sftp when using HTTP proxy server
sftp when using HTTP proxy server
Our network people are implementing new HTTP proxy servers which are negating our previous z/OS communication to IBM. I have been able to access TESTCASE.BOULDER.IBM.COM for upload from WinSCP specifying only the new HTTP proxy.
I am now trying z/OS OpenSSH sftp command trying to use the following command getting ProxyCommand command not found error.
SYSE21:/u/tec1002/.ssh# sftp -o ProxyCommand='/usr/bin/nc -v -x www-proxy-hqdc.us.oracle.com:80' anonymous@testcase.boulder.us.ibm
Connecting to testcase.boulder.us.ibm...
/usr/bin/nc: Command not found.
FOTS1338 ssh_exchange_identification: Connection closed by remote host
FOTS0841 Connection closed
SYSE21:/u/tec1002/.ssh#
Would anyone have any suggestions on the above sftp error?
If not, would Co:Z sftp allow me to run from USS or batch and connect to IBM specifying z/OS datasets and/or USS files?
Thanks in advance,
Jon
I am now trying z/OS OpenSSH sftp command trying to use the following command getting ProxyCommand command not found error.
SYSE21:/u/tec1002/.ssh# sftp -o ProxyCommand='/usr/bin/nc -v -x www-proxy-hqdc.us.oracle.com:80' anonymous@testcase.boulder.us.ibm
Connecting to testcase.boulder.us.ibm...
/usr/bin/nc: Command not found.
FOTS1338 ssh_exchange_identification: Connection closed by remote host
FOTS0841 Connection closed
SYSE21:/u/tec1002/.ssh#
Would anyone have any suggestions on the above sftp error?
If not, would Co:Z sftp allow me to run from USS or batch and connect to IBM specifying z/OS datasets and/or USS files?
Thanks in advance,
Jon
Re: sftp when using HTTP proxy server
IBM does not provide a "nc" (netcat) command with z/OS.
We have a proxy command that is designed to use with OpenSSH on z/OS for this purpose.
You can download it free from here: https://dovetail.com/community/sshproxyc.html
We have a proxy command that is designed to use with OpenSSH on z/OS for this purpose.
You can download it free from here: https://dovetail.com/community/sshproxyc.html
Re: sftp when using HTTP proxy server
Thanks for the response.
If I understand correctly, the "nc" command not found is coming from z/OS USS and not the HTTP proxy? That would make sense. I will look at your download immediately.
Again, thanks so much!
If I understand correctly, the "nc" command not found is coming from z/OS USS and not the HTTP proxy? That would make sense. I will look at your download immediately.
Again, thanks so much!
Re: sftp when using HTTP proxy server
Apologize for my ignorance and confusion.
I have tried to download ssh-proxyc both inside and outside Oracle's VPN network. When I click the download button, I get a tab with what appears to be the actual PAX'd binary. I normally would be asked to download and where to put the file.
When I try and download the Installation Guide and Release Notes, this time it places coz-5.0.0 into the Windows download directory.
What am I doing wrong in trying to downlog ssh-proxyc?
I have tried to download ssh-proxyc both inside and outside Oracle's VPN network. When I click the download button, I get a tab with what appears to be the actual PAX'd binary. I normally would be asked to download and where to put the file.
When I try and download the Installation Guide and Release Notes, this time it places coz-5.0.0 into the Windows download directory.
What am I doing wrong in trying to downlog ssh-proxyc?
Re: sftp when using HTTP proxy server
Apparently your browser is configured to view the .pax file rather than select a download location.
Try "Save as" on the last download button for the .pax file
Try "Save as" on the last download button for the .pax file
Re: sftp when using HTTP proxy server
Thanks again for your help! I was able to SAVE AS the download file as ssh-proxyc.pax, upload it in binary and extract it into a z/OS 2.2 USS filesystem.
I ran the using your code and get the following:
SYSE22:/u/tec1002/bin# sftp -o ProxyCommand='/u/tec1002/bin/ssh-proxyc -v -p www-proxy-hqdc.us.oracle.com:80' anonymous@testcase.boulder.us.ibm
Co:Z ssh-proxyc version: 1.0.1 2017-01-05
Copyright (C) Dovetailed Technologies, LLC. 2016-2017. All rights reserved.
usage: ssh-proxyc [-46Ehv] -p proxy_address[:port] destination [port]
FOTS1338 ssh_exchange_identification: Connection closed by remote host
FOTS0841 Connection closed
SYSE22:/u/tec1002/bin#
I am missing some Oracle history and not sure what version of OpenSSH sftp is currently available. I also see there is a requirement which I still need to research. Based on your experience with the error above, any ideas as I dig deeper?
