sftp when using HTTP proxy server

A discussion of Co:Z sftp, a port of OpenSSH sftp for z/OS
Post Reply
nolting
Posts: 6
Joined: Thu May 10, 2018 3:07 pm

sftp when using HTTP proxy server

Post by nolting » Thu May 10, 2018 3:16 pm

Our network people are implementing new HTTP proxy servers which are negating our previous z/OS communication to IBM. I have been able to access TESTCASE.BOULDER.IBM.COM for upload from WinSCP specifying only the new HTTP proxy.

I am now trying z/OS OpenSSH sftp command trying to use the following command getting ProxyCommand command not found error.

SYSE21:/u/tec1002/.ssh# sftp -o ProxyCommand='/usr/bin/nc -v -x www-proxy-hqdc.us.oracle.com:80' anonymous@testcase.boulder.us.ibm
Connecting to testcase.boulder.us.ibm...
/usr/bin/nc: Command not found.
FOTS1338 ssh_exchange_identification: Connection closed by remote host
FOTS0841 Connection closed
SYSE21:/u/tec1002/.ssh#

Would anyone have any suggestions on the above sftp error?

If not, would Co:Z sftp allow me to run from USS or batch and connect to IBM specifying z/OS datasets and/or USS files?

Thanks in advance,
Jon

dovetail
Site Admin
Posts: 1813
Joined: Thu Jul 29, 2004 12:12 pm

Re: sftp when using HTTP proxy server

Post by dovetail » Mon May 14, 2018 7:17 am

IBM does not provide a "nc" (netcat) command with z/OS.

We have a proxy command that is designed to use with OpenSSH on z/OS for this purpose.
You can download it free from here: https://dovetail.com/community/sshproxyc.html

nolting
Posts: 6
Joined: Thu May 10, 2018 3:07 pm

Re: sftp when using HTTP proxy server

Post by nolting » Mon May 14, 2018 12:22 pm

Thanks for the response.

If I understand correctly, the "nc" command not found is coming from z/OS USS and not the HTTP proxy? That would make sense. I will look at your download immediately.

Again, thanks so much!

nolting
Posts: 6
Joined: Thu May 10, 2018 3:07 pm

Re: sftp when using HTTP proxy server

Post by nolting » Mon May 14, 2018 1:29 pm

Apologize for my ignorance and confusion.

I have tried to download ssh-proxyc both inside and outside Oracle's VPN network. When I click the download button, I get a tab with what appears to be the actual PAX'd binary. I normally would be asked to download and where to put the file.

When I try and download the Installation Guide and Release Notes, this time it places coz-5.0.0 into the Windows download directory.

What am I doing wrong in trying to downlog ssh-proxyc?

dovetail
Site Admin
Posts: 1813
Joined: Thu Jul 29, 2004 12:12 pm

Re: sftp when using HTTP proxy server

Post by dovetail » Mon May 14, 2018 4:02 pm

Apparently your browser is configured to view the .pax file rather than select a download location.
Try "Save as" on the last download button for the .pax file

nolting
Posts: 6
Joined: Thu May 10, 2018 3:07 pm

Re: sftp when using HTTP proxy server

Post by nolting » Tue May 15, 2018 7:16 pm

Thanks again for your help! I was able to SAVE AS the download file as ssh-proxyc.pax, upload it in binary and extract it into a z/OS 2.2 USS filesystem.

I ran the using your code and get the following:

SYSE22:/u/tec1002/bin# sftp -o ProxyCommand='/u/tec1002/bin/ssh-proxyc -v -p www-proxy-hqdc.us.oracle.com:80' anonymous@testcase.boulder.us.ibm
Co:Z ssh-proxyc version: 1.0.1 2017-01-05
Copyright (C) Dovetailed Technologies, LLC. 2016-2017. All rights reserved.
usage: ssh-proxyc [-46Ehv] -p proxy_address[:port] destination [port]
FOTS1338 ssh_exchange_identification: Connection closed by remote host
FOTS0841 Connection closed
SYSE22:/u/tec1002/bin#

I am missing some Oracle history and not sure what version of OpenSSH sftp is currently available. I also see there is a requirement which I still need to research. Based on your experience with the error above, any ideas as I dig deeper?

•z/OS V2R2 OpenSSH with PTF UA79909 (or later releases)

nolting
Posts: 6
Joined: Thu May 10, 2018 3:07 pm

Re: sftp when using HTTP proxy server

Post by nolting » Tue May 15, 2018 8:00 pm

Dug deeper and now see the requirement for UA79909 which is an add-on to HOS2220 and allows the FDpass option.

We're having IBMLINK problems but am trying to get that PTF and will try again. Slow but sure but I think I am getting closer.

dovetail
Site Admin
Posts: 1813
Joined: Thu Jul 29, 2004 12:12 pm

Re: sftp when using HTTP proxy server

Post by dovetail » Wed May 16, 2018 6:55 am

Also, the error that you are getting:

usage: ssh-proxyc [-46Ehv] -p proxy_address[:port] destination [port]

means that your ssh-proxy command is not correct.
See the README for correct usage.

nolting
Posts: 6
Joined: Thu May 10, 2018 3:07 pm

Re: sftp when using HTTP proxy server

Post by nolting » Wed May 16, 2018 2:33 pm

Yes. Found that when running the following:

SYSE22:/u/tec1002# sftp -o ProxyUseFDpass -o ProxyCommand='/u/tec1002/bin/ssh-proxyc -E -v -p www-proxy-hqdc.us.oracle.com:80' -v anonymous@testcase.boulder.us.ibm
FOTS1388 command-line: line 0: Bad configuration option: ProxyUseFDpass
FOTS0841 Connection closed

Now I'm working on getting the required PTF for FDpass.


Also, can you confirm that sftp once all the pieces are in place will only support USS filesystem files and NOT TSO files?

Post Reply