HPE Community
Operating System - OpenVMS
1828798 Members
2497 Online
109985 Solutions
New Discussion

Re: Transfer trust from VMS to Linux

 
almanzam
Occasional Advisor

‎02-06-2006 02:42 AM

‎02-06-2006 02:42 AM

Transfer trust from VMS to Linux

Greetings. My very first question is derived from my return to VMS after an 8-year hiatus, when VMS belonged to Digital. Now I am a web administrator/developer/VMS beginner. After that long introduction, I now ask my question:

We have a VMS 7.3.2 system in which we have a huge Oracle database. Out of this database, we export many flat tab-separated files that the Oracle users retrieve via scripts on eMail. As you and I know, eMail is unsecure to send info such as SSN and ID and such things. What we would like to do is set up a trust between this VMS machine and a Linux machine so that users on Windows environments retrieve the files there and not the VMS machine. Basically, a VMS-to-Linux-to-Windows scripting will take care of that, and users can retrieve via a website or a Samba share from the Linux system. How could I do that with an SSH client on VMS?

I found slight help on this thread: http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=997539 , is that the best way? We'd cut out the email part from the script that sends the file, and copy the file to the Linux machine.

The destination machine would more than likely have to have this "Trust" from the VMS machine.
0 Kudos
Reply
14 REPLIES 14
Wim Van den Wyngaert
Honored Contributor

‎02-06-2006 02:56 AM

‎02-06-2006 02:56 AM

Re: Transfer trust from VMS to Linux

Which UCX/TCP version ?

Wim
Wim
0 Kudos
Reply
Steven Schweda
Honored Contributor

‎02-06-2006 03:01 AM

‎02-06-2006 03:01 AM

Re: Transfer trust from VMS to Linux

Why is it more secure for the users to access
the data from the Linux system than from the
VMS system?

You should be able to run Samba and/or a Web
server on the VMS system. How does adding
the Linux system help?
0 Kudos
Reply
Aaron Sakovich
Super Advisor

‎02-06-2006 03:09 AM

‎02-06-2006 03:09 AM

Re: Transfer trust from VMS to Linux

Greetings!

You didn't mention which version of TCP/IP you're running, so my response will be biased towards HP's TCP/IP Services for OpenVMS.

If you are indeed running this, I'd urge you to ensure that you're running at least v5.4 with ECO4 (ECO5 preferred), then I'd recommend you investigate the scp and sftp facilities in the product.

http://h71000.www7.hp.com/doc/732final/aa-rvbua-te/00/00/34-con.html

You'll also need to pay attention to the release notes, specifically:

http://h71000.www7.hp.com/doc/732FINAL/TCP_RN/tcp_rnpro_002.html#ssh_file_problems

Also review the release notes of whichever ECO you apply.

Alternatively, you may create a tunnel for a fully functional FTP command, but I'll leave that exercise to you; the documents are the same! :^)

HTH,
Aaron
0 Kudos
Reply
almanzam
Occasional Advisor

‎02-06-2006 06:50 AM

‎02-06-2006 06:50 AM

Re: Transfer trust from VMS to Linux

You were right, AS.

From $tcpip show version:
HP TCP/IP Services for OpenVMS Alpha Version V5.4 - ECO 2
on a AlphaServer ES45 Model 2B running OpenVMS V7.3-2

Quoting SS:
> Why is it more secure for the users to access the data from the Linux system than from the VMS system?
> You should be able to run Samba and/or a Web server on the VMS system. How does adding the Linux system help?

More manageable to make Oracle accounts, not system accounts, for users. Accessibility through Oracle Developer Forms allows them to open databases, etc. We'd like for them to 'touch' the VMS system only as little as possible only if they need system access, otherwise Oracle handles the output to the system, then sends it to Linux via the tunnels.

I will read the sites you referred, AS. I will be DCL scripting this and also BASH or Perl scripting it on the Linux machine. Do my answers change anything?
0 Kudos
Reply
Thomas Ritter
Respected Contributor

‎02-06-2006 08:24 AM

‎02-06-2006 08:24 AM

Re: Transfer trust from VMS to Linux

Why not use two VMS Nodes. Have the production node copy to the second VMS node the files. Call this second node a "drop box". All access will only be to the drop box and allow only FTP. Use Decnet from VMS to VMS. Makes for some very slick procedures. Having a "drop box" may appeal to your auditors and can prevent data leaks from your production systems. Also by having the "drop box" seperate to production you have far more liberties with versions of software and rebooting.

Then "drop box" to Windows using what ever is available.
0 Kudos
Reply
Steven Schweda
Honored Contributor

‎02-06-2006 04:17 PM

‎02-06-2006 04:17 PM

Re: Transfer trust from VMS to Linux

Given that you wish to keep the Linux system
in the mix, then, sure, (as AS said) try the
scp or sftp methods. (And watch those file
formats.)

