SSH Tectia  
Previous Next Up [Contents] [Index]

    About This Document >>
    Installing SSH Tectia Server for IBM z/OS >>
    Using SSH Tectia Server for IBM z/OS >>
    Configuring the Server >>
    Configuring the Client >>
    Authentication >>
    Troubleshooting SSH Tectia Server for IBM z/OS >>
    Examples of Use >>
        Secure File Transfers Using the z/OS Client>>
            Interactive File Transfers Using the z/OS Client
            Unattended File Transfers Using the z/OS Client
            File Transfers Using FTP Tunneling
        Secure File Transfers Using Windows and Unix Clients>>
        Submitting JCL Jobs over Secure Shell
        Debugging SSH Tectia Server for IBM z/OS>>
        Example of Distributing Keys >>
    Man Pages >>
    Log Messages >>

File Transfers Using FTP Tunneling

Instead of using scp2 and sftp2 for secure file transfers, ssh2 can be used to tunnel FTP traffic.

The first step is to open an ssh2 connection to the server using local FTP tunneling. The second step is to configure existing FTP steps to connect to a specified localhost port. After that all FTP traffic including authentication is tunneled through the Secure Shell connection. If the connection was not launched in one-shot mode, the last step is to quit the ssh2 connection.

The sample scripts shown in this section can also be found in the /usr/lpp/ssh2/doc/zOS/SAMPLIB directory.

Example 1: Using FTP tunneling in normal mode.

Using normal tunneling mode, several FTP steps can be included to one JCL. The example below contains two separate FTP steps. 

/* SSH2FTP - Tunnel FTP connection
/*
/* Required environment variables are defined using
/* SSHENV DD card. Required variables are
/* _CEE_RUNOPTS=FILETAG(AUTOCVT,NOAUTOTAG),TRAP(ON)
/* _BPXK_AUTOCVT=ON
/*
/* ssh2 connects to remote server and creates local listener
/* for FTP to port 8888. Process ID is written to a file.
/*
/* Two FTP steps. FTP steps are configured to connect to
/* localhost port 8888.
/*
/* Last step stops the ssh2 connection and closes the tunnel.
/*
//SSH2    EXEC PGM=IKJEFT01,
//             DYNAMNBR=75,
//             TIME=100,
//             REGION=6M
//SYSPRINT DD  SYSOUT=*
//SYSTSPRT DD  SYSOUT=*                                                         
//SYSTERM  DD  DUMMY
//STDOUT   DD  PATH='/home/&SYSUID./scp2ftp_stdout',
//             PATHOPTS=(OWRONLY,OCREAT,OTRUNC),
//             PATHMODE=SIRWXU
//STDERR   DD  PATH='/home/&SYSUID./scp2ftp_stderr',
//             PATHOPTS=(OWRONLY,OCREAT,OTRUNC),
//             PATHMODE=SIRWXU
//STDENV   DD  DSN=USER1.SAMPLIB(SSHENV),
//             DISP=SHR
//SYSTSIN  DD  *
  BPXBATCH PGM /usr/lpp/ssh2/bin/ssh2 -S -f +
        -oPidfile=/tmp/my_ssh2.pid +
        -L ftp/8888:localhost:21 +
        user@ftp_server
/*
//FTP       EXEC PGM=FTP,PARM='localhost 8888 (EXIT=8'
//SYSPRINT  DD  SYSOUT=*                                                        
//SYSIN     DD  *
username   passwd
ascii
get ftp_test.txt 'USER.FTP.TEST'
quit
/*
//FTP       EXEC PGM=FTP,PARM='localhost 8888 (EXIT=8'
//SYSPRINT  DD  SYSOUT=*
//SYSIN     DD  *
username   passwd
ascii
put 'USER.FTP.TEST2' result.txt
quit
/*                                                                              
//SSH2STOP     EXEC PGM=BPXBATCH,
//             REGION=0M,
//             TIME=NOLIMIT,
//             PARM='SH kill `cat /tmp/my_ssh2.pid`'
//STDOUT   DD  PATH='/home/&SYSUID./ssh2stop_stdout',
//             PATHOPTS=(OWRONLY,OCREAT,OTRUNC),
//             PATHMODE=SIRWXU
//STDERR   DD  PATH='/home/&SYSUID./ssh2stop_stderr',
//             PATHOPTS=(OWRONLY,OCREAT,OTRUNC),
//             PATHMODE=SIRWXU
/*

Example 2: Using FTP in one-shot mode.

If the Secure Shell connection is run in one-shot mode, the connection is automatically disconnected after the last channel is closed, in this case after the FTP step is executed. 

/* SSH2FTP2 - Tunnel FTP connection
/*
/* Required environment variables are defined using
/* SSHENV DD card. Required variables are
/* _CEE_RUNOPTS=FILETAG(AUTOCVT,NOAUTOTAG),TRAP(ON)
/* _BPXK_AUTOCVT=ON
/*
/* ssh2 connects to remote server and creates local listener
/* for FTP to port 8888. Process ID is written to a file.
/*
/* ssh2 is started to one-shot mode that means that
/* the connection is automatically closed after the FTP session
/*
/* FTP step that is configured to connect to
/* localhost port 8888.
/*
//SSH2    EXEC PGM=IKJEFT01,
//             DYNAMNBR=75,
//             TIME=100,
//             REGION=6M
//SYSPRINT DD  SYSOUT=*
//SYSTSPRT DD  SYSOUT=*
//SYSTERM  DD  DUMMY
//STDOUT   DD  PATH='/home/&SYSIUD./scp2ftp_stdout',
//             PATHOPTS=(OWRONLY,OCREAT,OTRUNC),
//             PATHMODE=SIRWXU
//STDERR   DD  PATH='/home/&SYSIUD./scp2ftp_stderr',
//             PATHOPTS=(OWRONLY,OCREAT,OTRUNC),
//             PATHMODE=SIRWXU
//STDENV   DD  DSN=USER.SAMPLIB(SSHENV),
//             DISP=SHR
//SYSTSIN  DD  *
  BPXBATCH PGM /usr/lpp/ssh2/bin/ssh2 -S -fo +
        -L ftp/8888:localhost:21 +
        user@server
/*
//FTP       EXEC PGM=FTP,PARM='localhost 8888 (EXIT=8'
//SYSPRINT  DD  SYSOUT=*
//SYSIN     DD  *
username    password
ascii
get ftp_test.txt 'USER.FTP.FO.TEST'
quit
/*

Previous Next Up [Contents] [Index]

[ Contact Information | Support | Feedback | SSH Home Page | SSH Products ]

Copyright © 2006 SSH Communications Security Corp.
This software is protected by international copyright laws. All rights reserved.
Copyright Notice