Re: SFTP on z/OS

2017-02-04 Thread Paul Gilmartin 
On Sun, 5 Feb 2017 09:26:53 +0300, venkat kulkarni wrote:

>Hello All,
>Problem has been resolved. The issue with target host authorize key and
>permission but all now all looks good.
>
>But one issue, I am still facing is when I try to save RSA public key in
>omvs authorized_keys file is the space . I try to enter key but after 255
>character, I am not able to move my curser to rishte side to move but my
>key is approx 490 character.
>
>How do I resolve the issue.
> 
Use a friendlier viewer/editor.

What editor are you using on z/OS?

What editor are you using on Linux?

What OS is on your desktop?  What editor can you use there?

-- gil

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: SFTP on z/OS

2017-02-04 Thread venkat kulkarni 
Hello All,
Problem has been resolved. The issue with target host authorize key and
permission but all now all looks good.

But one issue, I am still facing is when I try to save RSA public key in
omvs authorized_keys file is the space . I try to enter key but after 255
character, I am not able to move my curser to rishte side to move but my
key is approx 490 character.

How do I resolve the issue.

Regards
Venkat

On Feb 1, 2017 16:52, "Kirk Wolf"  wrote:

> On Tue, Jan 31, 2017 at 9:01 PM, Paul Gilmartin <
> 000433f07816-dmarc-requ...@listserv.ua.edu> wrote:
>
> > ...
> >
> > >You can also have ssh display the "ascii art" fingerprint of public
> key(s)
> > >for visual verification:
> > >
> > Transmitted independently and securely.  Courier pouch?
> >
> > Remember that although the integrity of public keys needs to be guarded,
> their privacy does not.
> So it is common to use other secure communications, like publishing the
> public key on a https: web page.
> See Github and Amazon web services for some examples.
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: SFTP on z/OS

2017-02-04 Thread Carmen Vitullo 
W;ere going thru the same process right now with Sftp, we found out we needed 
ICSF up, we don';t have any crypto express hardware, but do have CPAF enabled 


- Original Message -

From: "Mark Jacobs - Listserv"  
To: IBM-MAIN@LISTSERV.UA.EDU 
Sent: Saturday, February 4, 2017 3:21:16 PM 
Subject: Re: SFTP on z/OS 

If you don't have CryptoExpress processors, but do have CPAF enabled on 
your processor/LPAR, you still might need ICSF active. I don't know off 
hand if ssh will directly use the CPAF facilities without ICSF being 
available. 

Mark Jacobs 

> scott Ford  
> February 4, 2017 at 4:15 PM 
> Guys: 
> 
> I have a SSH question, we dont have a ICSF , do i need one to do SSH ? We 
> want to do scp from Windows to 
> z/OS . I want stepping thru the ICSF stc doc and read about 'head 
> 'dev/random' and its not working returning an error 
> 
> Scott 
> 
> 
> -- 
> For IBM-MAIN subscribe / signoff / archive access instructions, 
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN 
> 
> 
> Please be alert for any emails that may ask you for login information 
> or directs you to login via a link. If you believe this message is a 
> phish or aren't sure whether this message is trustworthy, please send 
> the original message as an attachment to 'phish...@timeinc.com'. 
> 
> Kirk Wolf  
> February 3, 2017 at 8:58 AM 
> Standard SSH/SFTP doesn't support X.509 certificate's for authentication, 
> so I don't understand your reference to a CA. 
> 
> (z/OS OpenSSH does allow you to put SSH public and private keys in a Key 
> Ring Certificate, but only the keys are used; the certificate and its 
> signature are irrelevant.) 
> 
> Kirk Wolf 
> Dovetailed Technologies 
> http://dovetail.com 
> 
> 
> -- 
> For IBM-MAIN subscribe / signoff / archive access instructions, 
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN 
> 
> 
> Please be alert for any emails that may ask you for login information 
> or directs you to login via a link. If you believe this message is a 
> phish or aren't sure whether this message is trustworthy, please send 
> the original message as an attachment to 'phish...@timeinc.com'. 
> 
> Jantje.  
> February 3, 2017 at 6:48 AM 
> 
> The issue I have with that is one of trust: In the end, I just have to 
> trust whatever the Root Certification Authority is. Or actually, I 
> have to trust Microsoft to have correctly verified the identity of 
> that RCA and the integrity of the certificate they present, because it 
> is MS that installed that certificate in my browser. (s/MS/Google/g 
> for Chrome...) 
> 
> Cheers, 
> 
> Jantje. 
> 
> -- 
> For IBM-MAIN subscribe / signoff / archive access instructions, 
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN 
> 
> 
> Please be alert for any emails that may ask you for login information 
> or directs you to login via a link. If you believe this message is a 
> phish or aren't sure whether this message is trustworthy, please send 
> the original message as an attachment to 'phish...@timeinc.com'. 
> 

