MFFTP Using SFTP As An FTP Client

Secure FTP or sftp is achieved by the main MFFTP program shelling out and invoking the putty sftp implementation.

This is FTP over secure shell or ssh , not FTPS or FTP using TLS.

Prerequisites

The putty toolset needs to be installed and on the path.

More specifically, the putty sftp executable psftp.exe is required.

These utilities can be downloaded from here

If you are going to use a certificate-based authorisation, a certificate needs to be available. Please refer to the putty documentation for the process used to do this.

Configuration

The following control Variables need to be configured:

MFFTP_CLIENT=SFTP
This configures the MFFTP program to use psftp as the ftp client.
MFFTP_SFTP_AUTH=n

Used to determine the artifacts to be used for authentication as follows:

Each of the 4 variables is assigned a value as follows:

1 – userid

2 – password

4 – certificate

8 – passphrase

Add the required values together to get elements to be used for authentication as follows:

1 - user id only

2 - password only

3 - userid plus password

4 - certificate only

5 - certificate plus userid

6 - certificate plus password

7 - certificate plus userid plus password

8 - invalid (need a certificate to have a passphrase)

9 - invalid

10 - invalid

11 - invalid

12 - certificate plus passphrase

13 - certificate plus passphrase plus userid

14 - certificate plus passphrase plus password

The following DD definitions provide the ability to configure authorisation parameters

  • //SFTPAUTH DD .....

    The following parameters are valid, replacing the text within <> with correct values

    machine <machine name>
    The machine name to connect for the session
    user <username>
    The user name to log in as
    pass <password>
    keypcn <path to ppk certificate file >
    Optional, only when using certificate authentication. It is preferable to store the certificate within a catalog-controlled dataset and use it in the SFTPPPK DD described below.
    keypass <pass phrase for use with ppk certificate >
    Optional. Only when using certificate and passphrase authentication.
    hostkey <specific hostkey for machine connecting to >
    This is optional. If not provided, this hostkey must exist in the machine's host key store. Please refer to putty documentation for more information.
  • //SFTPPPK DD .... Contains the ppk certificate to be used to connect to the sftp server . This method of storing the certificate is preferable to storing it on disk somewhere.

An example JCL to configure control variables in a dataset called FTP.DATA , and place the ppk certificate in a dataset called FTP.PRIV.DATA

