Yes, I'm sure that the private key works.

I'll take a look into the -k option, and I did open up a SR with IBM this morning.

Thanks again.

Mark Jacobs

On 11/07/12 09:09, Kirk Wolf wrote:
Are you sure that if you don't specify IdentityKeyRingLabel for this test
that the file private key works?

If so, then this would seem to be a defect, since the the documentation (
see ssh command, -i option) says:
...
To sum it up, the order that identities are tried are as follows:
1. Identities in the agent.
2. The key ring certificates on the command-line option
3. Key ring certificates specified in a zos_user_ssh_config file
4. Identity files on the command-line option, and then
5. Identity files specified in an ssh_config configuration file.
...

If there is indeed a bug, you could use Co:Z SFTP's -k option.
This is an alternative way of supporting SAF Keyrings, but we use an ssh
key agent with Ported Tools ssh.   Our support predated IBM's key ring
support, but we kept it since it has some significant advantages :

-  private keys can be kept in PKDS (hardware)
-  ICSF and co-processor are used for RSA algorithms
-  the syntax is easier, and supports default labels

Kirk Wolf
Dovetailed Technologies
http://dovetail.com


On Wed, Nov 7, 2012 at 6:22 AM, Mark Jacobs<mark.jac...@custserv.com>wrote:

No it didn't.

$ ssh aimj@tcs1
FOTS2916 zsshGetKeyFromKeyRing: gsk_get_record_by_label from key ring '*'
for label 'SSH-KEY' failed (53817358). Record not found.
FOTS2916 zsshGetKeyFromKeyRing: gsk_get_record_by_label from key ring '*'
for label 'SSH-KEY' failed (53817358). Record not found.
aimj@tcs1's password:

I might open up a Service request with IBM to see if this is by design, or
broken.

Mark Jacobs



On 11/06/12 15:30, Kirk Wolf wrote:

Sorry, I don't know if it will try both.

On Tue, Nov 6, 2012 at 2:21 PM, Mark 
Jacobs<mark.jacobs@custserv.**com<mark.jac...@custserv.com>
wrote:


Thank you. Do you know what will happen if the SFTP userid doesn't yet
have a keyring configured? Will it still use the existing openssh private
key?





------------------------------**------------------------------**
----------

For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN




--
Mark Jacobs
Time Customer Service
Tampa, FL
----

The quiet ones are the ones that change the universe...
The loud ones only take the credit.

Londo Mollari - Babylon 5

------------------------------**------------------------------**----------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN



--
Mark Jacobs
Time Customer Service
Tampa, FL
----

The quiet ones are the ones that change the universe...
The loud ones only take the credit.

Londo Mollari - Babylon 5

----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN

Reply via email to