- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Re: SFTP Difficulty from IBM to OpenVMS
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-02-2010 10:43 AM
тАО07-02-2010 10:43 AM
SFTP Difficulty from IBM to OpenVMS
I believe it is having difficulty with the naming of the key on the OpenVMS machine. Below is one of the opcom messages that comes up:
%%%%%%%%%%% OPCOM 2-JUL-2010 14:10:30.31 %%%%%%%%%%%
Message from user AUDIT$SERVER on XXXYYY
Security alarm (SECURITY) and security audit (SECURITY) on XXXYYY, system id: 51210
Auditable event: Network login failure
Event time: 2-JUL-2010 14:10:30.30
PID: 0000143B
Process name: TCPIP$S_BG27717
Username: TCPIP$SSH
Remote node fullname: SSH_PUBLICKEY:IBMHOST.HSMV.STATE.FL.US
Remote username: AAA_TEST(LOCAL)
Status: %LOGIN-F-NOTVALID, user authorization failure
We populated the AUTHORIZATION. file with an entry of:
KEY AAA_TEST-IBMHOST_HSMV_STATE_FL_US.PUB. The logfile in sys$sysdevice:[tcpip$ssh] indicates that the key was converted to stream lf, prints out no other authentication methods available and closes. Any help would be greatly appreciated.
Sincerely
Rene
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-02-2010 09:29 PM
тАО07-02-2010 09:29 PM
Re: SFTP Difficulty from IBM to OpenVMS
That covers a lot of ground. AIX? z/OS?
MVS? ???
> [...] I have placed the public key from the
> IBM side [...]
Is that an OpenSSH-format (incompatible) key
or an SSH2-format (compatible) key? I can't
see it from here.
> We populated the AUTHORIZATION. file with
> an entry of:
>
> KEY AAA_TEST-IBMHOST_HSMV_STATE_FL_US.PUB.
Not including the last "."? Is there such a
file? (What's in it?)
> The logfile in sys$sysdevice:[tcpip$ssh]
> indicates that the key was converted to
> stream lf, [...]
Probably safer/faster if you do that once and
for all time.
> [...] prints out no other authentication
> methods available and closes.
An actual (copy+paste) transcript might be
more satisfying (and informative). Your
summary and interpretation do not make a good
substitute for the actual data.
Debug output from the client might help.
Adding "-v[v[v]]" to the "ssh"/"sftp"
command works in many places. "ssh -V" (or
"sftp -V") can be interesting, too.
> I believe it is having difficulty with the
> naming of the key on the OpenVMS machine.
Why? Knowing nothing about your key data, my
first guess would be "wrong format", but I'm
always open to actual evidence.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-03-2010 12:04 AM
тАО07-03-2010 12:04 AM
Re: SFTP Difficulty from IBM to OpenVMS
---- BEGIN SSH2 PUBLIC KEY ----
Comment: "dsa-key-20080725, 2048-bit DSA, kchan@ckc-pc"
OpenSSH based ssh-keygen will do the conversion for you with the "-e" switch.
Also are you sure that you have specified the path to the private key identification file correctly on the IBM side?
Khee
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-03-2010 04:44 AM
тАО07-03-2010 04:44 AM
Re: SFTP Difficulty from IBM to OpenVMS
yesterday before I logged the call within the forum so I am not sure if
he meant 10.9, etc. I believe the key is SSH and not SSH2 format.
