using cozsftp from omvs 3270 ?

Discussion of Co:Z sftp, a port of OpenSSH sftp for z/OS
Post Reply
LIonel_Dyck
Posts: 11
Joined: Thu Jun 25, 2020 9:18 am

using cozsftp from omvs 3270 ?

Post by LIonel_Dyck »

Is it possible to use cozsftp (or plain sftp) from a 3270 OMVS session?

Right now I'm getting:

FOTS3322 Passwords may not be entered from 3270 terminals
[06:17:10.254529] Connection closed

Yet using the FTP command it does work and allows entry of a password.

Thank you
dovetail
Site Admin
Posts: 2022
Joined: Thu Jul 29, 2004 12:12 pm

Re: using cozsftp from omvs 3270 ?

Post by dovetail »

You can, but you need to use a SSH key instead of a password.
This is because IBM OpenSSH (used by Co:Z SFTP) doesn't allow password prompting from OMVS 3270 sessions (FOTS3322), since there wouldn't be a way to hide input.

You didn't ask, but we recommend using an interactive ssh session into z/OS as the z/OS Unix shell instead of 3270. From ssh shells, you can do hidden password prompts for ssh and sftp to other systems.
LIonel_Dyck
Posts: 11
Joined: Thu Jun 25, 2020 9:18 am

Re: using cozsftp from omvs 3270 ?

Post by LIonel_Dyck »

How do I setup a key instead of a password? It sounds intriguing .
dovetail
Site Admin
Posts: 2022
Joined: Thu Jul 29, 2004 12:12 pm

Re: using cozsftp from omvs 3270 ?

Post by dovetail »

Here's the section of the Co:Z SFTP user's guide:

https://dovetail.com/docs/sftp/auth.html

You could either put the keys in the z/OS UNIX filesystem, or even better a Key Ring.
LIonel_Dyck
Posts: 11
Joined: Thu Jun 25, 2020 9:18 am

Re: using cozsftp from omvs 3270 ?

Post by LIonel_Dyck »

Thank you very much. :D
LIonel_Dyck
Posts: 11
Joined: Thu Jun 25, 2020 9:18 am

Re: using cozsftp from omvs 3270 ?

Post by LIonel_Dyck »

I read that page and the references but I'm still being prompted for my password with ssh or sftp from my windows pc.

What I did was:
1. ftp from pc to z/os
2. cd to my .ssh directory
3. put id_rsa.pub authorized_keys as text
4. quit ftp
5. open omvs to my .ssh directory
6. chmod 600 authorized_keys
7. sftp from pc to z/os

and I was prompted for my password with sftp and ssh.

That appears to be what the doc indicates but the doc also mentions the key being one very long line. I only get that if I ftp in binary. So ...

I tried uploading in binary - no joy.

I edited the text version in omvs to make it one line after removing the comments - no joy.

please advise.
dovetail
Site Admin
Posts: 2022
Joined: Thu Jul 29, 2004 12:12 pm

Re: using cozsftp from omvs 3270 ?

Post by dovetail »

I'm confused - I thought that your client was Co:Z SFTP on z/OS?

For this, login to z/OS UNIX with an ssh shell (e.g. PuTTY), then follow the instructions in "F.2 OpenSSH keypair authentication".
The "id_rsa.pub" file will be a single long line of text.

In step 2, you will upload this and (replace) $HOME/.ssh/authorized_keys on the server, but if this exists, just transfer it in text mode to the server:

ZOS> cozsftp myuser@myserver.com
Connecting to n.n.n.n...
myuser@mserver.com's password: ******
cozsftp> ascii
cozsftp> cd .ssh
cozsftp> put -P id_rsa.pub
Uploading id_rsa.pub to ....
id_rsa.pub 100% 601 0.6KB/s 00:00
cozsftp> quit

Then, login to the remote server with a shell and copy the one line of text from id_rsa.pub to the end of authorized_keys.

server> cd .ssh
server> cat id_rsa.pub >> authorized_keys
server> chmod 600 authorized_keys

If this works, then you can login without a password from ZOS (either ssh shell or OMVS):

cozsftp myuser@myserver.com
cozsftp> # no password prompt
LIonel_Dyck
Posts: 11
Joined: Thu Jun 25, 2020 9:18 am

Re: using cozsftp from omvs 3270 ?

Post by LIonel_Dyck »

I was trying to use sftp from windows to z/OS and hoping to avoid the password prompt. Going z/OS to z/OS is less likely for us.
dovetail
Site Admin
Posts: 2022
Joined: Thu Jul 29, 2004 12:12 pm

Re: using cozsftp from omvs 3270 ?

Post by dovetail »

No problem - what Window sftp client are you using?

- Windows PowerShell OpenSSH?
- PuTTY PSFTP?
- Bitvise SSH/SFTP Client? (my favorite GUI for Windoze)

Different products have different ways of creating ssh keys, but basically all you need to do is create a public/private key pair and then get (or export) the OpenSSH format public key file (one long line of text) and add that that to your z/OS $HOME/.ssh/authorized_keys
Post Reply