Open SSH on VM
Folks, Anybody out there done the port of OPEN-SSH to VM's OE envirornment? Brian Ferguson EDS VM Capability
Re: Open SSH on VM
Yeah ... we need an SSH client too. (We have a sort-of server, but that's another story.) I tried to build OpenSSL and then OpenSSH on z/OS (USS), but could not get the ./configure step to behave. In particular, both scripts get wedged on a shell file descriptor. (Other packages which follow the standard recipe build pretty well on USS.) Given this wonderful cradle (I think it's an LE thing), you can take binaries from USS and run them on OpenVM without additional work. Very nice! ... if they'll just build in the first place. The single biggest challenge on OpenVM (compared to USS) is how it handles fork(). Long story. Not for now. We have the z/OS OpenSSH package (in its SMP/E wrapper). SSH to/from z/OS works just fine. I find that the 'ssh' executable from that runs directly on OpenVM, but fails when it tries to generate (or collect?) entropy or some other step in the encryption game. To be specific, if you enter ssh it gives you the help, but if you enter ssh remotehost it ABENDs. I tried replacing the support program that I thought SSH was after with something that did not ABEND. Didn't help. That was some time back. -- R; Brian Ferguson [EMAIL PROTECTED] Sent by: The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU 02/01/2007 12:24 PM Please respond to The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU From Brian Ferguson [EMAIL PROTECTED] To IBMVM@LISTSERV.UARK.EDU cc Subject Open SSH on VM Folks, Anybody out there done the port of OPEN-SSH to VM's OE envirornment? Brian Ferguson EDS VM Capability
Re: Open SSH on VM
Have you tried the scp command from the OpenSSH package? I need secure fi le copy from CMS more than I need a secure terminal session. But 'ssh target command to execute at target' would be nice to execute from CMS. I can deal with generating the public/private keys on one of my Linux svms or o n a linux/86 platform. Were you able to use some of the commands from the OpenSSL package, such as to encrypt a data file with some public/private key? /Tom Kern /301-903-2211 On Thu, 1 Feb 2007 12:43:08 -0500, Richard Troth [EMAIL PROTECTED] wrote: Yeah ... we need an SSH client too. (We have a sort-of server, but that's another story.) I tried to build OpenSSL and then OpenSSH on z/OS (USS), but could not get the ./configure step to behave. In particular, both scripts get wedged on a shell file descriptor. (Other packages which follow the standard recipe build pretty well on USS.) Given this wonderful cradl e (I think it's an LE thing), you can take binaries from USS and run the m on OpenVM without additional work. Very nice! ... if they'll just build in the first place. The single biggest challenge on OpenVM (compared to USS) is how it handles fork(). Long story. Not for now. We have the z/OS OpenSSH package (in its SMP/E wrapper). SSH to/from z/OS works just fine. I find that the 'ssh' executable from that runs directly on OpenVM, but fails when it tries to generate (or collect?) entropy or some other step in the encryption game. To be specific, if you enter ssh it gives you the help, but if you enter ssh remotehost it ABENDs. I tried replacing the support program that I thought SSH was after with something that did not ABEND. Didn't help. That was some time back. -- R;
Re: Open SSH on VM
On Thursday, 02/01/2007 at 12:43 EST, Richard Troth [EMAIL PROTECTED] wrote: I tried to build OpenSSL and then OpenSSH on z/OS (USS), but could not get the ./configure step to behave. In particular, both scripts get wedged on a shell file descriptor. (Other packages which follow the standard recipe build pretty well on USS.) Given this wonderful cradle (I think it's an LE thing), you can take binaries from USS and run them on OpenVM without additional work. Very nice! ... if they'll just build in the first place. That isn't true, Sir Rick. The cradle is customized to the specific calls the application makes. It could make unsupported (in CMS) LE library calls, exploit MVS Callable Services, issue Program Call or other DAT ON instructions, etc. The single biggest challenge on OpenVM (compared to USS) is how it handles fork(). Long story. Not for now. We have the z/OS OpenSSH package (in its SMP/E wrapper). SSH to/from z/OS works just fine. I find that the 'ssh' executable from that runs directly on OpenVM, but fails when it tries to generate (or collect?) entropy or some other step in the encryption game. Yep. z/OS has it; z/VM doesn't. The name of the routine escapes me Alan Altmark z/VM Development IBM Endicott
Re: Open SSH on VM
SCP uses SSH under the covers. Your local SCP uses SSH to connect with a partner SCP. From what I have seen, it does spawn a second process on the local side, so it's the same SSH command people would execute for non-SCP work. Multiple processes is cumbersome, and on CMS (OpenVM) is particularly heavy and can be messy. Though I can see why the authors would find the implementation easier that way. I have never tried switching out what SCP uses for the session layer. It's not clear that you can change SCP's use of SSH. The command at target implies that SSH (and SCP) was installed outside of the default command search, in which case the partner SCP must be fully named. Experience with the z/OS SSH package confirms that you can generate your keys on a Unix system (or Linux or CYGWIN). They're stored as plain text. -- R; Thomas Kern [EMAIL PROTECTED] Sent by: The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU 02/01/2007 01:54 PM Please respond to The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU From Thomas Kern [EMAIL PROTECTED] To IBMVM@LISTSERV.UARK.EDU cc Subject Re: Open SSH on VM Have you tried the scp command from the OpenSSH package? I need secure file copy from CMS more than I need a secure terminal session. But 'ssh target command to execute at target' would be nice to execute from CMS. I can deal with generating the public/private keys on one of my Linux svms or on a linux/86 platform. Were you able to use some of the