Directory SYS$SYSDEVICE:[AAA_TEST.SSH2]
AUTHORIZATION.;10
BATSFTP-IBMHOST.PUB;2
AAA_TEST-IBMHOST_HSMV_STATE_FL_US.PUB;2
AAA_TEST-SSH_PUBLICKEY_IBMHOST_HSMV_STATE_FL_US.PUB;2
DSA1024_FOR_AUTHORIZED_KEYS.PUB;2
FTPGWY::RODRIGUER: type AUTHORIZATION.;10
KEY DSA1024_FOR_AUTHORIZED_KEYS.PUB
KEY AAA_TEST-IBMHOST_HSMV_STATE_FL_US.PUB
KEY AAA_TEST-SSH_PUBLICKEY_IBMHOST_HSMV_STATE_FL_US.PUB
KEY BATSFTP-IBMHOST.PUB
FTPGWY::RODRIGUER: TYPE AAA_TEST-SSH_PUBLICKEY_IBMHOST_HSMV_STATE_FL_US.PUB
ssh-dss AAAAB3NzaC1kc3MAAACBAN+QI07pvPeTHtAy7Ey6FMNu3mHYGr36Zj+wx36i6biKqsljz6R69M/NcrdMDDQGUxhYYyTUyVUqcU+iVJEQZvLZnh
J4nIQ3OxmZVt4CZFVbbgO1hjhtsCPVLELrCJJehyLG/6WQURYxHeMtgbu9LThGNTi4tY38C7nibabsGICnAAAAFQDQvFb4POY+tfRtKFlD0MFHPzTOXQAA
AIBgew0gZOngYkMOE4cR0j3I0qu43lz3F2XfUw5Db3rzggkL9xOctW4sdGycnSEYMbgPKAml9HqzsmsmcCyFHYDKIEJHYFTJwOUsukZZpWBi5+FxFMzsAB
UuGl2dLajAlo9IHQxz+9GcUy71Z0HttZE6FvkZV+7qkOFosMSL+vhJKwAAAIEAntyGskIREzebqdzheG/4doGRIcCtmdpG3H9g/b4dzINS1/DSX6H0XleY
AMC78ZXrZl41DF3pVuihI6H4Jhb0H63XJ4rI2gA34JS0h46xQoK612eHkAi/VEhORoM0Frs9fzRGebWpZub9WwZHuXNAguBbpKwCehUsRtpoqAxyrJw= 1
024-bit dsa, BATSFTP@IBMHOST, Thu Mar 08 2007 12:31:57
FTPGWY::RODRIGUER: TYPE TCPIP$SSH_RUN.LOG;10
$ Set NoOn
$ VERIFY = F$VERIFY(F$TRNLNM("SYLOGIN_VERIFY"))
%PURGE-W-FILNOTPUR, error deleting SYS$SYSDEVICE:[TCPIP$SSH]TCPIP$SSH_RUN.LOG;4
-RMS-E-FLK, file currently locked by another user
Fri 02 14:10:28 INFORMATIONAL: Starting image in auxiliary server mode.
Fri 02 14:10:28 INFORMATIONAL: connection from "204.90.30.243"
Fri 02 14:10:29 WARNING: Converting file /sys$sysdevice/AAA_TEST/ssh2/AAA_TEST-SSH_PUBLICKEY_IBMHOST_HSMV_STATE_FL_US.
PUB to Stream_LF.
Fri 02 14:10:29 WARNING: File /sys$sysdevice/AAA_TEST/ssh2/AAA_TEST-SSH_PUBLICKEY_IBMHOST_HSMV_STATE_FL_US.PUB convert
ed successfully to Stream_LF.
Fri 02 14:10:29 WARNING: Error trying to access file /sys$sysdevice/AAA_TEST/ssh2/AAA_TEST-SSH_PUBLICKEY:IBMHOST.HSMV.
STATE.FL.US.PUB.
Fri 02 14:10:30 WARNING: Error trying to access file /sys$sysdevice/AAA_TEST/ssh2/AAA_TEST-SSH_PUBLICKEY:IBMHOST.HSMV.
STATE.FL.US.PUB.
Fri 02 14:10:30 WARNING: Error trying to access file /sys$sysdevice/AAA_TEST/ssh2/AAA_TEST-SSH_PUBLICKEY:IBMHOST.HSMV.
STATE.FL.US.PUB.
Fri 02 14:10:30 INFORMATIONAL: Remote host disconnected: No further authentication methods available.
Fri 02 14:10:30 INFORMATIONAL: no more authentication methods on remote: 'No further authentication methods available.
