond to sysplex?
[EMAIL PROTECTED]
ST.EDU
I don't understand how installing a Linux/390 system running SSH is
going to allow your MVS systems to access the data. Besides, if running
SSH on your Linux system is good enough, why isn't running SSH on your
MVS systems good enough?
Mark Post
-----Original Message-----
From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf Of
Tom Ambros
Sent: Monday, January 09, 2006 3:01 PM
To: LINUX-390@VM.MARIST.EDU
Subject: Secure file transfers: thoughts on zLinux as server for MVS
sysplex?
We are looking to eliminate password authentication and, probably,
encrypt all production file transfers on our internal network.
Our Unix engineers are loathe to install SSL enabled ftp clients but
instead wish to exploit OpenSSH. As a matter of fact, all our new Unix
machines will be built with ftp disabled. OpenSSH is not the best
solution for our MVS installation, so we look at alternatives.
One thought is to implement a zLinux image and use it as an ssh server
for the MVS sysplex. Is this a practical idea? How are others
approaching this issue, if one is unable to influence the Unix engineers
to install an SSL enabled ftp client?
Thanks...
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or
visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
*******************************************************************************
This communication may contain privileged and/or confidential information. It
is intended solely for the use of the addressee. If you are not the intended
recipient, you are strictly prohibited from disclosing, copying, distributing
or using any of this information. If you received this communication in error,
please contact the sender immediately and destroy the material in its entirety,
whether electronic or hard copy. This communication may contain nonpublic
information about individuals and businesses subject to the restrictions of the
Gramm-Leach-Bliley Act. You may not directly or indirectly reuse or redisclose
such information for any purpose other than to provide the services for which
you are receiving the information.
127 Public Square, Cleveland, OH 44114
*******************************************************************************
If you prefer not to receive future e-mail offers for products or services from
Key send an e-mail to [EMAIL PROTECTED] with 'No Promotional E-mails' in the
SUBJECT line.
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
