We recently added SERVAUTH to prevent ftps access to OMVS files. But all is working fine on 1.11 LPARs. I don't see any RACF errors in SYSLOG.
-- Donald J. [email protected] On Wed, Oct 10, 2012, at 12:55 PM, Rob Schramm wrote: > I think you may be running up against a SERVAUTH or NETACCESS resource > class setup. > > Any security violations? > > Rob Schramm > Senior Systems Consultant > Imperium Group > > > > > On Wed, Oct 10, 2012 at 3:41 PM, Donald J. <[email protected]> wrote: > > > I am testing an SSHD server on a new z/OS 1.12 system. > > The connections are failing with following messages on the client side: > > debug1: Remote protocol version 2.0, remote software version > > OpenSSH_5.0. > > debug1: match: OpenSSH_5.0 pat OpenSSH*. > > debug1: Enabling compatibility mode for protocol 2.0. > > debug1: Local version string SSH-2.0-OpenSSH_5.0. > > debug2: fd 4 setting O_NONBLOCK. > > debug3: RNG is ready, skipping seeding. > > debug1: SSH2_MSG_KEXINIT sent. > > debug3: __catgets: NLS setup complete (1), using message catalog > > openssh.cat. > > FOTS1930 Read from socket failed: EDC8121I Connection reset.. > > > > The SSHD server error messages are: > > debug1: Client protocol version 2.0; client software version > > PuTTY_Release_0.62 > > debug1: no match: PuTTY_Release_0.62 > > debug1: Enabling compatibility mode for protocol 2.0 > > debug1: Local version string SSH-2.0-OpenSSH_5.0 > > debug2: fd 3 setting O_NONBLOCK > > debug2: Network child is on pid 50331751 > > debug3: Current IBM Release level: 22 > > debug3: MLS: seclabel of AS: uid:0 pid:67108965 > > debug3: MLS: peer socket: rc:0 t:0 seclabel: terminal:C0A8143D > > poe_profile: > > Port of Entry information retained for uid:0 pid:67108965. > > debug3: MLS: seclabel of AS: uid:0 pid:67108965 > > debug3: MLS: peer socket: rc:0 t:0 seclabel: terminal:C0A8143D > > poe_profile: > > debug3: MLS: /var/empty: rc:0 t:1 seclabel: terminal: poe_profile: > > debug3: preauth child monitor started > > debug3: mm_request_receive entering > > debug1: do_cleanup > > > > The configuration worked fine on z/OS 1.11. The 1.12 SFTP client works > > fine. > > The error messages seem to indicate an MLS port of entry issue. I have > > tried both > > userid/password logins and publickey connections. > > PublickeyAuthentication and > > UseLogin are yes. I also tried connecting with client on same LPAR as > > server, so > > it is not a firewall or network issue. > > > > > > > > -- > > http://www.fastmail.fm - Access all of your messages and folders > > wherever you are > > > > ---------------------------------------------------------------------- > > For IBM-MAIN subscribe / signoff / archive access instructions, > > send email to [email protected] with the message: INFO IBM-MAIN > > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN -- http://www.fastmail.fm - Same, same, but different... ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