'
TCPIP$SSH job terminated at 2-JUL-2010 14:10:30.79
Accounting information:
Buffered I/O count: 692 Peak working set size: 10544
Direct I/O count: 397 Peak virtual size: 183584
Page faults: 1062 Mounted volumes: 0
Charged CPU time: 0 00:00:00.92 Elapsed time: 0 00:00:03.01
FTPGWY::RODRIGUER: TYPE TCPIP$SSH_RUN.LOG;09
$ Set NoOn
$ VERIFY = F$VERIFY(F$TRNLNM("SYLOGIN_VERIFY"))
%PURGE-W-FILNOTPUR, error deleting SYS$SYSDEVICE:[TCPIP$SSH]TCPIP$SSH_RUN.LOG;4
-RMS-E-FLK, file currently locked by another user
Fri 02 13:28:49 INFORMATIONAL: Starting image in auxiliary server mode.
Fri 02 13:28:49 INFORMATIONAL: connection from "204.90.30.243"
Fri 02 13:28:50 WARNING: Error trying to access file /sys$sysdevice/AAA_TEST/ssh2/AAA_TEST@IBMHOST.HSMV.STATE.FL.US.PU
B.
Fri 02 13:28:50 WARNING: Error trying to access file /sys$sysdevice/AAA_TEST/ssh2/AAA_TEST@IBMHOST.HSMV.STATE.FL.US.PU
B.
Fri 02 13:28:51 WARNING: Error trying to access file /sys$sysdevice/AAA_TEST/ssh2/AAA_TEST@IBMHOST.HSMV.STATE.FL.US.PU
B.
Fri 02 13:28:51 INFORMATIONAL: Remote host disconnected: No further authentication methods available.
Fri 02 13:28:51 INFORMATIONAL: no more authentication methods on remote: 'No further authentication methods available.
'
TCPIP$SSH job terminated at 2-JUL-2010 13:28:51.51
Accounting information:
Buffered I/O count: 654 Peak working set size: 11136
Direct I/O count: 383 Peak virtual size: 183312
Page faults: 844 Mounted volumes: 0
Charged CPU time: 0 00:00:00.83 Elapsed time: 0 00:00:02.68
FTPGWY::RODRIGUER: TYPE TCPIP$SSH_RUN.LOG;08
$ Set NoOn
$ VERIFY = F$VERIFY(F$TRNLNM("SYLOGIN_VERIFY"))
Fri 02 13:27:59 INFORMATIONAL: Starting image in auxiliary server mode.
Fri 02 13:27:59 INFORMATIONAL: connection from "204.90.30.243"
Fri 02 13:28:01 WARNING: Error trying to access file /sys$sysdevice/AAA_TEST/ssh2/AAA_TEST@IBMHOST.HSMV.STATE.FL.US.PU
B.
Fri 02 13:28:01 WARNING: Error trying to access file /sys$sysdevice/AAA_TEST/ssh2/AAA_TEST@IBMHOST.HSMV.STATE.FL.US.PU
B.
Fri 02 13:28:02 WARNING: Error trying to access file /sys$sysdevice/AAA_TEST/ssh2/AAA_TEST@IBMHOST.HSMV.STATE.FL.US.PU
B.
Fri 02 13:28:02 INFORMATIONAL: Remote host disconnected: No further authentication methods available.
Fri 02 13:28:02 INFORMATIONAL: no more authentication methods on remote: 'No further authentication methods available.
'
TCPIP$SSH job terminated at 2-JUL-2010 13:28:02.24
Accounting information:
Buffered I/O count: 652 Peak working set size: 10752
Direct I/O count: 382 Peak virtual size: 183312
Page faults: 830 Mounted volumes: 0
Charged CPU time: 0 00:00:00.91 Elapsed time: 0 00:00:03.04
FTPGWY::RODRIGUER: TYPE TCPIP$SSH_RUN.LOG;07
$ Set NoOn
$ VERIFY = F$VERIFY(F$TRNLNM("SYLOGIN_VERIFY"))
Fri 02 13:23:07 INFORMATIONAL: Starting image in auxiliary server mode.
Fri 02 13:23:07 INFORMATIONAL: connection from "204.90.25.198"
Fri 02 13:23:09 INFORMATIONAL: Remote host disconnected: No further authentication methods available.
