The open command sets up a connection to a remote host. Either the name or the internet address of this host must be known. The host must either be part of the local network or be accessible via a gateway. The names and addresses of the hosts that can be reached via the open command can be obtained from the administrator of the local network.
If TLS security for the control connection was enabled using the protect or private command, this results in the behavior of the open command being modified (see "open - Open the connection to a remote host").
open |
<ipadr> | <remote-host> | local-host | loopback [<port>] |
<ipadr>
Internet address (IPv4 or IPv6 address) of the remote host to which the connection is to be made.
An IPv4 address must be specified in the usual “decimal-dotted” notation.
An IPv6 address must be specified in the usual hexadecimal notation with a colon (:).
<remote-host>
Symbolic name of the remote host to which the connection is to be made.
local-host
Symbolic name reserved for the user’s own host (usually meaningful only for test purposes). A separate Internet address is generated for localhost that is not identical to the address of the user’s own host in the local network. This address is known only to the local computer; other computers cannot use it.
loopback
loopback stands for the Internet address by means of which the local computer can actually be accessed in the LAN.
<port>
Port number of the FTP server. The FTP server is assigned port number 21 by default. The specification of a port number is required, for example, when multiple FTP servers are run on one host.
If an access control mechanism has been implemented on the remote host (for example, in BS2000 and in Unix systems), FTP determines the required authorization data (user ID, account number, password) interactively. Only the data that is really needed is requested (e.g. Unix systems do not require an account number, so the corresponding request is omitted).
If the authorization data is entered incorrectly, the connection to the remote host remains open when working in interactive mode. The user command can then be used to enter the appropriate data.
If task switch 1 is set, then the required authorization data must be entered in batch mode or interactive mode on separate lines (in the correct sequence) following the open
command. If the authorization data is invalid, the connection is cleared. FTP is terminated with TERMJ, i.e. the batch job or the procedure is continued only after the next STEP instruction. See also the client commands jobvar on "jobvar - Store error information in a job variable" and svar on "svar - Store error information in an SDF-P variable".
The admission data must be specified in accordance with the conventions of the partner system. Please observe the table on "FTP client in BS2000".
If no password is required, enter ‘*NONE’ (uppercase letters).
Example
The remote host is a Linux host.
Call the FTP client.
/START-FTP % BLS0523 ELEMENT 'FTP' [...] Some options read from global option file, option file name: $.SYSDAT.TCP-IP-AP.nnn.F-GOPT ftp>
Open a connection to the host systemd.
open systemd Connected to anlaged, port21. 220 anlaged (vsFTPd 2.0.5)
Prompt for a user ID (name).
Name (systemd:TCPTEST): USERID 331 Password required for tcptest.
Prompt for a password.
Password (systemd:tcptest): PASSWORD 230 Login successful.
Behavior of the open command when TLS security for the control connection already exists
When TLS security for the control connection is enabled via the protect or private command or the corresponding options, the open command behaves as follows:
If the TLS subsystem has not yet been initialized the message
[Initialising TLS]
is issued and, if the BS2000 subsystem PRNGD is not yet active, you yourself must ensure the pseudo random number generator is initialized (see the section “protect - Enable/disable TLS security for the control connection”).If a private key (for client certification) was specified in the option file, the passphrase for the private key is queried when the connection to the server is set up if this key was stored in encrypted form. For security reasons we strongly recommend that you store your private key in encrypted form.
The private key is loaded only when the first TLS-secured open command is issued, which means that the passphrase need not be entered again in the event of further open commands in the same FTP session.
The message
[Starting SSL/TLS negotiation ...]
is issued. If no errors occur in this TLS negotiation, the FTP server certificate data is displayed:name of the certificate owner
name of the certificate issuer
validity period
If the host name of the FTP server which is specified in the open command is not identical to the name entered in the certificate, a corresponding warning is issued and you are asked if you want to continue. You should only decide to continue if you are certain that the server designated by the certificate is really the required server. Otherwise you could become the victim of a so-called “man in the middle” attack: In a “man in the middle” attack the attacker places himself/herself between server and client and pretends to the client to be the required server.
If the host name and certificate owner are the same or if you have given the go-ahead despite differences in names, the usual prompt is displayed for entering the user name for the FTP server: The further procedure is the same as for an open command without TLS security.