High Availability for COZSFTP

General discussion of the Co:Z Toolkit
Post Reply
Keith_Hays
Posts: 2
Joined: Mon Feb 15, 2021 9:42 am

High Availability for COZSFTP

Post by Keith_Hays »

Where can I find instructions to define High Availability for port 22 for CoZ SFTP?


In my TCP/IP profle, I have set up VIPADISTRIBUTE DEFINE SYSPLEXPORTS for port 22 distributed to 2 LPARs. I get a connection refused message:
"FOTS2204 ssh: connect to host sftp.xxx.net port 22: EDC8128I Connection refused." This message comes out before any request for username and password.


Thanks.
-Keith Hays
dovetail
Site Admin
Posts: 2022
Joined: Thu Jul 29, 2004 12:12 pm

Re: High Availability for COZSFTP

Post by dovetail »

Co:Z SFTP uses IBM z/OS OpenSSH for it's secure network connections.
When you connect to Co:Z SFTP server, you are connecting to IBM OpenSSH "sshd", which by default listens on port 22.
Therefore, your connection error indicates that you are not able to connect to SSHD - the Co:Z SFTP server doesn't start until later. I assume that you *are* able to connect to a specific LPAR running SSHD on this port by using the LPAR's IP address?

There is nothing special about now z/OS SSHD listens on port 22, so your problem seems to be with either how the DVIPA is set up, or how SSHD is started. Both products are components of z/OS, and so I suggest that you contact IBM support for assistance.

Note: once you get past this problem with the DVIPA, you will have to deal with the issue of the SSH Host Keys used by IBM z/OS SSHD. Since SSH clients will connect to the DVIPA hostname/IP address, you will have a hostkey mismatch problem if all of the SSHDs behind the DVIPA are not using the same Host Keys. Sometimes for this kind of configuration you might want two SSHD processes running on each LPAR: one listening on a port under the DVIPA, and another listening on a port of it's own. In this way, you can connect to either a specific LPAR, or to the DVIPA cluster. Each would have it's own SSHD server key(s).

Also: I notice from your email address that your company has a Enterprise License and Support Agreement for Co:Z. We ask that you please open a ticket under our or enterprise support system for problems and questions with Co:Z.
Keith_Hays
Posts: 2
Joined: Mon Feb 15, 2021 9:42 am

Re: High Availability for COZSFTP

Post by Keith_Hays »

Thank you very much. You answer makes complete sense.
Keith
Post Reply