-- 

Mark Jacobs 
Time Customer Service 
Global Technology Services 

The standard you walk past is the standard you accept. 
Lt. Gen. David Morrison 


-- 
For IBM-MAIN subscribe / signoff / archive access instructions, 
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN 


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: SFTP on z/OS

2017-02-04 Thread Mark Jacobs - Listserv 
If you don't have CryptoExpress processors, but do have CPAF enabled on 
your processor/LPAR, you still might need ICSF active. I don't know off 
hand if ssh will directly use the CPAF facilities without ICSF being 
available.


Mark Jacobs


scott Ford 
February 4, 2017 at 4:15 PM
Guys:

I have a SSH question, we dont have a ICSF , do i need one to do SSH ? We
want to do scp from Windows to
z/OS . I want stepping thru the ICSF stc doc and read about 'head
'dev/random' and its not working returning an error

Scott


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


Please be alert for any emails that may ask you for login information 
or directs you to login via a link. If you believe this message is a 
phish or aren't sure whether this message is trustworthy, please send 
the original message as an attachment to 'phish...@timeinc.com'.


Kirk Wolf 
February 3, 2017 at 8:58 AM
Standard SSH/SFTP doesn't support X.509 certificate's for authentication,
so I don't understand your reference to a CA.

(z/OS OpenSSH does allow you to put SSH public and private keys in a Key
Ring Certificate, but only the keys are used; the certificate and its
signature are irrelevant.)

Kirk Wolf
Dovetailed Technologies
http://dovetail.com


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


Please be alert for any emails that may ask you for login information 
or directs you to login via a link. If you believe this message is a 
phish or aren't sure whether this message is trustworthy, please send 
the original message as an attachment to 'phish...@timeinc.com'.


Jantje. 
February 3, 2017 at 6:48 AM

The issue I have with that is one of trust: In the end, I just have to 
trust whatever the Root Certification Authority is. Or actually, I 
have to trust Microsoft to have correctly verified the identity of 
that RCA and the integrity of the certificate they present, because it 
is MS that installed that certificate in my browser. (s/MS/Google/g 
for Chrome...)


Cheers,

Jantje.

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


Please be alert for any emails that may ask you for login information 
or directs you to login via a link. If you believe this message is a 
phish or aren't sure whether this message is trustworthy, please send 
the original message as an attachment to 'phish...@timeinc.com'.




--

Mark Jacobs
Time Customer Service
Global Technology Services

The standard you walk past is the standard you accept.
Lt. Gen. David Morrison


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: COBOL/LE question

2017-02-04 Thread scott Ford 
Rex,

I sure would re-compile the Cobol programs. I have ran into issues but it
was going backward. It was in regard to callable LE functions and what was
supported...

