Yes, I know, but one of my goals in this effort is to make the migration
process transparent to the users. Requiring them to change existing
working processes is a non-starter.
Mark Jacobs
On 11/14/12 11:16, Kirk Wolf wrote:
If you use cozsftp -k and the specified keyring:label is not found,
If you use cozsftp -k and the specified keyring:label is not found, you
will get an error message but it will fall back and use the default
~/.ssh/id_rsa private key
Kirk Wolf
Dovetailed Technologies
http://dovetail.com
On Wed, Nov 14, 2012 at 7:14 AM, Mark Jacobs wrote:
> IBM has confirmed tha
IBM has confirmed that it isn't working as the documentation suggests.
They're going to have further discussions amongst themselves and most
likely will open up an APAR against Ported Tools.
Mark Jacobs
On 11/07/12 09:16, Mark Jacobs wrote:
Yes, I'm sure that the private key works.
I'll tak
Yes, I'm sure that the private key works.
I'll take a look into the -k option, and I did open up a SR with IBM
this morning.
Thanks again.
Mark Jacobs
On 11/07/12 09:09, Kirk Wolf wrote:
Are you sure that if you don't specify IdentityKeyRingLabel for this test
that the file private key work
Are you sure that if you don't specify IdentityKeyRingLabel for this test
that the file private key works?
If so, then this would seem to be a defect, since the the documentation (
see ssh command, -i option) says:
...
To sum it up, the order that identities are tried are as follows:
1. Identities
No it didn't.
$ ssh aimj@tcs1
FOTS2916 zsshGetKeyFromKeyRing: gsk_get_record_by_label from key ring
'*' for label 'SSH-KEY' failed (53817358). Record not found.
FOTS2916 zsshGetKeyFromKeyRing: gsk_get_record_by_label from key ring
'*' for label 'SSH-KEY' failed (53817358). Record not found.
ai
OK. I'll try it on one of my other userids without a keyring and see
what happens (and report back).
On 11/06/12 15:30, Kirk Wolf wrote:
Sorry, I don't know if it will try both.
On Tue, Nov 6, 2012 at 2:21 PM, Mark Jacobswrote:
Thank you. Do you know what will happen if the SFTP userid
Sorry, I don't know if it will try both.
On Tue, Nov 6, 2012 at 2:21 PM, Mark Jacobs wrote:
> Thank you. Do you know what will happen if the SFTP userid doesn't yet
> have a keyring configured? Will it still use the existing openssh private
> key?
>
>
>
--
Thank you. Do you know what will happen if the SFTP userid doesn't yet
have a keyring configured? Will it still use the existing openssh
private key?
On 11/06/12 14:53, Kirk Wolf wrote:
You could use the _ZOS_USER_SSH_CONFIG environment variable to point all to
the same file.
In that file, yo
You could use the _ZOS_USER_SSH_CONFIG environment variable to point all to
the same file.
In that file, you could have:
IdentityKeyRingLabel "* SSH-KEY"
This would use the user's virtual keyring and label "SSH-KEY".
Kirk Wolf
Dovetailed Technologies
http://dovetail.com
On Tue, Nov 6, 2012 at
No, what I'm looking to do is to perform a staged migration from OpenSSH
generated keypairs into RACF certificates. Our current situation is as
follows, we have many (several hundred) sftp processes, each running
under their own unique RACF userid with public/private keys already
generated and
Mark,
IBM Ported Tools OpenSSH doesn't allow you to specify IdentityKeyRingLabel
in the global /etc/ssh/zos_ssh_config file.
You can also specify this option as a command line switch or environment
variable, if that helps.
Do you want to share the actual SAF(RACF/ACF2/TSS) key ring and private k
Before I dig even further into the manuals, does anyone know if there's
a way to specify in a globally accessible ssh configuration file to use
a certificate attached to a key ring for the private key?
I know I can use the user specific zos_user_ssh_config file, but I'd
like to utilize a singl
13 matches
Mail list logo
