Set pwdsn to a DD

A discussion of Co:Z sftp, a port of OpenSSH sftp for z/OS
Post Reply
mdgilmore
Posts: 3
Joined: Thu Dec 08, 2016 12:28 pm

Set pwdsn to a DD

Post by mdgilmore » Wed Oct 03, 2018 1:59 pm

We will be using another product that contains passwords in a Vault. The SFTP users will run a set prior to SFTP to retrieve the password and put it in a passed DSN:
//CREDOUT DD DSN=PASSWORD.FILE,DISP=(NEW,PASS,DELETE)

Can I set pwdsn in the SFTP step to read the PASSWORD.FILE from the DD:CREDOUT ?

dovetail
Site Admin
Posts: 1933
Joined: Thu Jul 29, 2004 12:12 pm

Re: Set pwdsn to a DD

Post by dovetail » Thu Oct 04, 2018 8:55 am

It is not possible to use a DD to reference a password data set.
This is because it is the IBM OpenSSH client process that invokes the SSH_ASKPASS program to produce a password and this process is run in a separate OMVS address space.

mdgilmore
Posts: 3
Joined: Thu Dec 08, 2016 12:28 pm

Re: Set pwdsn to a DD

Post by mdgilmore » Tue Feb 25, 2020 5:02 pm

I was able to get this working using:

In the Pre-SFTP Step:

//CREDOUT DD DSN=????????.TEMP.PASSWORD.FILE,DISP=(NEW,PASS,DELETE),
// DSORG=PS,LRECL=80,RECFM=FB,
// UNIT=WORK,SPACE=(TRK,(5,5),RLSE)

In the SFTP Step:

//SFTPIN DD *
user=????????
pwdsn=????????.TEMP.PASSWORD.FILE
host=server_name
. $script_dir/sftp_connect.sh << EOB
pwd
ls -al
EOB
/*

What I would really like to be able to use is:
Pre-Step:
//CREDOUT DD DISP=(,PASS),DSN=&&TEMPF,
// DSORG=PS,LRECL=80,RECFM=FB,
// UNIT=WORK,SPACE=(TRK,(5,5),RLSE)

In the SFTP Step:

//SFTPIN DD *
user=????????
pwdsn=//DD:&&TEMPF or pwdsn=&&TEMPF
host=server_name
. $script_dir/sftp_connect.sh << EOB
pwd
ls -al
EOB
/*

dovetail
Site Admin
Posts: 1933
Joined: Thu Jul 29, 2004 12:12 pm

Re: Set pwdsn to a DD

Post by dovetail » Thu Feb 27, 2020 10:53 am

It won't be possible to use a temporary dsn like &&TEMPF. This is because these are mapped into uncatalogued data sets by the local address space. The z/OS ssh client (/bin/ssh) runs as a child process in a separate address space, so that when it runs /coz/bin/read_passwd_dsn.sh, the &&TEMPF name can't be resolved in a different address space.

Post Reply