The formats of the public key files tended to
vary with time and/or SSH author, so it's not
all totally fool-proof, but I've gotten ssh
to work among VMS (TCPIP V5.4 - ECO 5 on VMS
Alpha V7.3-2), Tru64 (SSH Secure Shell Tru64
UNIX 3.2.0 on Tru64 UNIX V5.1B (Rev. 2650)),
and Solaris (some Sun-supplied stuff on SunOS
5.9), so it should have a fighting chance on
Linux, too.
0 Kudos
Reply
Jan van den Ende
Honored Contributor

‎02-07-2006 09:06 PM

‎02-07-2006 09:06 PM

Re: Transfer trust from VMS to Linux

Almanzam,

I noticed this is your first post, let me begin with:

WELCOME to the VMS forum.

Of course you can expect us to be not completely unbiased, but you really should reconsider the answer by Thomas Ritter.

Although any issues are resolvable, still, transferring files from VMS to *UX to M$ DOES have all kinds of fileformat issues.
Involving just 2 of those 3 evades several of those, which is always a lot easier than resolving them!

just my EUR 0.02

Proost.

Have one on me.

jpe
Don't rust yours pelled jacker to fine doll missed aches.
0 Kudos
Reply
Cass Witkowski
Trusted Contributor

‎02-08-2006 11:24 AM

‎02-08-2006 11:24 AM

Re: Transfer trust from VMS to Linux

Why not set up a web server on OpenVMS system. It's Apache based and free. That removes the need for linux middle man
0 Kudos
Reply
Steven Schweda
Honored Contributor

‎02-08-2006 06:30 PM

‎02-08-2006 06:30 PM

Re: Transfer trust from VMS to Linux

> [...] web server on OpenVMS system [...]

Doh! I should have thought of that days ago.
0 Kudos
Reply
Fred Sittler
New Member

‎02-28-2007 09:44 AM

‎02-28-2007 09:44 AM

Re: Transfer trust from VMS to Linux

I find it hard to believe that you can't or you have to jump thru hoops to get SSH ( sftp-batch) to work from OpenVMS to Linux. I used the HP doc to set up the Public keys on VMS and ftped the .PUB file to the Linux box, but the format of this file just does not look good. Or am I way off base here.
0 Kudos
Reply
Steven Schweda
Honored Contributor

‎02-28-2007 10:11 AM

‎02-28-2007 10:11 AM

Re: Transfer trust from VMS to Linux

Fred Sittler:

Instead of hopping from one old thread to
another, tacking on lame, whining complaints,
why not start a new thread? (Preferably a
new thread which answers all the questions
you've already been asked.)

> [...] jump thru hoops [...]

I can't speak with confidence about Linux,
but I've set this up with Solaris and Tru64,
so I'd bet that the Linux problem has been
solved. The hoops all seem to be pretty
large, and mounted close to the floor,
making the jumping relatively easy.

And yes, the key file formats may be
different, but this should be easy to
overcome. Did you search this forum for SSH
to find examples of past success?
0 Kudos
Reply
Fred Sittler
New Member

‎02-28-2007 10:42 AM

‎02-28-2007 10:42 AM

Re: Transfer trust from VMS to Linux

I should have added, "no paasword" to enter. If you set it up in Unix and the file formats for the .PUB files were different, does that matter. I tried "Public-Key Aythentication" on the VMS box and did what the instructions stated but could not get sftp to not use a password when using the "-B" ( batch option).

I could not find anyother information on this.

Thanks for your reply.
0 Kudos
Reply
Steven Schweda
Honored Contributor

‎02-28-2007 10:55 AM

‎02-28-2007 10:55 AM

Re: Transfer trust from VMS to Linux

Fred Sittler:

WHY NOT START A NEW THREAD?

> I should have added, "no paasword" [...]

You should have started a new thread, too.
If you get public key authorization to work
right, and if you have keys made with no
password/phrase, then "no paasword" won't be
a problem.

> If you set it up in Unix and the file
> formats for the .PUB files were different,
> does that matter.

Assuming that that was a question, yes, of
course it matters if the file formats are
different. See for example:

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=1043009

Also, I'd start with a simple "ssh", and work
up to "sftp" after the basic thing works.
Of course, I'd also START A NEW THREAD.
0 Kudos
Reply
Fred Sittler
New Member

‎03-06-2007 06:08 AM

‎03-06-2007 06:08 AM

Re: Transfer trust from VMS to Linux

I used the -i option down on the LINUX box for command ssk-keygen and that reformated the PUB file. You also have to take out non-comment records/lines out of that file also.

Thanks, This was my first time using this HP Web site and I will create a new session next time.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.