Thanks Mark and Allan! -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Mark Post Sent: Wednesday, March 01, 2017 2:41 PM To: [email protected] Subject: Re: RACF and public keys
>>> On 3/1/2017 at 02:04 PM, Tracy Adams <[email protected]> wrote: > I have a vendor that sent me a "public" key so they can SFTP into our > mainframe from a Linux box without have to supply the RACF password. > Yes they can sign in with a password and all works fine. I am new to > RACF and loading keys and the whole SFTP / ssh thing so bear with me! > > When I look at the key provided it starts off with this "ssh-rsa > AAAAB3NzaC1yc2EAAAABI".... The doc I have found from Dovetail for > Co:z indicates to get the .pub file into a MVS dataset in "text" > format then do a RACDCERT ADD command and then point to the RACF > keyring in $HOME/.ssh/authorized_keys. The RACDCERT command fails > indicating "The input data set does not contain a valid certificate." > And the DEBUG option provides no additional information. > > I am thinking I must have done something wrong getting the file from > Windows email to the mainframe... I simply used SFTP to move it from > c:\temp and I have tried both ASCII (looks good) and BINARY (looks binary). > > Is the .pub file simple in the wrong format for RACF and needs to be > converted? I'm pretty sure the public key they provided you was not intended to be used in conjunction with RACF (or any other ESM). That looks like a "plain old ssh" public key. If you don't mind them accessing your system in this way (I have severe doubts about that), just put the key as-is into the target userid's .ssh/authorized_keys file and have them give it a try. Mark Post ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