commands from the OpenSSL package, such as to encrypt a data file with some public/private key? /Tom Kern /301-903-2211 On Thu, 1 Feb 2007 12:43:08 -0500, Richard Troth [EMAIL PROTECTED] wrote: Yeah ... we need an SSH client too. (We have a sort-of server, but that's another story.) I tried to build OpenSSL and then OpenSSH on z/OS (USS), but could not get the ./configure step to behave. In particular, both scripts get wedged on a shell file descriptor. (Other packages which follow the standard recipe build pretty well on USS.) Given this wonderful cradle (I think it's an LE thing), you can take binaries from USS and run them on OpenVM without additional work. Very nice! ... if they'll just build in the first place. The single biggest challenge on OpenVM (compared to USS) is how it handles fork(). Long story. Not for now. We have the z/OS OpenSSH package (in its SMP/E wrapper). SSH to/from z/OS works just fine. I find that the 'ssh' executable from that runs directly on OpenVM, but fails when it tries to generate (or collect?) entropy or some other step in the encryption game. To be specific, if you enter ssh it gives you the help, but if you enter ssh remotehost it ABENDs. I tried replacing the support program that I thought SSH was after with something that did not ABEND. Didn't help. That was some time back. -- R;
Re: Open SSH on VM
I was not clear: I meant to say that you can take some binaries from USS and run them on OpenVM. And this appears to be a design point of the cradle, based on a SHARE session I attended some time back. (Gotta love SHARE! I have friends who actually get to attend ... occasionally.) -- R; Alan Altmark [EMAIL PROTECTED] Sent by: The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU 02/01/2007 01:56 PM Please respond to The IBM z/VM Operating System IBMVM@LISTSERV.UARK.EDU From Alan Altmark [EMAIL PROTECTED] To IBMVM@LISTSERV.UARK.EDU cc Subject Re: Open SSH on VM On Thursday, 02/01/2007 at 12:43 EST, Richard Troth [EMAIL PROTECTED] wrote: I tried to build OpenSSL and then OpenSSH on z/OS (USS), but could not get the ./configure step to behave. In particular, both scripts get wedged on a shell file descriptor. (Other packages which follow the standard recipe build pretty well on USS.) Given this wonderful cradle (I think it's an LE thing), you can take binaries from USS and run them on OpenVM without additional work. Very nice! ... if they'll just build in the first place. That isn't true, Sir Rick. The cradle is customized to the specific calls the application makes. It could make unsupported (in CMS) LE library calls, exploit MVS Callable Services, issue Program Call or other DAT ON instructions, etc. The single biggest challenge on OpenVM (compared to USS) is how it handles fork(). Long story. Not for now. We have the z/OS OpenSSH package (in its SMP/E wrapper). SSH to/from z/OS works just fine. I find that the 'ssh' executable from that runs directly on OpenVM, but fails when it tries to generate (or collect?) entropy or some other step in the encryption game. Yep. z/OS has it; z/VM doesn't. The name of the routine escapes me Alan Altmark z/VM Development IBM Endicott
Re: Open SSH on VM
On Feb 1, 2007, at 2:44 PM, Richard Troth wrote: SCP uses SSH under the covers. In fact, isn't it basically a screen-scraper? Adam
Re: Open SSH on VM
We regularly use the scp command in batch job on the z/OS side and I have generated the keys in my linux under z/VM system. It is much easier for m e to do it than to teach the cobol developers. I know that scp uses the ssh protocol but I was hoping that since it does not need more than a linemode session on the local host that it would for k less or invoke less terminal related processes and therefore be easier to port to CMS. It would be nice if there was a straight forward implementat ion of filecopy and command submission wrapped in the ssh protocol, like the pscp and plink commands from PuTTY. /Tom Kern On Thu, 1 Feb 2007 15:44:34 -0500, Richard Troth [EMAIL PROTECTED] wrote: SCP uses SSH under the covers. Your local SCP uses SSH to connect with a partner SCP. From what I have seen, it does spawn a second process on the local side, so it's the same SSH command people would execute for non-SCP work. Multiple processes is cumbersome, and on CMS (OpenVM) is particularly heavy and can be messy. Though I can see why the authors would find the implementation easier that way. I have never tried switching out what SCP uses for the session layer. It 's not clear that you can change SCP's use of SSH. The command at target implies that SSH (and SCP) was installed outside of the default command search, in which case the partner SCP must be fully named. Experience with the z/OS SSH package confirms that you can generate your keys on a Unix system (or Linux or CYGWIN). They're stored as plain text. -- R;
Re: Open SSH on VM
-Original Message- From: The IBM z/VM Operating System [mailto:[EMAIL PROTECTED] On Behalf Of Adam Thornton Sent: Thursday, February 01, 2007 2:58 PM To: IBMVM@LISTSERV.UARK.EDU Subject: Re: Open SSH on VM On Feb 1, 2007, at 2:44 PM, Richard Troth wrote: SCP uses SSH under the covers. In fact, isn't it basically a screen-scraper? Adam Screen scraper? I don't know if I would call it that. But you can do the same thing via: cat file | ssh [EMAIL PROTECTED] 'cat ~/file' instead of scp file [EMAIL PROTECTED]: So I guess that you could consider it a screen scraper in that it redirects stdin and stdout appropriately. -- John McKown Senior Systems Programmer HealthMarkets Keeping the Promise of Affordable Coverage Administrative Services Group Information Technology The information contained in this e-mail message may be privileged and/or confidential. It is for intended addressee(s) only. If you are not the intended recipient, you are hereby notified that any disclosure, reproduction, distribution or other use of this communication is strictly prohibited and could, in certain circumstances, be a criminal offense. If you have received this e-mail in error, please notify the sender by reply and delete this message without copying or disclosing it.