Re: Attempting to get ported tools SSH to talk to a SLES 9 image on z.

Wed, 08 Feb 2006 19:54:57 -0800 

I just setup SSH client on z/OS for someone a few weeks ago.
I'll share my notes with you, in case one of these helps.
Never know...

1. First, here is a sample SCP batch job:

//* SCP PUT FROM MAINFRAME USS TO UNIX SERVER
//*
//S1 EXEC PGM=BPXBATCH,REGION=8M,
// PARM='SH nohup scp -vvv ~/test.txt   [EMAIL PROTECTED]:test.txt'
//STDERR DD PATH='/u/myid/.ssh/ssh.err',
// PATHOPTS=(OWRONLY,OCREAT,OTRUNC),PATHMODE=SIRWXU

Notice that you can specify  -vvv to get more messages for debug.


2.  Here is a note on  BATCHMODE  (don't know if it applies to you)

    If you are using BATCHMODE YES in the /etc/ssh/ssh_config
    client config file, you must share our public keys with all
    remote ssh server.  Your public key must be copied to the remote
    server's $HOME/.ssh/ directory into filename  authorized_keys
    i.e.  $HOME/.ssh/authorized_keys
    If this directory does not exist on the remote server, create it.

    Everytime you regenerate keys, you must update the authorized_keys
    file on the remote systems.

    Also, the remote server public keys need to be copied to our
    mainframe.  Copy them into $HOME/.ssh/known_hosts file and
    prepend the remote server's hostname to the beginning of the key.


3.  The mainframe's RSA/DSA keys can be generated using these commands.
      ssh-keygen -t rsa
      ssh-keygen -t dsa
      (hit enter when asked for pass phrases)


4.  ON THE REMOTE HOST THAT YOU PLAN TO LOG INTO,
    VERIFY THAT THE PERMISSION BITS ON
    BOTH YOUR HOME DIRECTORY, .SSH SUBDIRECTORY,
    AND AUTHORIZED KEYS FILE ARE NOT
    GROUP OR WORLD-WRITEABLE.
    THE SAME HOLDS TRUE FOR PERMISSION BITS IN YOUR
    LOCAL $HOME/.ssh/ directory and files, including
    the 'known_hosts' file.

    I believe this is true if the SSH Server has  "StrictModes" set to YES


5.  I have this in /etc/ssh/ssh_config

Protocol 2
BatchMode yes
Ciphers 3des-cbc,aes128-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc
bc
ConnectionAttempts 3
PasswordAuthentication no
PubkeyAuthentication yes
UserKnownHostsFile ~/.ssh/known_hosts





Sirius, an IBM Premier Business PartnerDave Myers  |  Senior Systems
Engineer  |  303.996.7112  |  Cell: 303.619.0782  |  E-mail:
[EMAIL PROTECTED]
Fax: 303.706.1713
zSeries IBM Certified SpecialistThe future belongs to those who create IT.
www.siriuscom.com

----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390

Reply via email to