FYI - Slides and a recording of our June 12, 2012 webinar: "IBM Ported Tools for z/OS OpenSSH: Key Authentication" is available on our web site:
http://dovetail.com/webinars.html (this is part 1 of a two part series; part 2 is "Using Key Rings" ) Kirk Wolf Dovetailed Technologies http://dovetail.com On Mon, Sep 23, 2013 at 2:37 PM, Grinsell, Don <[email protected]> wrote: > What I recall doing to facilitate this on my system was to use putty to > connect to my first host and then use ssh to manually connect to the second > host. This establishes the keys in the known_hosts file for the > appropriate user. After that the batch sftp should work just fine. > > If I remember correctly I seem to recall that if you already have an entry > in the known_hosts for usera you can copy that entry to the known_hosts > file for userb and it will work. > > Hope that helps. > > -- > > Donald Grinsell > State of Montana > 406-444-2983 > [email protected] > > "I love deadlines. I love the whooshing sound they make as they fly by." > ~ Douglas Adams > > -----Original Message----- > From: IBM Mainframe Discussion List [mailto:[email protected]] On > Behalf Of Mowry, Norma E CIV DISA ESB (US) > Sent: Monday, September 23, 2013 1:29 PM > To: [email protected] > Subject: Help with OpenSSH SFTP Batch > > We just configured and started two OpenSSH servers on different hosts. I > have been able to logon to both SHH servers using PuTTY, we can initiate > sftp from the PuTTY session and it works okay to transfer files. We are > now trying to get SFTP to work from a batch job but it fails with RC=255 > HOST Verification failed. For now we are trying to use logon userid and > password to authenticate the user but I don't think we are getting to that > point before the job fails. The errors I see are FOTS1370 Host key > verification failed.. FOTS0841 Connection closed. > > With -vvv in the job I see the following (this is not the complete error > file)... > debug1: mac_setup_by_id: hmac-sha1 from source ICSF. > debug2: mac_setup: found hmac-sha1. > debug1: kex: server->client aes256-cbc hmac-sha1 none. > debug1: mac_setup_by_id: hmac-sha1 from source ICSF. > debug2: mac_setup: found hmac-sha1. > debug1: kex: client->server aes256-cbc hmac-sha1 none. > debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<4096<8192) sent. > debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP. > debug2: dh_gen_key: priv key bits set: 239/512. > debug2: bits set: 2054/4095. > debug1: SSH2_MSG_KEX_DH_GEX_INIT sent. > debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY. > debug3: check_host_in_hostfile: filename /u/umo4950/.ssh/known_hosts. > debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts. > debug3: check_host_in_hostfile: filename /u/umo4950/.ssh/known_hosts. > debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts. > debug3: check_host_in_hostfile: filename /u/umo4950/.ssh/known_hosts. > debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts. > debug2: no key of type 0 for host mxj.csd.disa.mil. > debug3: check_host_in_hostfile: filename /u/umo4950/.ssh/known_hosts2. > debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts2. > debug3: check_host_in_hostfile: filename /u/umo4950/.ssh/known_hosts. > debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts. > debug2: no key of type 2 for host mxj.csd.disa.mil. > debug3: __catgets: NLS setup complete (1), using message catalog > openssh.cat. > FOTS1370 Host key verification failed.. > debug1: zsshSmfSetConnSmfStatus: SMF status is 0. > debug3: zsshSmfWritePipe: Not collecting SMF data. status=0 . > debug3: __catgets: NLS setup complete (1), using message catalog > openssh.cat. > FOTS0841 Connection closed. > > > We are running z/OS V1R13 on both systems. > > Thanks for your help. > > > Norma Mowry > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, send email > to [email protected] with the message: INFO IBM-MAIN > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
