Your browser does not allow storing cookies. We recommend enabling them.


Replacing Plaintext FTP with FTP-SFTP Conversion

Tectia Server for IBM z/OS offers an easy way to secure plaintext FTP connections with a feature called FTP-SFTP conversion.

When FTP-SFTP conversion is enabled on Tectia Server for IBM z/OS client tools, it automatically captures all FTP connections initiated on the client side and converts the data to use the Secure File Transfer Protocol (SFTP), instead. The transferred files are sent to a Secure Shell SFTP server in encrypted format.

Tectia Server for IBM z/OS should be installed on the same host with the FTP client, and a Secure Shell server must be installed on the same host with the original FTP server.

FTP-SFTP conversion can be configured to pick the user name, password, and destination host directly from the secured FTP client, and use them to open the secured communication channel. This removes the need for any additional configuration modifications or changes to the original FTP scripts or applications. In the Connection Broker configuration, this is done simply with one rule that can fit all FTP connections.

When the FTP-SFTP conversion is used, there is no need for a plaintext FTP server, as the connection is made to an SFTP server instead. This requires that any post-processing done by the FTP server must be redirected to be performed elsewhere.

Tectia Server for IBM z/OS makes it easy to get started with the FTP replacement even in an environment where all FTP servers cannot be removed immediately. For example, there may be need to connect to a third-party FTP server every now and then, even though company-internal file transfers are handled in secure SFTP mode. Tectia Server for IBM z/OS has an option to allow fallback to plaintext FTP in case the secure SFTP connection cannot be established. This way the SFTP format is used always when possible, but connections to the remaining FTP servers are still available.

Using FTP-SFTP conversion

Figure 5.2. Using FTP-SFTP conversion


Highlights from the SSH.COM blog:

  • Cryptomining with the SSH protocol: what big enterprises need to know about it

    Cryptomining malware is primarily thought of as targeting desktops and laptops and is used to hijack system resources to mine cryptocurrency.
    Read more
  • SLAM the door shut on traditional privileged access management

    Did you know that something as trivial-sounding as granting access for your developers or third parties to a product development environment can throw a gorilla-sized monkey wrench into your operations and productivity?
    Read more
  • We broke the IT security perimeter

    Everyone understands the concept of a security perimeter. You only gain access if you are identified and authorized to do so.
    Read more