Discussion:
Setting up sshd on z/OS
(too old to reply)
Frank Swarbrick
2017-09-30 00:00:41 UTC
Permalink
Raw Message
We don't currently have sshd setup. I'm a developer looking to perhaps trial something that requires it. How much effort is it to set up for the first time? I want to know if its worth pushing our Systems group to do, or if I should not bother because I don't yet have a "business case" for it.

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
Tom Brennan
2017-09-30 05:38:51 UTC
Permalink
Raw Message
I installed SSHD a few years back and it wasn't that difficult. If I
remember correctly, I ordered and downloaded the Ported Tools product
via ShopZ (my notes say HOS1120 which was probably the latest at the
time). That's a no-charge product from IBM. I probably used the
Program Directory instructions, and it was an SMP/E install. That may
take some time and a systems programmer.

The result for me was a dozen or so files such as /usr/sbin/sshd
/bin/sftp /bin/scp and others needed for the processing. Most likely
these would be installed into a test ZFS and then copied or migrated to
a running system following your sysprog's normal methods. That can also
take time, and even might involve the dreaded change control folks.

To run the SSHD server, the sysprog will have to create/copy a proc and
start that task. There are notes on how to do that in the Program
Directory I think, and I'm pretty sure it worked for me first time. My
notes say this: "To my surprise, SSHD started successfully" :) Starting
a new STC task on the mainframe typically involves someone who works
with an Auto Operations product that will start and stop the task at
every IPL. One more thing to do.

Then you may need sshd_config modifications, but since I think we're
running just about the same code used on Unix/Linux machines, almost
anyone familiar with non-mainframe SSHD should be able to help.

If you're lucky, Ported Tools was already ordered and installed (i.e.
with ServerPac), and all you need to do is get someone to setup and
start the SSHD task. That would make things a lot simpler.
Post by Frank Swarbrick
We don't currently have sshd setup. I'm a developer looking to perhaps trial something that requires it. How much effort is it to set up for the first time? I want to know if its worth pushing our Systems group to do, or if I should not bother because I don't yet have a "business case" for it.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
Wolfgang Fritz
2017-09-30 07:49:30 UTC
Permalink
Raw Message
Hi if you are using z/os v2.2 it is already installed you only have to configure your started task for sshd.
Wolfgang

Bin unterwegs hab nur iPhone zur Verfügung.😎
I installed SSHD a few years back and it wasn't that difficult. If I remember correctly, I ordered and downloaded the Ported Tools product via ShopZ (my notes say HOS1120 which was probably the latest at the time). That's a no-charge product from IBM. I probably used the Program Directory instructions, and it was an SMP/E install. That may take some time and a systems programmer.
The result for me was a dozen or so files such as /usr/sbin/sshd /bin/sftp /bin/scp and others needed for the processing. Most likely these would be installed into a test ZFS and then copied or migrated to a running system following your sysprog's normal methods. That can also take time, and even might involve the dreaded change control folks.
To run the SSHD server, the sysprog will have to create/copy a proc and start that task. There are notes on how to do that in the Program Directory I think, and I'm pretty sure it worked for me first time. My notes say this: "To my surprise, SSHD started successfully" :) Starting a new STC task on the mainframe typically involves someone who works with an Auto Operations product that will start and stop the task at every IPL. One more thing to do.
Then you may need sshd_config modifications, but since I think we're running just about the same code used on Unix/Linux machines, almost anyone familiar with non-mainframe SSHD should be able to help.
If you're lucky, Ported Tools was already ordered and installed (i.e. with ServerPac), and all you need to do is get someone to setup and start the SSHD task. That would make things a lot simpler.
Post by Frank Swarbrick
We don't currently have sshd setup. I'm a developer looking to perhaps trial something that requires it. How much effort is it to set up for the first time? I want to know if its worth pushing our Systems group to do, or if I should not bother because I don't yet have a "business case" for it.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
.

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
Nims,Alva John , Al
2017-09-30 15:03:40 UTC
Permalink
Raw Message
We are currently not using sshd, but if you are looking at using sftp (ftp using sshd), then I might recommend you looking at Dovetail's CO:z product.
https://dovetail.com/products/sftp.html

I believe it is free, but you pay for support.

That is not a complete solution for your sshd question, but a possible answer to help you with one component.

Al Nims
UFIT
University of Florida
(352) 273-1298
@Home

-----Original Message-----
From: IBM Mainframe Discussion List [mailto:IBM-***@LISTSERV.UA.EDU] On Behalf Of Frank Swarbrick
Sent: Friday, September 29, 2017 8:02 PM
To: IBM-***@LISTSERV.UA.EDU
Subject: Setting up sshd on z/OS

We don't currently have sshd setup. I'm a developer looking to perhaps trial something that requires it. How much effort is it to set up for the first time? I want to know if its worth pushing our Systems group to do, or if I should not bother because I don't yet have a "business case" for it.

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions, send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
Rob Schramm
2017-09-30 16:10:29 UTC
Permalink
Raw Message
Security may be the biggest hurdle. Rest of it isn't hard.

Rob
Post by Nims,Alva John , Al
We are currently not using sshd, but if you are looking at using sftp (ftp
using sshd), then I might recommend you looking at Dovetail's CO:z product.
https://dovetail.com/products/sftp.html
I believe it is free, but you pay for support.
That is not a complete solution for your sshd question, but a possible
answer to help you with one component.
Al Nims
UFIT
University of Florida
(352) 273-1298
@Home
-----Original Message-----
Behalf Of Frank Swarbrick
Sent: Friday, September 29, 2017 8:02 PM
Subject: Setting up sshd on z/OS
We don't currently have sshd setup. I'm a developer looking to perhaps
trial something that requires it. How much effort is it to set up for the
first time? I want to know if its worth pushing our Systems group to do,
or if I should not bother because I don't yet have a "business case" for it.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions, send email
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
--
Rob Schramm

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
Stewart Gray
2017-09-30 17:21:04 UTC
Permalink
Raw Message
Hello

If setting up sshd on z/os 2.2 (which includes open ssh 1.3 iirc) will need ICSF task to be active as well.

Can highly recommend co:z sftp client and server solution, easy to implement on top of ibm's open ssh and enables alot more functionality (especially on sftp client side).


Sent from my iPhone
Post by Nims,Alva John , Al
We are currently not using sshd, but if you are looking at using sftp (ftp using sshd), then I might recommend you looking at Dovetail's CO:z product.
https://dovetail.com/products/sftp.html
I believe it is free, but you pay for support.
That is not a complete solution for your sshd question, but a possible answer to help you with one component.
Al Nims
UFIT
University of Florida
(352) 273-1298
@Home
-----Original Message-----
Sent: Friday, September 29, 2017 8:02 PM
Subject: Setting up sshd on z/OS
We don't currently have sshd setup. I'm a developer looking to perhaps trial something that requires it. How much effort is it to set up for the first time? I want to know if its worth pushing our Systems group to do, or if I should not bother because I don't yet have a "business case" for it.
----------------------------------------------------------------------
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to ***@listserv.ua.edu with the message: INFO IBM-MAIN
Loading...