Scott

On Thu, Feb 2, 2017 at 12:12 PM, Bill Woodger 
wrote:

> The IGZ0268W is a warning message (no kidding). If your are using up to
> Enterprise COBOL V4.2 (which you are), it is just a warning that some time
> in the future (going to V5+, or perhaps with some future LE) you *will*
> have a problem. If you are using V5+ (which you are not) it is a problem
> right now.
>
> You have a different case from it just being COBOL. Your combined
> COBOL/ASM was previously running non-destructively with LE. And now it
> doesn't.
>
> First shot would be to recompile one COBOL program that uses the Asm, and
> see if you then get cooperation. If not, someone has to visit with the Asm.
>
> If you are simply not allowed to recompile (cast-iron policy), then just
> pack up and go home early. It is highly unlikely that any simple magic
> exists to fix it in such a way that you need cease to wonder "OK, but what
> the heck else could be going on while it 'apparently works (RC0)'.
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: SFTP on z/OS

2017-02-04 Thread scott Ford 
Guys:

I have a SSH question, we dont have a ICSF , do i need one to do SSH ? We
want to do scp from Windows to
z/OS  . I want stepping thru the ICSF stc doc and read about 'head
'dev/random' and its not working returning an error

Scott

On Fri, Feb 3, 2017 at 8:58 AM, Kirk Wolf  wrote:

> Standard SSH/SFTP doesn't support X.509 certificate's for authentication,
> so I don't understand your reference to a CA.
>
> (z/OS OpenSSH does allow you to put SSH public and private keys in a Key
> Ring Certificate, but only the keys are used; the certificate and its
> signature are irrelevant.)
>
> Kirk Wolf
> Dovetailed Technologies
> http://dovetail.com
>
> On Fri, Feb 3, 2017 at 5:48 AM, Jantje.  wrote:
>
> > On Wed, 1 Feb 2017 07:51:23 -0600, Kirk Wolf  wrote:
> >
> > >> Remember that although the integrity of public keys needs to be
> guarded,
> > >their privacy does not.
> > >So it is common to use other secure communications, like publishing the
> > >public key on a https: web page.
> >
> > The issue I have with that is one of trust: In the end, I just have to
> > trust whatever the Root Certification Authority is. Or actually, I have
> to
> > trust Microsoft to have correctly verified the identity of that RCA and
> the
> > integrity of the certificate they present, because it is MS that
> installed
> > that certificate in my browser. (s/MS/Google/g for Chrome...)
> >
> > Cheers,
> >
> > Jantje.
> >
> > --
> > For IBM-MAIN subscribe / signoff / archive access instructions,
> > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
> >
>
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
>

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: BSAM vs QSAM

2017-02-04 Thread David W Noon 
On Sat, 4 Feb 2017 13:24:41 -0500, Jim Mulder (d10j...@us.ibm.com) wrote
about "Re: BSAM vs QSAM" (in
):

>  I asked Wayne Rhoten.  His recollection is that SAMe GAed as a product 
> around 1978,
> and was integrated in the early 1980s. 

This gels with my experience.

In the early 1980s I was working as a GCOS systems programmer on
Honeywell/GE mainframes, with little contact with IBM boxes. When I
returned to the IBM fold (c. 1984) I found that SAM had been largely
re-architected and was much as we see it today (except it was still
24-bit). The revised SAM was definitely bundled with DFP/XA, but did not
become 31-bit code until MVS/XA SP 2.2.
-- 
Regards,

Dave  [RLU #314465]
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
david.w.n...@googlemail.com (David W Noon)
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*

 

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: BSAM vs QSAM

2017-02-04 Thread Anne & Lynn Wheeler 
013a910fd252-dmarc-requ...@listserv.ua.edu (David W Noon) writes:
> All of the buffer fills and buffer flushes occur quite separately from
> the application program. The EXCP macro is a wonderful thing.

A big problem with the EXCP semantics ... it had applications (and/or
libraries running in application space) to build channel programs/CCWs
in the application space. EXCP then takes the passed channel program
pointer and initiates the I/O.

