I'm starting to tailor SLES10 with SP1.
I'm starting to tailor SLES10 with SP1. I first bring in VSFTPD. However, when I try to FTP to SLES10 from DOS, I get the following on the console: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC= SRC=192.168.3.20 DST=192.168.193.150 LEN =48 TOS=0x00 PREC=0x00 TTL=127 ID=15462 DF PROTO=TCP SPT=1187 DPT=21 WINDOW=6553 5 RES=0x00 SYN URGP=0 OPT (020405B401010402) SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC= SRC=192.168.3.20 DST=192.168.193.150 LEN =48 TOS=0x00 PREC=0x00 TTL=127 ID=15467 DF PROTO=TCP SPT=1187 DPT=21 WINDOW=6553 5 RES=0x00 SYN URGP=0 OPT (020405B401010402) SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC= SRC=192.168.193.150 DST=239.255.255.253 LEN=77 TOS=0x00 PREC=0x00 TTL=8 ID=0 DF PROTO=UDP SPT=1027 DPT=427 LEN=57 C:\>>ftp 192.168.193.150 > ftp: connect :Unknown error number ftp> So I turn off the firewall, now I get: Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:\>>ftp 192.168.193.150 Connected to 192.168.193.150. 500 OOPS: could not bind listening IPv4 socket Connection closed by remote host. C:\>> SLES10 seems to have a lot more packages running as a default. Some of them may be good, some I'm not so sure of. Currently I call the new stuff "crap" (crap is a technical term that means something that I don't understand, yet) This firewall thing, may be of some interest. Currently, I don' understand the need within a mainframe environment. The Network group has fire walls, surrounding the building anyway. Anyway, how do I make FTP work again? BTW, someone spent a lot of time on the Installation and Administration manual. Has a lot of interesting stuff in there. Perhaps, to be consistent about it, it has a lot of interesting crap in there. Tom Duerbusch THD Consulting -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: I'm starting to tailor SLES10 with SP1.
Ok finally got it. The default in SLES10 is "sftp" i.e. encrypted FTP. I tested it for a whileI think I will figure out how to go back to ftp. FTP from my PC to Linux with my 100 Mb card in the PC, use to take 90% of the card and perhaps 5% cpu utilization of my IFL. SFTP from my PC to Linux takes about 25% of my 100 Mb card in the PC, and uses 45% cpu utilization of my IFL. sftp may be good for that data you need to keep secure, but I can do without the overhead when sending most of my stuff. Tom Duerbusch THD Consulting >>> Tom Duerbusch 8/17/2007 10:26 AM >>> I'm starting to tailor SLES10 with SP1. I first bring in VSFTPD. However, when I try to FTP to SLES10 from DOS, I get the following on the console: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC= SRC=192.168.3.20 DST=192.168.193.150 LEN =48 TOS=0x00 PREC=0x00 TTL=127 ID=15462 DF PROTO=TCP SPT=1187 DPT=21 WINDOW=6553 5 RES=0x00 SYN URGP=0 OPT (020405B401010402) SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC= SRC=192.168.3.20 DST=192.168.193.150 LEN =48 TOS=0x00 PREC=0x00 TTL=127 ID=15467 DF PROTO=TCP SPT=1187 DPT=21 WINDOW=6553 5 RES=0x00 SYN URGP=0 OPT (020405B401010402) SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC= SRC=192.168.193.150 DST=239.255.255.253 LEN=77 TOS=0x00 PREC=0x00 TTL=8 ID=0 DF PROTO=UDP SPT=1027 DPT=427 LEN=57 C:\>>ftp 192.168.193.150 > ftp: connect :Unknown error number ftp> So I turn off the firewall, now I get: Microsoft Windows XP [Version 5.1.2600] (C) Copyright 1985-2001 Microsoft Corp. C:\>>ftp 192.168.193.150 Connected to 192.168.193.150. 500 OOPS: could not bind listening IPv4 socket Connection closed by remote host. C:\>> SLES10 seems to have a lot more packages running as a default. Some of them may be good, some I'm not so sure of. Currently I call the new stuff "crap" (crap is a technical term that means something that I don't understand, yet) This firewall thing, may be of some interest. Currently, I don' understand the need within a mainframe environment. The Network group has fire walls, surrounding the building anyway. Anyway, how do I make FTP work again? BTW, someone spent a lot of time on the Installation and Administration manual. Has a lot of interesting stuff in there. Perhaps, to be consistent about it, it has a lot of interesting crap in there. Tom Duerbusch THD Consulting -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: I'm starting to tailor SLES10 with SP1.
