SSH Tectia  
Previous Next Up [Contents] [Index]

    About This Document >>
    Installing SSH Tectia Server for IBM z/OS >>
    Getting Started with SSH Tectia Server for IBM z/OS >>
    Configuring the Server >>
    Configuring the Client >>
    Authentication >>
    File Transfer Using SFTP >>
    File Transfer Using Transparent FTP Tunneling >>
    Tunneling on the Command Line >>
        Local Tunnels >>
        Remote Tunnels >>
        Tunneling FTP on the Command Line >>
            Tunneling FTP in Passive Mode
            Tunneling FTP in Active Mode
            Examples of FTP Tunneling
        Agent Forwarding
    Troubleshooting SSH Tectia Server for IBM z/OS >>
    Advanced Information >>
    Man Pages >>
    Log Messages >>

Examples of FTP Tunneling

To tunnel FTP, do the following steps:

  1. Open an ssh2 connection to the server using local FTP tunneling.
  2. Configure existing FTP steps to connect to a specified localhost port.
  3. After that all FTP traffic including authentication is tunneled through the Secure Shell connection.
  4. If the connection was not launched in one-shot mode, after the FTP session is completed, quit the ssh2 connection.

The sample scripts shown in this section can also be found in the /usr/lpp/ssh2/doc/zOS/SAMPLIB directory.

When adapting the examples to real life, note that the local port number used for the secure listener must be unique for each instance of the script which can get run concurrently.

Example 1: Using FTP tunneling in normal mode.

Using normal tunneling mode, several FTP steps can be included to one JCL. The example below (SSH2FTPfrom SAMPLIB) contains two separate FTP steps.

//SSH2    EXEC PGM=IKJEFT1A,
//             DYNAMNBR=75,
//             TIME=1440,
//             REGION=6M
//SYSPRINT DD  SYSOUT=*
//SYSTSPRT DD  SYSOUT=*
//SYSTERM  DD  DUMMY
//STDOUT   DD  PATH='/tmp/&SYSUID.-SCP2FTP.out',
//             PATHOPTS=(OWRONLY,OCREAT,OTRUNC),
//             PATHMODE=(SIRUSR,SIWUSR)
//STDERR   DD  PATH='/tmp/&SYSUID.-SCP2FTP.err',
//             PATHOPTS=(OWRONLY,OCREAT,OTRUNC),
//             PATHMODE=(SIRUSR,SIWUSR)
<<<<<<< .working
//STDENV   DD  DSN=&SYSUID..SSZ.SRVR551.PARMLIB(SSHENV),
//             DISP=SHR
//SYSTSIN  DD  *
  BPXBATCH PGM /usr/lpp/ssh2/bin/ssh2 -S -f +
        -oPidfile=/tmp/my_ssh2.pid +
        -L ftp/8888:localhost:21 +
        user@ftp_server
/*
//FTP       EXEC PGM=FTP,PARM='localhost 8888 (EXIT=8'
//SYSPRINT  DD  SYSOUT=*
//SYSIN     DD  *
username   passwd
ascii
get ftp_test.txt 'USER.FTP.TEST'
quit
/*
//FTP       EXEC PGM=FTP,PARM='localhost 8888 (EXIT=8'
//SYSPRINT  DD  SYSOUT=*
//SYSIN     DD  *
username   passwd
ascii
put 'USER.FTP.TEST2' result.txt
quit
/*
//SSH2STOP     EXEC PGM=BPXBATCH,
//             REGION=0M,
//             TIME=100,
//             PARM='SH kill `cat /tmp/my_ssh2.pid`'
//STDOUT   DD  PATH='/tmp/&SYSUID.-SSH2STOP.out',
//             PATHOPTS=(OWRONLY,OCREAT,OTRUNC),
//             PATHMODE=(SIRUSR,SIWUSR)
//STDERR   DD  PATH='/tmp/&SYSUID.-SSH2STOP.err',
//             PATHOPTS=(OWRONLY,OCREAT,OTRUNC),
//             PATHMODE=(SIRUSR,SIWUSR)
/*

Example 2: Using FTP in one-shot mode.

If the Secure Shell connection is run in one-shot mode, the connection is automatically disconnected after the last channel is closed, in this case after the FTP step is executed (SSH2FTP2from SAMPLIB).

//SSH2    EXEC PGM=IKJEFT1A,
//             DYNAMNBR=75,
//             TIME=1440,
//             REGION=6M
//SYSPRINT DD  SYSOUT=*
//SYSTSPRT DD  SYSOUT=*
//SYSTERM  DD  DUMMY
//STDOUT   DD  PATH='/tmp/&SYSUID.-SSH2FTP2.out',
//             PATHOPTS=(OWRONLY,OCREAT,OTRUNC),
//             PATHMODE=(SIRUSR,SIWUSR)
//STDERR   DD  PATH='/tmp/&SYSUID.-SSH2FTP2.err',
//             PATHOPTS=(OWRONLY,OCREAT,OTRUNC),
//             PATHMODE=(SIRUSR,SIWUSR)
//STDENV   DD  DSN=&SYSUID..SSZ.SRVR551.PARMLIB(SSHENV),
//             DISP=SHR
//SYSTSIN  DD  *
  BPXBATCH PGM /usr/lpp/ssh2/bin/ssh2 -S -fo +
        -L ftp/8888:localhost:21 +
        user@ftp_server
/*
//FTP       EXEC PGM=FTP,PARM='localhost 8888 (EXIT=8'
//SYSPRINT  DD  SYSOUT=*
//SYSIN     DD  *
username    password
ascii
get ftp_test.txt 'USER.FTP.FO.TEST'
quit
/*

Example 3: Using SSZP to set up FTP tunneling.

The example below (SSZJFTPT from SAMPLIB) uses the SSZP JCL procedure to set up FTP tunneling.

//TUNNEL1 EXEC SSZP
//SYSTSIN  DD  *
 %SSZRSSH -S -fo +
        -L ftp/8888:localhost:21 +
        user@ftp_server
//*
//FTP       EXEC PGM=FTP,PARM='localhost 8888 (EXIT=8'
//SYSPRINT  DD  SYSOUT=*
//SYSIN     DD  *
username   passwd
ascii
get ftp_test.txt 'USER.FTP.TEST'
quit
/*

Previous Next Up [Contents] [Index]


[ Contact Information | Support | Feedback | SSH Home Page | SSH Products ]

Copyright © 2007 SSH Communications Security Corp.
This software is protected by international copyright laws. All rights reserved.
Copyright Notice