In the move to all virtual memory ... the big problem is that channel
programs (CCWs) execute with real addresses ... after virtual memory,
all the channel programs were being built with virtual addresses. The
original justification for moving everything to virtual memory was the
horrible MVT storage management (regions required to be four times
larger than typically used) ... typical 370/165 with 1mbyte memory ran
four regions. Moving to virtual memory could increase number of regions
by a factor of four with little or no paging, the increase level of
concurrent activity significantly increasing system throughput (as disks
were increasingly becoming system throughput bottleneck). Old post with
quotes from person directly involved
http://www.garlic.com/~lynn/2011d.html#73 Multiple Virtual Memory

The initial implementation VS2 release 1 (SVS) did a little bit of code
to have single 16mbyte virtual address space ... with MVT layed out as
if running in 16mbyte real machine. The majority of the code was in EXCP
having to create a copy of the passed channel programs, substituting
real addresses for the virtual addresses ... the code was borrowed by
taking CCWTRANS from (virtual machine) CP67.

The move to release 2, MVS involved (sort of) giving each application a
16mbyte virtual address space. However, the extensive MVT
pointer-passing convention required giving 8mbytes of each address space
half the 16mbyte for image of the MVS supervisor. Then because MVT
subsystems were moved to their own separate address spaces ... to enable
pointer passing convention between applications and subsystems, they had
to be stuffed into the "common segment" to support pointer passing API
convention. Starts out as single one mbyte segment, but because the
space needed is somewhat proportional to concurrent activity, number of
subsystems, etc ... it evolves to CSA ... larger systems with 4-6mbytes
CSA ... leaving 2-4mbytes for applications. Late in 3033 period, CSAs
were threatening to expand to 8mbytes ... leaving no available space in
16mbytes for application use.

Also from CP67, charlie had invented compare&swap while working on CP67
fine-grain multiprocessor locking (compare&swap chosen because CAS are
his initials). Initial attempts to get it included in 370 were rebuffed
because the POK favorite son operating system people said it wasn't
needed. 370 architecture people said to justify compare&swap, needed
uses other than kernel locking. Thus were born the uses that still
appear in the appendex of principles of operation ... including
wait/post ECB

ECB
https://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.2.0/com.ibm.zos.v2r2.idas300/ecb.htm
wait/post
http://www.ibm.com/support/knowledgecenter/en/SSLTBW_2.1.0/com.ibm.zos.v2r1.ieaa600/tasks.htm

-- 
virtualization experience starting Jan1968, online at home since Mar1970

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: BSAM vs QSAM

2017-02-04 Thread Jim Mulder 
> Is this still, as Ed recalls, part of a separately-priced SAMe feature?
 
 I asked Wayne Rhoten.  His recollection is that SAMe GAed as a product 
around 1978,
and was integrated in the early 1980s. 

Jim Mulder z/OS Diagnosis, Design, Development, Test  IBM Corp. 
Poughkeepsie NY





--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: BSAM vs QSAM

2017-02-04 Thread David W Noon 
On Sat, 4 Feb 2017 02:06:16 +, Jesse 1 Robinson
(jesse1.robin...@sce.com) wrote about "Re: BSAM vs QSAM" (in
):

> I'm bowled over by David Noon's post.

Pleased to be of service. ... :-)

> I did not know that QSAM allowed asynchronous I/O operations and have not 
> looked
> into coding requirements.

The operations are synchronous at the application level, but
asynchronous for the physical I/O transfers.

> At the same time I contend that system managed interleaving is not the same 
> thing.
> While it undoubtedly speeds up I/O for 'traditional' QSAM, the application 
> program
> remains in a WAIT during all the background happenings and cannot
independently
> fiddle with bits and bytes pending I/O completion.

The I/O transfers are behind an opaque API. They run asynchronously from
the program, but the program synchronizes every time it uses a QSAM API
(i.e. a GET or a PUT).

