I'm surprised no one has mentioned about checking to see if the low ports (< 1024) are restricted.
Matthew On Tue, 30 May 2023 13:23:23 +0000, Allan Staller <[email protected]> wrote: >Classification: Confidential > >Things to check. >TCP Policy Agent >Other users of the poirt (as previously suggested). >OMVS segment for the affected user. >Public/Private keypair definitions and Permissions. SSH is (*VERY PICKY*) >about file permissions. > >I suggest the folloning reading (thank you Dovetail). >https://coztoolkit.com/docs/sftp/ssh_keys_part2_2012-06-19.pdf >https://coztoolkit.com/docs/sftp/ssh_keys_part1_2012-06-12.pdf > >HTH, > >-----Original Message----- >From: IBM Mainframe Discussion List <[email protected]> On Behalf Of >Wendell Lovewell >Sent: Friday, May 26, 2023 6:49 PM >To: [email protected] >Subject: SSHD terminates immediately with permission(?) problem > >[CAUTION: This Email is from outside the Organization. Unless you trust the >sender, Don’t click links or open attachments as it may be a Phishing email, >which can steal your Information and compromise your Computer.] > >I've done something wrong that I can't identify, and now SSHD terminates >immediately after starting. > >I'm not getting anything helpful on the console or in the joblog. But I am >getting these msgs in syslog: > >OMVSKERN SSHD3 sshd[67174408]: error: FOTS1442 Bind to port 22 on :: >failed: EDC5111I Permission denied. (errno2=0x744C7246). >OMVSKERN SSHD3 sshd[67174408]: error: FOTS1442 Bind to port 22 on 0.0.0.0 >failed: EDC5111I Permission denied. (errno2=0x744C7246). >OMVSKERN SSHD3 sshd[67174408]: fatal: FOTS1464 Cannot bind any address. > >I've looked up the 7246 code: >JRPORTACCESSAUTH QEQU 29254 * User does not have authority to access >this port. > >OMVSKERN's is UID(0). Has ALTER access to BPX.DAEMON. Port 22 is not in use, >per D TCPIP,,N,SOCKETS > >None of the files in /etc/ssh had changed for 4 years, so I don't think it's >there. (I did set LogLevel to DEBUG3, which didn't help any.) > >The only things I can think of that I might have messed up something with >keys. I did try some weeks ago to set up a certificate to bypass entering my >password when using "ssh user@zos" and didn't get that to work. And I did >install a new CERTAUTH this week for the new IBM service requirement >("DigiCert Global Root G2"), 'tho I can't imagine that would matter. > >Any suggestions would really be appreciated...I'm n t much good with entering >USS commands via a 3270 screen. > >TIA, >Wendell ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