•z/OS V2R2 OpenSSH with PTF UA79909 (or later releases)
I ran the using your code and get the following:
SYSE22:/u/tec1002/bin# sftp -o ProxyCommand='/u/tec1002/bin/ssh-proxyc -v -p www-proxy-hqdc.us.oracle.com:80' anonymous@testcase.boulder.us.ibm
Co:Z ssh-proxyc version: 1.0.1 2017-01-05
Copyright (C) Dovetailed Technologies, LLC. 2016-2017. All rights reserved.
usage: ssh-proxyc [-46Ehv] -p proxy_address[:port] destination [port]
FOTS1338 ssh_exchange_identification: Connection closed by remote host
FOTS0841 Connection closed
SYSE22:/u/tec1002/bin#
I am missing some Oracle history and not sure what version of OpenSSH sftp is currently available. I also see there is a requirement which I still need to research. Based on your experience with the error above, any ideas as I dig deeper?
•z/OS V2R2 OpenSSH with PTF UA79909 (or later releases)
Re: sftp when using HTTP proxy server
Dug deeper and now see the requirement for UA79909 which is an add-on to HOS2220 and allows the FDpass option.
We're having IBMLINK problems but am trying to get that PTF and will try again. Slow but sure but I think I am getting closer.
We're having IBMLINK problems but am trying to get that PTF and will try again. Slow but sure but I think I am getting closer.
Re: sftp when using HTTP proxy server
Also, the error that you are getting:
usage: ssh-proxyc [-46Ehv] -p proxy_address[:port] destination [port]
means that your ssh-proxy command is not correct.
See the README for correct usage.
usage: ssh-proxyc [-46Ehv] -p proxy_address[:port] destination [port]
means that your ssh-proxy command is not correct.
See the README for correct usage.
Re: sftp when using HTTP proxy server
Yes. Found that when running the following:
SYSE22:/u/tec1002# sftp -o ProxyUseFDpass -o ProxyCommand='/u/tec1002/bin/ssh-proxyc -E -v -p www-proxy-hqdc.us.oracle.com:80' -v anonymous@testcase.boulder.us.ibm
FOTS1388 command-line: line 0: Bad configuration option: ProxyUseFDpass
FOTS0841 Connection closed
Now I'm working on getting the required PTF for FDpass.
Also, can you confirm that sftp once all the pieces are in place will only support USS filesystem files and NOT TSO files?
SYSE22:/u/tec1002# sftp -o ProxyUseFDpass -o ProxyCommand='/u/tec1002/bin/ssh-proxyc -E -v -p www-proxy-hqdc.us.oracle.com:80' -v anonymous@testcase.boulder.us.ibm
FOTS1388 command-line: line 0: Bad configuration option: ProxyUseFDpass
FOTS0841 Connection closed
Now I'm working on getting the required PTF for FDpass.
Also, can you confirm that sftp once all the pieces are in place will only support USS filesystem files and NOT TSO files?
Re: sftp when using HTTP proxy server
Could I ask some help again? I have the OpenSSH sftp command along with ssh_proxyc from Dovetailed Tech. I now have the OpenSSH required PTF installed and am now getting the following error when trying to connect to TESTCASE.BOULDER.IBM.COM.
I am not sure I have all the parameters set correctly. Any suggestions on what might be wrong? I also have the WinSCP sftp log of a connection which worked to the same IBM site with the same HTTP proxy. Appreciate any guidance that can be provided.
SYSE22:/u/tec1002# sftp -24 -vv -o ProxyUseFDpass=yes -o ProxyCommand='/u/tec1002/bin/ssh-proxyc -E -v -p www-proxy-hqdc.us.oracle.com:80' anonymous@testcase.boulder.us.ibm 80
OpenSSH_6.4, OpenSSL 1.0.1c 10 May 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: mac_setup: found hmac-sha1-etm@openssh.com
debug2: mac_setup: found hmac-sha2-256-etm@openssh.com
debug2: mac_setup: found hmac-sha2-512-etm@openssh.com
debug2: mac_setup: found hmac-sha1-96-etm@openssh.com
debug2: mac_setup: found hmac-sha1
debug2: mac_setup: found hmac-sha2-256
debug2: mac_setup: found hmac-sha2-512
debug2: mac_setup: found hmac-sha1-96
debug2: mac_setup: found hmac-md5-etm@openssh.com
debug2: mac_setup: found hmac-md5-96-etm@openssh.com
debug2: mac_setup: found hmac-md5
debug2: mac_setup: found hmac-md5-96
debug2: mac_setup: found umac-64-etm@openssh.com
debug2: mac_setup: found umac-128-etm@openssh.com
debug2: mac_setup: found hmac-ripemd160-etm@openssh.com
debug2: mac_setup: found umac-64@openssh.com
debug2: mac_setup: found umac-128@openssh.com
debug2: mac_setup: found hmac-ripemd160
debug2: mac_setup: found hmac-ripemd160@openssh.com
debug1: Reading configuration data /etc/ssh/zos_ssh_config
debug1: zsshSmfSetConnSmfStatus: SMF status is 0
debug2: ssh_connect: needpriv 0
debug1: Executing proxy dialer command: exec /u/tec1002/bin/ssh-proxyc -E -v -p www-proxy-hqdc.us.oracle.com:80
debug1: permanently_drop_suid: 0
Co:Z ssh-proxyc version: 1.0.1 2017-01-05
Copyright (C) Dovetailed Technologies, LLC. 2016-2017. All rights reserved.
usage: ssh-proxyc [-46Ehv] -p proxy_address[:port] destination [port]
FOTS2080 mm_receive_fd: recvmsg: expected received 1 got 0
FOTS3339 proxy dialer did not pass back a connection
debug1: zsshSmfSetConnSmfStatus: SMF status is 0
FOTS0841 Connection closed
SYSE22:/u/tec1002#
I am not sure I have all the parameters set correctly. Any suggestions on what might be wrong? I also have the WinSCP sftp log of a connection which worked to the same IBM site with the same HTTP proxy. Appreciate any guidance that can be provided.