With a decent sized buffer pool, most GET requests return immediately
with the required record. The program only occasionally enters a
WAIT/CHECK condition.

Similarly, most PUT operations copy the data record from the work area
into the buffer pool and return to the program immediately. The buffer
will be queued for flushing when it becomes full.

All of the buffer fills and buffer flushes occur quite separately from
the application program. The EXCP macro is a wonderful thing.
-- 
Regards,

Dave  [RLU #314465]
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
david.w.n...@googlemail.com (David W Noon)
*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*

 

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: BSAM vs QSAM

2017-02-04 Thread Charles Mills 
> Anyway, if you have to ask whether to use QSAM or BSAM, the answer is always 
> QSAM.
EXACTLY! 
CharlesSent from a mobile; please excuse the brevity.
 Original message From: Steve Smith  Date: 
2/4/17  9:29 AM  (GMT-08:00) To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: BSAM vs 
QSAM 
I haven't heard of SAME for years, my bet is it was integrated.  And why
would update have any effect on read-ahead?  QSAM fills all the buffers it
gets, and keeps them full.  It can and does keep track of where you are vs.
where it is quite easily.

Anyway, if you have to ask whether to use QSAM or BSAM, the answer is
always QSAM.  Getting better performance with BSAM requires both unusual
requirements, and considerable knowledge and skill; not to mention more
time, effort, complexity.

sas

On Sat, Feb 4, 2017 at 12:09 PM, Paul Gilmartin <
000433f07816-dmarc-requ...@listserv.ua.edu> wrote:

> ...
> I suspect that if the programmer upens for Update the access method
> can't know whether to read-ahead.
>
> ...



> Is this still, as Ed recalls, part of a separately-priced SAMe feature?
>
> Thanks,
> gil
>
>
-- 
sas

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN


--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: BSAM vs QSAM

2017-02-04 Thread Steve Smith 
I haven't heard of SAME for years, my bet is it was integrated.  And why
would update have any effect on read-ahead?  QSAM fills all the buffers it
gets, and keeps them full.  It can and does keep track of where you are vs.
where it is quite easily.

Anyway, if you have to ask whether to use QSAM or BSAM, the answer is
always QSAM.  Getting better performance with BSAM requires both unusual
requirements, and considerable knowledge and skill; not to mention more
time, effort, complexity.

sas

On Sat, Feb 4, 2017 at 12:09 PM, Paul Gilmartin <
000433f07816-dmarc-requ...@listserv.ua.edu> wrote:

> ...
> I suspect that if the programmer upens for Update the access method
> can't know whether to read-ahead.
>
> ...



> Is this still, as Ed recalls, part of a separately-priced SAMe feature?
>
> Thanks,
> gil
>
>
-- 
sas

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: BSAM vs QSAM

2017-02-04 Thread Edward Gould 
>> 
> Is this still, as Ed recalls, part of a separately-priced SAMe feature?
No it was integrated into the base (with XA?? its been a LONG time).
> 
> Thanks,
> gil
> 
> --
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Re: BSAM vs QSAM

2017-02-04 Thread Paul Gilmartin 
On Sat, 4 Feb 2017 01:49:13 -0500, Jim Mulder wrote:

>  There are no coding requirements for the application,  When you do 
>a QSAM OPEN for Input,  the first read-ahead I/Os are scheduled by OPEN,
>and the application program can proceed without waiting  after the OPEN at 
>least to the point of doing the first GET.  Subsequent read-ahead I/Os can 
>overlap with the  application program processing.
>
>  Similarly for QSAM output, the application program can be doing PUTs  into 
>buffers while output I/O is in progress for  previously  filled output buffers.
> 
I suspect that if the programmer upens for Update the access method
can't know whether to read-ahead.

>  The application program  has little control over this, other than some 
>DCB/DCBE parameters. 
> 
Is this still, as Ed recalls, part of a separately-priced SAMe feature?

Thanks,
gil

--
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN