Classification: Confidential Things to check. TCP Policy Agent Other users of the poirt (as previously suggested). OMVS segment for the affected user. Public/Private keypair definitions and Permissions. SSH is (*VERY PICKY*) about file permissions.
I suggest the following reading (thank you Dovetail). https://coztoolkit.com/docs/sftp/ssh_keys_part2_2012-06-19.pdf https://coztoolkit.com/docs/sftp/ssh_keys_part1_2012-06-12.pdf HTH, -----Original Message----- From: IBM Mainframe Discussion List <[email protected]> On Behalf Of Wendell Lovewell Sent: Friday, May 26, 2023 6:49 PM To: [email protected] Subject: SSHD terminates immediately with permission(?) problem [CAUTION: This Email is from outside the Organization. Unless you trust the sender, Don’t click links or open attachments as it may be a Phishing email, which can steal your Information and compromise your Computer.] I've done something wrong that I can't identify, and now SSHD terminates immediately after starting. I'm not getting anything helpful on the console or in the joblog. But I am getting these msgs in syslog: OMVSKERN SSHD3 sshd[67174408]: error: FOTS1442 Bind to port 22 on :: failed: EDC5111I Permission denied. (errno2=0x744C7246). OMVSKERN SSHD3 sshd[67174408]: error: FOTS1442 Bind to port 22 on 0.0.0.0 failed: EDC5111I Permission denied. (errno2=0x744C7246). OMVSKERN SSHD3 sshd[67174408]: fatal: FOTS1464 Cannot bind any address. I've looked up the 7246 code: JRPORTACCESSAUTH EQU 29254 * User does not have authority to access this port. OMVSKERN's is UID(0). Has ALTER access to BPX.DAEMON. Port 22 is not in use, per D TCPIP,,N,SOCKETS None of the files in /etc/ssh had changed for 4 years, so I don't think it's there. (I did set LogLevel to DEBUG3, which didn't help any.) The only things I can think of that I might have messed up something with keys. I did try some weeks ago to set up a certificate to bypass entering my password when using "ssh user@zos" and didn't get that to work. And I did install a new CERTAUTH this week for the new IBM service requirement ("DigiCert Global Root G2"), 'tho I can't imagine that would matter. Any suggestions would really be appreciated...I'm not much good with entering USS commands via a 3270 screen. TIA, Wendell ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ::DISCLAIMER:: ________________________________ The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. E-mail transmission is not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or may contain viruses in transmission. The e mail and its contents (with or without referred errors) shall therefore not attach any liability on the originator or HCL or its affiliates. Views or opinions, if any, presented in this email are solely those of the author and may not necessarily reflect the views or opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of authorized representative of HCL is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. Before opening any email and/or attachments, please check them for viruses and other defects. ________________________________ ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
