I don't yet have the original of this...
RPN01 wrote:
Could the two sides just trade keys with each other, allowing ssh access in
either direction without specifying a password?
To do the "into any linux userid" part, you'd have to pass down a key for
root to each of the linux boxes in question.
While I haven't tried this from MVS, it does work from Linux to Linux, and
from OS X to Linux.
--
.~. Robert P. Nix Mayo Foundation
/V\ RO-OE-5-55 200 First Street SW
/( )\ 507-284-0844 Rochester, MN 55905
^^-^^ -----
"In theory, theory and practice are the same, but
in practice, theory and practice are different."
On 7/20/07 8:23 AM, "Peter Rothman" <[EMAIL PROTECTED]> wrote:
Our shop has this situation:
User A has a userid on Linux and a userid on MVS - they are not named the
same.
EG. On linux it is prothman and on MVS it is pm1pkr.
We have a process/application that requires an OpenSSH setup on BOTH
systems to allow ssh traffic between the 2 systems/users without having to
specify a password.
On linux prothman must be able to "ssh -l pm1pr mvs-sys"
and on MVS pm1pkr must be able to "ssh -l prothman linux-sys"
We are also are looking into having a 'super user' on MVS that is allowed
to ssh into any linux userid without having to present a password.
I have this scenario working in a linux-linux combination but cannot get it
to work in the MVS-Linux environment.
Like this:
05:17 [EMAIL PROTECTED] ~]$ ssh ns id -a
uid=1000(summer) gid=1000(summer) groups=10(wheel),1000(summer)
context=user_u:system_r:unconfined_t
05:18 [EMAIL PROTECTED] ~]$ ssh [EMAIL PROTECTED] id -a
uid=0(root) gid=0(root)
groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
context=root:system_r:unconfined_t
05:18 [EMAIL PROTECTED] ~]$
I put my public key into .ssh/authorized_keys in all users' accounts on
all hosts I need to access.
Note that there is no logging of _who_ logs in to those accounts; if
[EMAIL PROTECTED] had your public key and mine, there'd be nothing to say which
is
used on any particular occasion.
I have googled the subject and have some documentation but cannot get this
to work.
Can anyone point me to some 'good' documentation.
Thanks
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
--
Cheers
John
-- spambait
[EMAIL PROTECTED] [EMAIL PROTECTED]
Please do not reply off-list
----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390
