IBM has confirmed that it isn't working as the documentation suggests.
They're going to have further discussions amongst themselves and most
likely will open up an APAR against Ported Tools.
Mark Jacobs
On 11/07/12 09:16, Mark Jacobs wrote:
Yes, I'm sure that the private key works.
I'll take a look into the -k option, and I did open up a SR with IBM
this morning.
Thanks again.
Mark Jacobs
On 11/07/12 09:09, Kirk Wolf wrote:
Are you sure that if you don't specify IdentityKeyRingLabel for this
test
that the file private key works?
If so, then this would seem to be a defect, since the the
documentation (
see ssh command, -i option) says:
...
To sum it up, the order that identities are tried are as follows:
1. Identities in the agent.
2. The key ring certificates on the command-line option
3. Key ring certificates specified in a zos_user_ssh_config file
4. Identity files on the command-line option, and then
5. Identity files specified in an ssh_config configuration file.
...
If there is indeed a bug, you could use Co:Z SFTP's -k option.
This is an alternative way of supporting SAF Keyrings, but we use an ssh
key agent with Ported Tools ssh. Our support predated IBM's key ring
support, but we kept it since it has some significant advantages :
- private keys can be kept in PKDS (hardware)
- ICSF and co-processor are used for RSA algorithms
- the syntax is easier, and supports default labels
Kirk Wolf
Dovetailed Technologies
http://dovetail.com
--
Mark Jacobs
Time Customer Service
Tampa, FL
----
The quiet ones are the ones that change the universe...
The loud ones only take the credit.
Londo Mollari - Babylon 5
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
