Hello,
I do agree that we should be using password less, but as suggested earlier
that apart from public key, we can also use password verify way to
authentication. So, I want to try this to complete this activity .
Currently I am using below JCL,
//SFTP001 JOB ACCT,NAME,CLASS=A,MSGCLASS=A,NOTIFY=&SYSUID
//SFTP EXEC PGM=IKJEFT01,REGION=0M
//SYSTSPRT DD SYSOUT=*
//SYSEXEC DD DISP=SHR,DSN=SYS1.SBPXEXEC
//SYSTSIN DD *
OPUT 'IBM08.TEST.DATA' '/u/ibm08/test'
OSHELL { echo 'qwe.123'; +
echo 'cd /tmp'; +
echo 'ascii'; +
echo 'cd /home/ibm08'; +
echo 'mput * '; } | +
sftp -v [email protected]
/*
>From below Job log, we can see that sftp trying to authenticate using
password but somehow its not working. I feel, some syntax issue. Can
anybody help me to isolate this last one.
debug1: Authentications that can continue:
publickey,password,keyboard-interacti
debug1: Next authentication method:
publickey
debug1: Offering RSA public key:
/u/ibm08/.ssh/id_rsa
debug1: Authentications that can continue:
publickey,password,keyboard-interacti
debug1: Next authentication method:
keyboard-interactive
debug1: Authentications that can continue:
publickey,password,keyboard-interacti
debug1: Next authentication method:
password
debug1: read_passphrase: can't open /dev/tty: EDC5128I No such device.
(errno2=0
debug1: Authentications that can continue:
publickey,password,keyboard-interacti
FOTS1346 Permission denied, please try
again.
debug1: read_passphrase: can't open /dev/tty: EDC5128I No such device.
(errno2=0
debug1: Authentications that can continue:
publickey,password,keyboard-interacti
FOTS1346 Permission denied, please try
again.
debug1: read_passphrase: can't open /dev/tty: EDC5128I No such device.
(errno2=0
debug1: Authentications that can continue:
publickey,password,keyboard-interacti
debug1: No more authentication methods to
try.
FOTS1373 Permission denied
(publickey,password,keyboard-interactive).
debug1: zsshSmfSetConnSmfStatus: SMF status is
0
FOTS0841 Connection closed
On Dec 12, 2016 10:14, "Jack J. Woehr" <[email protected]> wrote:
> venkat kulkarni wrote:
>
>> All worked well. So, we are currently using password less method for
>> authentication. But, incase if we want to use password method to
>> authenticate to the system then what are all change we need to make.
>>
> "The fourth usage format (( sftp -b batchfile [user@]host )) allows for
> automated sessions using the -b option. In
> such cases, you might have to configure public key authentication to
> eliminate the need to enter a password at connection time.
> For more information, see sshd and ssh-keygen."
>
> from "sftp — Secure file transfer program" on page 87 of Chapter 9.
> OpenSSH command descriptions
> IBM Ported Tools for z/OS: OpenSSH User's Guide Version 1 Release 3
> SA23-2246-03
>
> Venkat --
>
> You have done very well.
> It must be somehow doable to use a password, but it certainly wasn't the
> architectural intent of the IBM developers.
> The difference between 3270 and Unix-style ttys is too great.
> Furthermore SSH experts inside and outside IBM view passwords in
> association with batch operations as a security risk.
> You are better off to use a key exchange.
>
> Jack
>
> --
> Jack J. Woehr # Science is more than a body of knowledge. It's a way of
> www.well.com/~jax # thinking, a way of skeptically interrogating the
> universe
> www.softwoehr.com # with a fine understanding of human fallibility. -
> Carl Sagan
>
> ----------------------------------------------------------------------
> For IBM-MAIN subscribe / signoff / archive access instructions,
> send email to [email protected] with the message: INFO IBM-MAIN
>
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: INFO IBM-MAIN
