IBM has confirmed that it isn't working as the documentation suggests.
They're going to have further discussions amongst themselves and most
likely will open up an APAR against Ported Tools.
Mark Jacobs
On 11/07/12 09:16, Mark Jacobs wrote:
Yes, I'm sure that the private key works.
I'll
Yes, I know, but one of my goals in this effort is to make the migration
process transparent to the users. Requiring them to change existing
working processes is a non-starter.
Mark Jacobs
On 11/14/12 11:16, Kirk Wolf wrote:
If you use cozsftp -k and the specified keyring:label is not found,
No it didn't.
$ ssh aimj@tcs1
FOTS2916 zsshGetKeyFromKeyRing: gsk_get_record_by_label from key ring
'*' for label 'SSH-KEY' failed (53817358). Record not found.
FOTS2916 zsshGetKeyFromKeyRing: gsk_get_record_by_label from key ring
'*' for label 'SSH-KEY' failed (53817358). Record not found.
Are you sure that if you don't specify IdentityKeyRingLabel for this test
that the file private key works?
If so, then this would seem to be a defect, since the the documentation (
see ssh command, -i option) says:
...
To sum it up, the order that identities are tried are as follows:
1.
Yes, I'm sure that the private key works.
I'll take a look into the -k option, and I did open up a SR with IBM
this morning.
Thanks again.
Mark Jacobs
On 11/07/12 09:09, Kirk Wolf wrote:
Are you sure that if you don't specify IdentityKeyRingLabel for this test
that the file private key
Mark,
IBM Ported Tools OpenSSH doesn't allow you to specify IdentityKeyRingLabel
in the global /etc/ssh/zos_ssh_config file.
You can also specify this option as a command line switch or environment
variable, if that helps.
Do you want to share the actual SAF(RACF/ACF2/TSS) key ring and private
No, what I'm looking to do is to perform a staged migration from OpenSSH
generated keypairs into RACF certificates. Our current situation is as
follows, we have many (several hundred) sftp processes, each running
under their own unique RACF userid with public/private keys already
generated and
You could use the _ZOS_USER_SSH_CONFIG environment variable to point all to
the same file.
In that file, you could have:
IdentityKeyRingLabel * SSH-KEY
This would use the user's virtual keyring and label SSH-KEY.
Kirk Wolf
Dovetailed Technologies
http://dovetail.com
On Tue, Nov 6, 2012 at
Thank you. Do you know what will happen if the SFTP userid doesn't yet
have a keyring configured? Will it still use the existing openssh
private key?
On 11/06/12 14:53, Kirk Wolf wrote:
You could use the _ZOS_USER_SSH_CONFIG environment variable to point all to
the same file.
In that file,
Sorry, I don't know if it will try both.
On Tue, Nov 6, 2012 at 2:21 PM, Mark Jacobs mark.jac...@custserv.comwrote:
Thank you. Do you know what will happen if the SFTP userid doesn't yet
have a keyring configured? Will it still use the existing openssh private
key?
OK. I'll try it on one of my other userids without a keyring and see
what happens (and report back).
On 11/06/12 15:30, Kirk Wolf wrote:
Sorry, I don't know if it will try both.
On Tue, Nov 6, 2012 at 2:21 PM, Mark Jacobsmark.jac...@custserv.comwrote:
Thank you. Do you know what will
11 matches
Mail list logo
