>>> On 3/1/2017 at 02:04 PM, Tracy Adams <[email protected]> wrote: > I have a vendor that sent me a "public" key so they can SFTP into our > mainframe from a Linux box without have to supply the RACF password. Yes > they can sign in with a password and all works fine. I am new to RACF and > loading keys and the whole SFTP / ssh thing so bear with me! > > When I look at the key provided it starts off with this "ssh-rsa > AAAAB3NzaC1yc2EAAAABI".... The doc I have found from Dovetail for Co:z > indicates to get the .pub file into a MVS dataset in "text" format then do a > RACDCERT ADD command and then point to the RACF keyring in > $HOME/.ssh/authorized_keys. The RACDCERT command fails indicating "The input > data set does not contain a valid certificate." And the DEBUG option provides > no additional information. > > I am thinking I must have done something wrong getting the file from Windows > email to the mainframe... I simply used SFTP to move it from c:\temp and I > have tried both ASCII (looks good) and BINARY (looks binary). > > Is the .pub file simple in the wrong format for RACF and needs to be > converted?
I'm pretty sure the public key they provided you was not intended to be used in conjunction with RACF (or any other ESM). That looks like a "plain old ssh" public key. If you don't mind them accessing your system in this way (I have severe doubts about that), just put the key as-is into the target userid's .ssh/authorized_keys file and have them give it a try. Mark Post ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
