Is it possible to use cozsftp (or plain sftp) from a 3270 OMVS session?
Right now I'm getting:
FOTS3322 Passwords may not be entered from 3270 terminals
[06:17:10.254529] Connection closed
Yet using the FTP command it does work and allows entry of a password.
Thank you
using cozsftp from omvs 3270 ?
Re: using cozsftp from omvs 3270 ?
You can, but you need to use a SSH key instead of a password.
This is because IBM OpenSSH (used by Co:Z SFTP) doesn't allow password prompting from OMVS 3270 sessions (FOTS3322), since there wouldn't be a way to hide input.
You didn't ask, but we recommend using an interactive ssh session into z/OS as the z/OS Unix shell instead of 3270. From ssh shells, you can do hidden password prompts for ssh and sftp to other systems.
This is because IBM OpenSSH (used by Co:Z SFTP) doesn't allow password prompting from OMVS 3270 sessions (FOTS3322), since there wouldn't be a way to hide input.
You didn't ask, but we recommend using an interactive ssh session into z/OS as the z/OS Unix shell instead of 3270. From ssh shells, you can do hidden password prompts for ssh and sftp to other systems.
-
- Posts: 11
- Joined: Thu Jun 25, 2020 9:18 am
Re: using cozsftp from omvs 3270 ?
How do I setup a key instead of a password? It sounds intriguing .
Re: using cozsftp from omvs 3270 ?
Here's the section of the Co:Z SFTP user's guide:
https://dovetail.com/docs/sftp/auth.html
You could either put the keys in the z/OS UNIX filesystem, or even better a Key Ring.
https://dovetail.com/docs/sftp/auth.html
You could either put the keys in the z/OS UNIX filesystem, or even better a Key Ring.
-
- Posts: 11
- Joined: Thu Jun 25, 2020 9:18 am
Re: using cozsftp from omvs 3270 ?
Thank you very much.
-
- Posts: 11
- Joined: Thu Jun 25, 2020 9:18 am
Re: using cozsftp from omvs 3270 ?
I read that page and the references but I'm still being prompted for my password with ssh or sftp from my windows pc.
What I did was:
1. ftp from pc to z/os
2. cd to my .ssh directory
3. put id_rsa.pub authorized_keys as text
4. quit ftp
5. open omvs to my .ssh directory
6. chmod 600 authorized_keys
7. sftp from pc to z/os
and I was prompted for my password with sftp and ssh.
That appears to be what the doc indicates but the doc also mentions the key being one very long line. I only get that if I ftp in binary. So ...
I tried uploading in binary - no joy.
I edited the text version in omvs to make it one line after removing the comments - no joy.
please advise.
What I did was:
1. ftp from pc to z/os
2. cd to my .ssh directory
3. put id_rsa.pub authorized_keys as text
4. quit ftp
5. open omvs to my .ssh directory
6. chmod 600 authorized_keys
7. sftp from pc to z/os
and I was prompted for my password with sftp and ssh.
That appears to be what the doc indicates but the doc also mentions the key being one very long line. I only get that if I ftp in binary. So ...
I tried uploading in binary - no joy.
I edited the text version in omvs to make it one line after removing the comments - no joy.
please advise.
Re: using cozsftp from omvs 3270 ?
I'm confused - I thought that your client was Co:Z SFTP on z/OS?
For this, login to z/OS UNIX with an ssh shell (e.g. PuTTY), then follow the instructions in "F.2 OpenSSH keypair authentication".
The "id_rsa.pub" file will be a single long line of text.
In step 2, you will upload this and (replace) $HOME/.ssh/authorized_keys on the server, but if this exists, just transfer it in text mode to the server:
ZOS> cozsftp myuser@myserver.com
Connecting to n.n.n.n...
myuser@mserver.com's password: ******
cozsftp> ascii
cozsftp> cd .ssh
cozsftp> put -P id_rsa.pub
Uploading id_rsa.pub to ....
id_rsa.pub 100% 601 0.6KB/s 00:00
cozsftp> quit
Then, login to the remote server with a shell and copy the one line of text from id_rsa.pub to the end of authorized_keys.
server> cd .ssh
server> cat id_rsa.pub >> authorized_keys
server> chmod 600 authorized_keys
If this works, then you can login without a password from ZOS (either ssh shell or OMVS):
cozsftp myuser@myserver.com
cozsftp> # no password prompt
For this, login to z/OS UNIX with an ssh shell (e.g. PuTTY), then follow the instructions in "F.2 OpenSSH keypair authentication".
The "id_rsa.pub" file will be a single long line of text.
In step 2, you will upload this and (replace) $HOME/.ssh/authorized_keys on the server, but if this exists, just transfer it in text mode to the server:
ZOS> cozsftp myuser@myserver.com
Connecting to n.n.n.n...
myuser@mserver.com's password: ******
cozsftp> ascii
cozsftp> cd .ssh
cozsftp> put -P id_rsa.pub
Uploading id_rsa.pub to ....
id_rsa.pub 100% 601 0.6KB/s 00:00
cozsftp> quit
Then, login to the remote server with a shell and copy the one line of text from id_rsa.pub to the end of authorized_keys.
server> cd .ssh
server> cat id_rsa.pub >> authorized_keys
server> chmod 600 authorized_keys
If this works, then you can login without a password from ZOS (either ssh shell or OMVS):
cozsftp myuser@myserver.com
cozsftp> # no password prompt
-
- Posts: 11
- Joined: Thu Jun 25, 2020 9:18 am
Re: using cozsftp from omvs 3270 ?
I was trying to use sftp from windows to z/OS and hoping to avoid the password prompt. Going z/OS to z/OS is less likely for us.
Re: using cozsftp from omvs 3270 ?
No problem - what Window sftp client are you using?
- Windows PowerShell OpenSSH?
- PuTTY PSFTP?
- Bitvise SSH/SFTP Client? (my favorite GUI for Windoze)
Different products have different ways of creating ssh keys, but basically all you need to do is create a public/private key pair and then get (or export) the OpenSSH format public key file (one long line of text) and add that that to your z/OS $HOME/.ssh/authorized_keys
- Windows PowerShell OpenSSH?
- PuTTY PSFTP?
- Bitvise SSH/SFTP Client? (my favorite GUI for Windoze)
Different products have different ways of creating ssh keys, but basically all you need to do is create a public/private key pair and then get (or export) the OpenSSH format public key file (one long line of text) and add that that to your z/OS $HOME/.ssh/authorized_keys