//SETUP02 JOB 'FTP.DATA',MSGCLASS=X,CLASS=A,MSGLEVEL=(1,1)
//*--------------------------------------------------------
//DEL     EXEC PGM=IEFBR14
//DEL1    DD DSN=FTP.DATA,SPACE=(TRK,1),DISP=(MOD,DELETE)
//DEL2    DD DSN=FTP.AUTH.DATA,SPACE=(TRK,1),DISP=(MOD,DELETE)
//DEL3    DD DSN=FTP.PRIV.DATA,SPACE=(TRK,1),DISP=(MOD,DELETE)
//*==========================================================
//*       FTP.PRIV CONFIGURATION FILE
//*==========================================================
//DEFPRIV  EXEC PGM=IEBGENER
//SYSPRINT DD SYSOUT=*
//SYSIN    DD DUMMY
//SYSUT1   DD *
PuTTY-User-Key-File-2: ssh-rsa
Encryption: aes256-cbc
Comment: slesz1 
Public-Lines: 6
AAAAB3NzaC1yc2EAAAABJQAAAQEAmTd1uLtTsQ6RoyTuhzr3VxFBa0zAK7p91XbQ
sa1NRh9lcVs8zeI3xOzNfW4fyTAe4YUyLCxF0dSXTChDvJtqNeNa9bXiY/noTzc8
WmnWklGzOI+JoxLGIfFvzEN/LjxkB3Tzmc5ESsLLC/xTJrvcuCw/H5Wbh377xaKH
6S4NfXCtaYxWJ3vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv0MRfH15y8DqF9bWhOP6
ywmZAmIZqJeL+0cgeGFtADiV7DSGSrMyEvKayh1OTTRpgebJ40fFaqWvPW6D5yQW
LafvaQLh+OIuMc9iAUwhoetw7VNBLekIFUvwtpS6Pdrs98f0ZQ==
Private-Lines: 14
Wo+ACSDjbOHFd3XXSaYI+meJ5wgJklTLIRjYzJe6QB3bRelm0iSdPTo+lJ8Gtn0u
7mXHsszk0hXAtkv1nWAVPYszk5tk+kY/zuT9YVRp03nwsuW/WQkofNAn5C205/sC
WfvlklaYIBe5FBVmVUYu+p4FzTJYmshZDqMRLYGougB8LLI8knlRfmJn3jgjWR3Z
yRS7XIzgBExy+NX6dyv6UA1mWHU2kV22ao7NBot9M9p2BrVh8NTyYwc4SDz238H9
JIV50m+BZkmZLhRHUokABY3DwAzDQnQHMRFLJ8rOFkPw4WfrJHyy9Do1wU5PlqJ/
SF7FSpTVlzilP7aI5mzexdrXs5WZtxJ5wDvSHTUmtcQSh2YDLxAZf4IPavHsD+eM
nJh4AsU8Pvd4Op5ONPBJY1xrCdQ0AtfrvudFWjPlLJgm8901wo7Mzokbk3ys5sR+
IVu6FWCBk9iN+0KLLPxxxxxxxxxxxVmVzUK8AtbWkBr01bFSAbHiLgnwm1M4LwJz
r1vY96CrBGEfj7wCKeaFmw7FIvc1r8n3WyYcmUfiv0WqZeuBX+yb90QwxzarQBuD
Cbn7hgXgQq6ckE2BerhpM8TRpa2xHk5t0ACrZNyOIrfyRs6E+Bk6dmseMqWJYdRb
7lqdHH6smXW/fMLMurFv0P4WX7f4IPF4OrBG3CoJ3rBCTFXa6/+RaUjaC0/RKUtu
n09m8WLdxVemHhlrg99NQmLx9JEUSr+GbiriAgj5bdppZB5Niz3YiKodZVtcH3ow
90rND6pMrKF/Fs6Zkt7Oxf8bIX3yzs7dpq9OqWU0AuyS5oMwtyMdBjmDrTBEumoF
tKtHuQxX95/TXOJasCaMNRCb1RmGo7bbzo00Xjiq0UHj/fDZuGg9E1Dm2oXYGxg8
Private-MAC: 54aba03aff3cd77f65335b92b6a72df08034462b
/*                                     
//SYSUT2  DD DSN=FTP.PRIV.DATA,SPACE=(TRK,1),UNIT=SYSDA,
//        DCB=(RECFM=LSEQ,LRECL=80),DISP=(NEW,CATLG)
/
//*==========================================================
//*       FTP.AUTH CONFIGURATION FILE
//*==========================================================
//* keypcn d:\util\putty\keys\slesz11-3private.ppk 
//DEFAUTH  EXEC PGM=IEBGENER
//SYSPRINT DD SYSOUT=*
//SYSIN    DD DUMMY
//SYSUT1   DD *
machine slesz1 user fred pass password
keypass slesz1ABCDEF 
hostkey 12:03:da:81:ea:49:6d:96:ed:6f:46:eb:84:27:4d:12 
/*                                     
//SYSUT2  DD DSN=FTP.AUTH.DATA,SPACE=(TRK,1),UNIT=SYSDA,
//        DCB=(LRECL=80,RECFM=FB,DSORG=PS),DISP=(NEW,CATLG)
/
//*==========================================================
//*       FTP.DATA CONFIGURATION FILE
//*==========================================================
//DEFFTP   EXEC PGM=IEBGENER
//SYSPRINT DD SYSOUT=*
//SYSIN    DD DUMMY
//SYSUT1   DD *

; ---------------------------------------------------------------------
; MFFTP SETTINGS
; ---------------------------------------------------------------------

