HPE Community
Operating System - OpenVMS
1752451 Members
6568 Online
108788 Solutions
New Discussion юеВ

Re: Itanium to Itanium FTP

 
HudsonRecords
Occasional Contributor

тАО08-04-2017 10:11 AM - edited тАО08-04-2017 12:26 PM

тАО08-04-2017 10:11 AM - edited тАО08-04-2017 12:26 PM

Itanium to Itanium FTP

Please forgive me if I didn't post it the proper Networking section.

I would like to COPY/FTP files from an Itanium server here where I work to another Itanium server at a remote location.  We attempted this through a public-facing IP address / port that was forwarded to the remote server on port 21.  I was successful in connecting (at an FTP> prompt -- COPY/FTP doesn't seem to allow for use of a port number), however, I was not able to execute commands such as DIR or PUT but I could change directories.

I've had to resort to copying files from our server to my PC and then from my PC to their server, which is somewhat more tedious than using COPY/FTP at the $ prompt.  Using the method described above, I log in with my usual credentials, but it seems like the inablility to perform certain commands could be a permissions issue.  I would not know where to start to grant priviliges, if that were the case.

What is the best practice in this situation?  Obviously, security is a concern.  Any assistance would be truly appreciated.

Steve

Steven J. Brown
0 Kudos
Reply
5 REPLIES 5
Steven Schweda
Honored Contributor

тАО08-07-2017 06:32 AM - edited тАО08-07-2017 06:35 AM

тАО08-07-2017 06:32 AM - edited тАО08-07-2017 06:35 AM

Re: Itanium to Itanium FTP

> I would like to COPY/FTP files from an Itanium server [...]

   More important than the hardware platform ("Itanium") would be the
operating system involved, which appears to be VMS, not HP-UX.  Perhaps
you can get a forum moderator to move it.

   Then, the useful data would be the OS and IP software versions.
Probably:

      tcpip show version

> I was successful in connecting (at an FTP> prompt -- COPY/FTP doesn't
> seem to allow for use of a port number),

   Yeah, I also don't see a way to specify a port with COPY /FTP.  Looks
like an oversight/defect.

> [...] forwarded to the remote server on port 21.

   Conventionally, in what's now called active mode, FTP used two ports,
20 (data) and 21 (control).  This was a headache for firewalls, leading
to the creation of passive mode FTP, which uses only port 21.

> [...] I was not able to execute commands such as DIR or PUT but I
> could change directories.

   I read that as simple (control-only) commands work, but data-transfer
commands don't, which sounds as if you're using active mode FTP, but
can't make the second (data) port connection.

> [...] it seems like the inablility to perform certain commands could
> be a permissions issue.

   I vote for active v. passive.  If so, then the answer is to use
passive mode.  The FTP command "passive on" should do that job.  With
COPY /FTP, there's a /PASSIVE option, but that doesn't help with a
non-21 port number.  Interestingly, around here, FTP /PASSIVE=ON seems
to be accepted, but seems to have no effect on the program:

ALP $ tcpip show version

  HP TCP/IP Services for OpenVMS Alpha Version V5.7 - ECO 5
  on a COMPAQ Professional Workstation XP1000 running OpenVMS V8.4    

ALP $ ftp
FTP> show passive
Passive is AUTO (IPv4: OFF, IPv6: ON).
FTP> quit

ALP $ ftp /passive = on
FTP> show passive
Passive is AUTO (IPv4: OFF, IPv6: ON).          (So, no effect.)
FTP> passive on
Passive is ON.                                  (That worked.)
FTP> show passive
Passive is ON.
[...]

   Perhaps your version does better.

> What is the best practice in this situation?  Obviously, security is a
> concern.

   If security matters, then plain-old FTP, which sends credentials as
plain-text is a poor choice.  SCP might be much better.  Supposedly,
TCPIP V5.7 adds support for "FTP over SSL", which, according to the
release notes, "enables the FTP software to use the security features
provided by SSL", but I haven't done anything with it, so I know
nothing.  The release notes say "FTP /SSL" but "HELP FTP" is silent on
it.  With SCP or FTP /SSL, some configuration will be needed at both
client and server ends if you want to avoid typing user name and
password data (or including them in DCL scripts -- also a poor idea),
but these things are possible.

