So that means every ssh user would have to do the same? Norma Mowry DECC-Mechanicsburg Operating Systems Support (ESB11) (717)-605-7865 DSN:430 e-mail address: [email protected]
-----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Grinsell, Don Sent: Monday, September 23, 2013 15:37 To: [email protected] Subject: Re: Help with OpenSSH SFTP Batch What I recall doing to facilitate this on my system was to use putty to connect to my first host and then use ssh to manually connect to the second host. This establishes the keys in the known_hosts file for the appropriate user. After that the batch sftp should work just fine. If I remember correctly I seem to recall that if you already have an entry in the known_hosts for usera you can copy that entry to the known_hosts file for userb and it will work. Hope that helps. -- Donald Grinsell State of Montana 406-444-2983 [email protected] "I love deadlines. I love the whooshing sound they make as they fly by." ~ Douglas Adams -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Mowry, Norma E CIV DISA ESB (US) Sent: Monday, September 23, 2013 1:29 PM To: [email protected] Subject: Help with OpenSSH SFTP Batch We just configured and started two OpenSSH servers on different hosts. I have been able to logon to both SHH servers using PuTTY, we can initiate sftp from the PuTTY session and it works okay to transfer files. We are now trying to get SFTP to work from a batch job but it fails with RC=255 HOST Verification failed. For now we are trying to use logon userid and password to authenticate the user but I don't think we are getting to that point before the job fails. The errors I see are FOTS1370 Host key verification failed.. FOTS0841 Connection closed. With -vvv in the job I see the following (this is not the complete error file)... debug1: mac_setup_by_id: hmac-sha1 from source ICSF. debug2: mac_setup: found hmac-sha1. debug1: kex: server->client aes256-cbc hmac-sha1 none. debug1: mac_setup_by_id: hmac-sha1 from source ICSF. debug2: mac_setup: found hmac-sha1. debug1: kex: client->server aes256-cbc hmac-sha1 none. debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<4096<8192) sent. debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP. debug2: dh_gen_key: priv key bits set: 239/512. debug2: bits set: 2054/4095. debug1: SSH2_MSG_KEX_DH_GEX_INIT sent. debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY. debug3: check_host_in_hostfile: filename /u/umo4950/.ssh/known_hosts. debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts. debug3: check_host_in_hostfile: filename /u/umo4950/.ssh/known_hosts. debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts. debug3: check_host_in_hostfile: filename /u/umo4950/.ssh/known_hosts. debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts. debug2: no key of type 0 for host mxj.csd.disa.mil. debug3: check_host_in_hostfile: filename /u/umo4950/.ssh/known_hosts2. debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts2. debug3: check_host_in_hostfile: filename /u/umo4950/.ssh/known_hosts. debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts. debug2: no key of type 2 for host mxj.csd.disa.mil. debug3: __catgets: NLS setup complete (1), using message catalog openssh.cat. FOTS1370 Host key verification failed.. debug1: zsshSmfSetConnSmfStatus: SMF status is 0. debug3: zsshSmfWritePipe: Not collecting SMF data. status=0 . debug3: __catgets: NLS setup complete (1), using message catalog openssh.cat. FOTS0841 Connection closed. We are running z/OS V1R13 on both systems. Thanks for your help. Norma Mowry ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
