Are you sure that if you don't specify IdentityKeyRingLabel for this test that the file private key works?
If so, then this would seem to be a defect, since the the documentation ( see ssh command, -i option) says: ... To sum it up, the order that identities are tried are as follows: 1. Identities in the agent. 2. The key ring certificates on the command-line option 3. Key ring certificates specified in a zos_user_ssh_config file 4. Identity files on the command-line option, and then 5. Identity files specified in an ssh_config configuration file. ... If there is indeed a bug, you could use Co:Z SFTP's -k option. This is an alternative way of supporting SAF Keyrings, but we use an ssh key agent with Ported Tools ssh. Our support predated IBM's key ring support, but we kept it since it has some significant advantages : - private keys can be kept in PKDS (hardware) - ICSF and co-processor are used for RSA algorithms - the syntax is easier, and supports default labels Kirk Wolf Dovetailed Technologies http://dovetail.com On Wed, Nov 7, 2012 at 6:22 AM, Mark Jacobs <[email protected]>wrote: > No it didn't. > > $ ssh aimj@tcs1 > FOTS2916 zsshGetKeyFromKeyRing: gsk_get_record_by_label from key ring '*' > for label 'SSH-KEY' failed (53817358). Record not found. > FOTS2916 zsshGetKeyFromKeyRing: gsk_get_record_by_label from key ring '*' > for label 'SSH-KEY' failed (53817358). Record not found. > aimj@tcs1's password: > > I might open up a Service request with IBM to see if this is by design, or > broken. > > Mark Jacobs > > > > On 11/06/12 15:30, Kirk Wolf wrote: > >> Sorry, I don't know if it will try both. >> >> On Tue, Nov 6, 2012 at 2:21 PM, Mark >> Jacobs<mark.jacobs@custserv.**com<[email protected]> >> >wrote: >> >> >> >>> Thank you. Do you know what will happen if the SFTP userid doesn't yet >>> have a keyring configured? Will it still use the existing openssh private >>> key? >>> >>> >>> >>> >>> >> ------------------------------**------------------------------** >> ---------- >> >> For IBM-MAIN subscribe / signoff / archive access instructions, >> send email to [email protected] with the message: INFO IBM-MAIN >> >> >> > > > -- > Mark Jacobs > Time Customer Service > Tampa, FL > ---- > > The quiet ones are the ones that change the universe... > The loud ones only take the credit. > > Londo Mollari - Babylon 5 > > ------------------------------**------------------------------**---------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