   If you're paying anyone for software support, then there would seem
to be ample reasons to complain:

      HELP FTP obsolete/useless
      FTP /PASSIVE ineffective/undocumented
      COPY /FTP /PORT unavailable

   A VMS-VMS SCP command example (where XXXX is a port number) might
look like this:

ALP $ scp login.com sms@antinode.info#XXXX:itrc/login.com

login.com                       |  6.9kB |   6.9 kB/s | TOC: 00:00:01 | 100%

   I have the required SSH private/public key files set up to allow user
SYSTEM to connect as user SMS, so no password was needed here.  And the
copy operation worked:

alp $ dire /date [.itrc]login

Directory ALP$DKC0:[SMS.itrc]

login.com;1           7-AUG-2017 08:21:07.91

Total of 1 file.


      scp -help

0 Kudos
Reply
David R. Lennon
Valued Contributor

тАО08-08-2017 08:14 AM

тАО08-08-2017 08:14 AM

Re: Itanium to Itanium FTP

Steven,

   Hi, I don't think there is a FTP /PASSIVE qualifier, there does seem to be a /PASSWORD qualifier, however. I think the "feature" of DCL just looking at enough of the letters of a qualifier to make it unique is misleading you there, under:

HP TCP/IP Services for OpenVMS Industry Standard 64 Version V5.7 - ECO 5

I see the DCL FTP command has the following definition:

$ verb ftp

define verb FTP

image TCPIP$FTP_CLIENT

parameter P1, label=HOSTNAME

parameter P2, label=PORT

value (type=$number)

qualifier ACCOUNT, nonnegatable

value (required)

qualifier CONTEXT, nonnegatable

value (required)

qualifier INPUT, nonnegatable, default

value (required,type=$file)

qualifier PASSWORD, nonnegatable

value (required)

qualifier USERNAME, nonnegatable

value (required)

qualifier SSL

 

Regards,

Dave

 

0 Kudos
Reply
Steven Schweda
Honored Contributor

тАО08-08-2017 11:02 AM

тАО08-08-2017 11:02 AM

Re: Itanium to Itanium FTP

> qualifier PASSWORD, nonnegatable
> value (required)

   You win.  Thanks.  COPY /FTP /PASSIVE misled me.  So, I'd have to
change my complaint table to something like:

      HELP FTP obsolete/useless
      FTP /PASSIVE missing/impossible?  /MODE = [NO]PASSIVE?
      COPY /FTP /PORT unavailable

   I'd say that differences between FTP and COPY /FTP options/syntax are
sources of trouble.  (Clearly true for me.)  Certainly, a command-line
option for passive mode in an interactive FTP session is less important
than a /PORT option for COPY /FTP.

   With VMS development shifting from HPE to VSI (with its TCPIP
replacement), it's hard to guess whether to expect any such
fixes/features from anyone soon.

0 Kudos
Reply
HudsonRecords
Occasional Contributor

тАО08-09-2017 08:40 AM

тАО08-09-2017 08:40 AM

Re: Itanium to Itanium FTP

Thanks for the reply, Dave.

HP TCP/IP Services for OpenVMS Industry Standard 64 Version V5.7 - ECO 5

I don't seem to have the VERB command. How do I get it?

Steve
Steven J. Brown
0 Kudos
Reply
Steven Schweda
Honored Contributor

тАО08-09-2017 10:09 AM

тАО08-09-2017 10:09 AM

Re: Itanium to Itanium FTP

> I don't seem to have the VERB command. How do I get it?

   It's freeware.  A Web search for keywords like, say:
      dcl verb utility
should find it in multiple places.  I seem to have a kit labeled V2.2-2
(27-MAR-2002).  If you find anything more modern, please let me know.

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.