> -Original Message- > From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On > Behalf Of Tom Duerbusch > Sent: Monday, August 20, 2007 3:26 PM > To: LINUX-390@VM.MARIST.EDU > Subject: Re: I'm starting to tailor SLES10 with SP1. > > > Ok finally got it. > > The default in SLES10 is "sftp" i.e. encrypted FTP. > > I tested it for a whileI think I will figure out how to > go back to ftp. > > FTP from my PC to Linux with my 100 Mb card in the PC, use to > take 90% of the card and perhaps 5% cpu utilization of my IFL. > > SFTP from my PC to Linux takes about 25% of my 100 Mb card in > the PC, and uses 45% cpu utilization of my IFL. > > sftp may be good for that data you need to keep secure, but I > can do without the overhead when sending most of my stuff. > > Tom Duerbusch > THD Consulting Just to be a pain-in-the-seat pendant: sftp is not really encrpyted ftp. It is ftp-like function in OpenSSH. Encrypted ftp is ftps and uses TLS(?). From what I recall, OpenSSH does not use the built in crypto engines on a System z, which is why it takes so much CPU. I think that ftps can use the crypto engines, if you have them (but don't rely on my memory for this). -- John McKown Senior Systems Programmer HealthMarkets Keeping the Promise of Affordable Coverage Administrative Services Group Information Technology The information contained in this e-mail message may be privileged and/or confidential. It is for intended addressee(s) only. If you are not the intended recipient, you are hereby notified that any disclosure, reproduction, distribution or other use of this communication is strictly prohibited and could, in certain circumstances, be a criminal offense. If you have received this e-mail in error, please notify the sender by reply and delete this message without copying or disclosing it. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: I'm starting to tailor SLES10 with SP1.
>>> On Mon, Aug 20, 2007 at 4:34 PM, in message <[EMAIL PROTECTED]>, "McKown, John" <[EMAIL PROTECTED]> wrote: -snip- > From what I recall, OpenSSH does > not use the built in crypto engines on a System z, which is why it takes > so much CPU. I think that ftps can use the crypto engines, if you have > them (but don't rely on my memory for this). OpenSSH will if you configure OpenSSL to use libica from IBM. Mark Post -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: I'm starting to tailor SLES10 with SP1.
> OpenSSH will if you configure OpenSSL to use libica from IBM. Are you SURE? After I got OpenSSL using libica correctly, I spent about three months trying to make it work with OpenSSH and never got anywhere. Do you have a recipe? ok r. -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
Re: I'm starting to tailor SLES10 with SP1.
>>> On Mon, Aug 20, 2007 at 5:20 PM, in message <[EMAIL PROTECTED]>, "Stricklin, Raymond J" <[EMAIL PROTECTED]> wrote: >> OpenSSH will if you configure OpenSSL to use libica from IBM. > > Are you SURE? After I got OpenSSL using libica correctly, I spent about > three months trying to make it work with OpenSSH and never got anywhere. > Do you have a recipe? Reasonably so, without having actually done it (I trust the IBMer who gave the presentation on it). What version of what distribution are you using? Exactly what did you do to enable libica in OpenSSL? According to the openssl-ibmca package, there's a fair amount of "stuff" that needs to be appended to /etc/ssl/openssl.cnf. What did you do to try to get OpenSSH to use it? Mark Post -- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
