Dana, It is possible to use passwords with IBM Ported Tools OpenSSH, by setting the "SSH_ASKPASS" environment variable and some other stuff just right.
We have the following example JCL of doing this with Co:Z SFTP (see notes below on adapting) - //RUNSFTP EXEC PGM=COZBATCH,REGION=64M //STDIN DD * # Customize these ... coz_bin="/opt/dovetail/coz/bin" remoteuser="uid" server="remote.host.name" servercp="ISO8859-1" remotefile="/path/to/file" # These can be used to read the ssh password from a (secured) dataset # if you don't want to setup public/private keypairs export PASSWD_DSN='//COZUSER.PASSWD(SITE1)' export SSH_ASKPASS=$coz_bin/read_passwd_dsn.sh export DISPLAY=none ssh_opts="-oBatchMode=no" # allows ssh to use SSH_ASKPASS program ssh_opts="$ssh_opts -oConnectTimeout=60" ssh_opts="$ssh_opts -oServerAliveInterval=60" ssh_opts="$ssh_opts -oStrictHostKeyChecking=no" # accept initial host keys # Invoke the Co:Z sftp client with an in-line batch of commands # that downloads a remote file to a local DD. # Note that "-oBatchMode=no" must be specified before "-b" # since ssh opts are first-sticky $coz_bin/cozsftp $ssh_opts -b- $remoteuser@$server <<EOB lzopts mode=text,servercp=$servercp get $remotefile //DD:DOWNLOAD EOB //DOWNLOAD DD DSN=&&DOWNLOAD,DISP=(NEW,DELETE), // DCB=(...),SPACE=(...) // Co:Z SFTP uses IBM Ported Tools ssh, and you can use the same technique with IBM's sftp. Here are some notes about adapting this to use with IBM sftp: 1) We have much better sample scripts and JCL for running Co:Z SFTP in batch that are much cleaner to use that this example, but this has is all layed out in one place. 2) COZBATCH is our replacement for BPXBATCH that allows you to have STDIN DD *, so to use BPXBATCH you have to move the STDIN input to a shell script file. 3) In the example, our "read_passwd_dsn.sh" shell script reads the password from the $PASSWD_DSN, so you would need to replace that with your own script or program that produces the password 4) You would replace "$coz_bin/cozsftp" with "sftp". IBM sftp does not support "lzopts" or DDs or data sets. Kirk Wolf Dovetailed Technologies http://dovetail.com PS> Co:Z SFTP is available free to use under our Community License, for more information see: http://dovetail.com/products/sftp.html http://dovetail.com/support.html On Wed, Feb 4, 2015 at 3:42 PM, Dana Mitchell <[email protected]> wrote: > Hello All, > > We have a need to implement sftp transfers in place of some ftp batch > jobs. I have installed IBM Ported Tools OpenSSH, and can successfully use > putty to log into my z/OS system (1.13). From there I can connect to the > remote sftp server on another platform and transfer files like a boss. > What I need to be able to do is transfer files via sftp in a batch job. I > can't figure out how to pass the user/password from a batch job. I see > examples such as: > > //* > //STEPNAME EXEC PGM=BPXBATCH,REGION=8M > //STDERR DD SYSOUT=* > //STDOUT DD SYSOUT=* > //STDPARM DD * > SH sftp [email protected] > /* > // > > Also it would be a bonus if we could store userid/password in a seperate > file like NETRC so that could be racf secured to only authorized users on > the z/OS side. > > Thanks > Dana > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