SYSE22:/u/tec1002# sftp -24 -vv -o ProxyUseFDpass=yes -o ProxyCommand='/u/tec1002/bin/ssh-proxyc -E -v -p www-proxy-hqdc.us.oracle.com:80' anonymous@testcase.boulder.us.ibm 80
OpenSSH_6.4, OpenSSL 1.0.1c 10 May 2012
debug1: Reading configuration data /etc/ssh/ssh_config
debug2: mac_setup: found hmac-sha1-etm@openssh.com
debug2: mac_setup: found hmac-sha2-256-etm@openssh.com
debug2: mac_setup: found hmac-sha2-512-etm@openssh.com
debug2: mac_setup: found hmac-sha1-96-etm@openssh.com
debug2: mac_setup: found hmac-sha1
debug2: mac_setup: found hmac-sha2-256
debug2: mac_setup: found hmac-sha2-512
debug2: mac_setup: found hmac-sha1-96
debug2: mac_setup: found hmac-md5-etm@openssh.com
debug2: mac_setup: found hmac-md5-96-etm@openssh.com
debug2: mac_setup: found hmac-md5
debug2: mac_setup: found hmac-md5-96
debug2: mac_setup: found umac-64-etm@openssh.com
debug2: mac_setup: found umac-128-etm@openssh.com
debug2: mac_setup: found hmac-ripemd160-etm@openssh.com
debug2: mac_setup: found umac-64@openssh.com
debug2: mac_setup: found umac-128@openssh.com
debug2: mac_setup: found hmac-ripemd160
debug2: mac_setup: found hmac-ripemd160@openssh.com
debug1: Reading configuration data /etc/ssh/zos_ssh_config
debug1: zsshSmfSetConnSmfStatus: SMF status is 0
debug2: ssh_connect: needpriv 0
debug1: Executing proxy dialer command: exec /u/tec1002/bin/ssh-proxyc -E -v -p www-proxy-hqdc.us.oracle.com:80
debug1: permanently_drop_suid: 0
Co:Z ssh-proxyc version: 1.0.1 2017-01-05
Copyright (C) Dovetailed Technologies, LLC. 2016-2017. All rights reserved.
usage: ssh-proxyc [-46Ehv] -p proxy_address[:port] destination [port]
FOTS2080 mm_receive_fd: recvmsg: expected received 1 got 0
FOTS3339 proxy dialer did not pass back a connection
debug1: zsshSmfSetConnSmfStatus: SMF status is 0
FOTS0841 Connection closed
SYSE22:/u/tec1002#
Re: sftp when using HTTP proxy server
Your ssh-proxyc command is not valid.
Take a look at the README for valid syntax:
https://dovetail.com/docs/sshproxyc/readme.html
I am guessing that you need something like:
sftp -vv -oProxyUseFDpass=yes -oProxyCommand='/u/tec1002/bin/ssh-proxyc -v -p www-proxy-hqdc.us.oracle.com:80 %h %p' anonymous@testcase.boulder.ibm.com
Take a look at the README for valid syntax:
https://dovetail.com/docs/sshproxyc/readme.html
I am guessing that you need something like:
sftp -vv -oProxyUseFDpass=yes -oProxyCommand='/u/tec1002/bin/ssh-proxyc -v -p www-proxy-hqdc.us.oracle.com:80 %h %p' anonymous@testcase.boulder.ibm.com
Re: sftp when using HTTP proxy server
Hi,
Do you have an example of using COZSFTP to run the following with ssh-proxyc?
sftp -vv -oProxyUseFDpass=yes -oProxyCommand='/u/tec1002/bin/ssh-proxyc -v -p www-proxy-hqdc.us.oracle.com:80 %h %p' anonymous@testcase.boulder.ibm.com
Many thanks
Do you have an example of using COZSFTP to run the following with ssh-proxyc?
sftp -vv -oProxyUseFDpass=yes -oProxyCommand='/u/tec1002/bin/ssh-proxyc -v -p www-proxy-hqdc.us.oracle.com:80 %h %p' anonymous@testcase.boulder.ibm.com
Many thanks
Re: sftp when using HTTP proxy server
ssh-proxyc supports SOCKS5 proxy servers, not HTTP proxy servers.
Sorry for the confusion.
For more information, see: https://dovetail.com/community/sshproxyc.html
Sorry for the confusion.
For more information, see: https://dovetail.com/community/sshproxyc.html