MFFTP_ABCODE 3085 ; SET DEFAULT ABEND CODE FOR MFFTP

MFFTP_OUTPUT_LRECL 120

MFFTP_PREFIX=Y
MFALLOC_LOC d:\temp\j1
;MFFTP_VERBOSE_OUTPUT ON
;MFFTP_KEEP_IP Y
;MFFTP_KEEP Y
MFFTP_CLIENT=SFTP
MFFTP_SFTP_AUTH=13
..... and so on 


/*                                     
//SYSUT2  DD DSN=FTP.DATA,SPACE=(TRK,1),UNIT=SYSDA,
//        DCB=(LRECL=80,RECFM=FB,DSORG=PS),DISP=(NEW,CATLG)
//
An example JCL to use FTP using sftp.
//MFFTP05  JOB 'MFFTP TEST',CLASS=A,MSGCLASS=A
//* sftp flavour .
//*
//* Delete files
//*
//DEL1  EXEC PGM=IDCAMS
//SYSPRINT DD SYSOUT=*
//SYSIN    DD *
 DELETE MFI01.MFFTP.FBFILE.TOUPLD FORCE
 DELETE MFI01.FTPDATA.FBFILE FORCE
 DELETE MFI01.MFFTP.GDG FORCE
 SET MAXCC=0
/*
//*
//* Allocate GDG base
//*
//ALLOC  EXEC  PGM=IDCAMS
//SYSPRINT DD  SYSOUT=*
//SYSIN    DD  *
  DEFINE  GDG -
         (NAME(MFI01.MFFTP.GDG) -
          LIMIT(5) -
          NOEMPTY -
          SCRATCH)
/*
//*
//* Create an FB/10 dataset
//*
//STEP0 EXEC PGM=IEBGENER
//SYSPRINT  DD SYSOUT=*
//SYSIN     DD DUMMY
//SYSUT1    DD *
AAAAAAAAAA
BBBBBBBBBB
/*
//SYSUT2    DD DSN=MFI01.MFFTP.FBFILE.TOUPLD,
//             DISP=(NEW,CATLG,DELETE),
//             DCB=(RECFM=FB,LRECL=10)
//*
//* Upload an MVS dataset
//*
//STEP1 EXEC PGM=MFFTP,PARM='slesz11-3.microfocus.com'
//SYSOUT DD  SYSOUT=*
//OUTPUT DD  SYSOUT=*
//SFTPAUTH DD DSN=FTP.AUTH.DATA,DISP=(SHR)
//SFTPPPK  DD DSN=FTP.PRIV.DATA,DISP=(SHR)
//INPUT  DD *
cd MFFTP_TEST
mkdir machine_os
cd machine_os
put MFI01.MFFTP.FBFILE.TOUPLD MFFTP01.txt
quit
/*
//*
//* Download a text file to an MVS dataset (FB/10)
//*
//STEP2 EXEC PGM=MFFTP,PARM='slesz11-3.microfocus.com'                                                    
//SYSOUT DD  SYSOUT=*
//OUTPUT DD  SYSOUT=*
//SFTPAUTH DD DSN=FTP.AUTH.DATA,DISP=(SHR)
//SFTPPPK  DD DSN=FTP.PRIV.DATA,DISP=(SHR)
//INPUT DD *
cd MFFTP_TEST/machine_os
locsite recfm=fb lrecl=10
get MFFTP01.txt MFI01.FTPDATA.FBFILE (rep
MFFTP_VARS
quit
/*
//*
//* Download a text file to a new GDG bias
//*
//STEP3 EXEC PGM=MFFTP,PARM='slesz11-3.microfocus.com'                                                   
//SYSOUT DD  SYSOUT=*
//OUTPUT DD  SYSOUT=*  
//SFTPAUTH DD DSN=FTP.AUTH.DATA,DISP=(SHR)
//SFTPPPK  DD DSN=FTP.PRIV.DATA,DISP=(SHR)
//INPUT DD *
cd MFFTP_TEST/machine_os
locsite recfm=fb lrecl=10
locstat
get MFFTP01.txt MFI01.MFFTP.GDG(+1)
del MFFTP01.txt
cd ..
rmdir machine_os
/*