Fri 02 13:23:09 INFORMATIONAL: no more authentication methods on remote: 'No further authentication methods available.
'
TCPIP$SSH job terminated at 2-JUL-2010 13:23:09.51
Accounting information:
Buffered I/O count: 634 Peak working set size: 10704
Direct I/O count: 357 Peak virtual size: 183312
Page faults: 835 Mounted volumes: 0
Charged CPU time: 0 00:00:00.84 Elapsed time: 0 00:00:02.65
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-03-2010 07:19 AM
тАО07-03-2010 07:19 AM
Re: SFTP Difficulty from IBM to OpenVMS
Ok. I know approximately nothing about z/OS
or the SSH software there.
> I believe the key is SSH and not SSH2
> format.
OpenSSH.
> ssh-dss AAAAB3Nz[...]
One long line, right? That looks like an
OpenSSH-format key, which is not what the
VMS TCPIP SSH software wants. I believe that
the ssh_keygen program on your VMS system is
not smart enough to convert what you have
into what you need, but an OpenSSH ssh-keygen
program should have a "-e" option which will
let you do the job. Perhaps the folks with
the z/OS system can do it. Otherwise, you
may need to find some UNIX (-like) system
with OpenSSH installed on it.
> ---- BEGIN SSH2 PUBLIC KEY ----
> [...]
Yup. That's what you need.
> [...] WARNING: Error trying to access file
> [...]
I see the various funny file names there, and
I know nothing, but I'd guess that it's
trying various possibilities after it had
trouble with the original (wrong-format) key
file.
Step one is to get an SSH2-format key file.
_Then_, if it's still confused, I'd start to
worry about any other complaints from the
SSH server.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-03-2010 11:50 AM
тАО07-03-2010 11:50 AM
Re: SFTP Difficulty from IBM to OpenVMS
I don't known anything about z/OS either (my OS/370 experience is in the dim and distant past).
I assume your person on the IBM side has access to some form of a command line to run sftp and is not doing it from some GUI or other shell. I also assume that the IBM side is running some form of an OpenSSH port.
Bearing the above assumptions in mind, I would recommend that you proceed as follows:
0) On the IBM, ensure that the default SSH identify file (id_dsa or id_rsa depending on the type used) matches the corresponding private key file for AAA_TEST-IBMHOST_HSMV_STATE_FL_US.PUB . If you do not want to do change the default private key file, "man sftp" to find out have to specify the command line option to use a non-default private key file.
1) On the IBM, issue the command (change name of public key file as necessary) {beware of line wrapping and location of white spaces below, "$" denotes the command prompt}:
$ ssh-keygen -f AAA_TEST-IBMHOST_HSMV_STATE_FL_US.PUB -e > AAA_TEST-IBMHOST_HSMV_STATE_FL_US.PUB_IETF
$
2) Verify first two lines of AAA_TEST-IBMHOST_HSMV_STATE_FL_US.PUB_IETF is of the correct form. See previous posting.
3) Transfer (as plain text ASCII) AAA_TEST-IBMHOST_HSMV_STATE_FL_US.PUB_IETF to the OpenVMS system and place it in the target [username.ssh2] directory.
4) Login to OpenVMS system and go to [username.SSH2].
5) Type out AAA_TEST-IBMHOST_HSMV_STATE_FL_US.PUB_IETF to verify that it still looks the same as in step 2.
6) Add entry to the OpenVMS AUTHORIZATION. file thus:
$ APPEND SYS$INPUT AUTHORIZATION
KEY AAA_TEST-IBMHOST_HSMV_STATE_FL_US.PUB_IETF
Ctrl-Z
$
7) Retry sftp and report results especially relevant lines from log file in [TCPIP$SSH.SSH].
-----
Khee
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-04-2010 05:13 AM
тАО07-04-2010 05:13 AM
Re: SFTP Difficulty from IBM to OpenVMS
Thanks for all the help.
Rene
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-04-2010 07:20 AM
тАО07-04-2010 07:20 AM
Re: SFTP Difficulty from IBM to OpenVMS
> running ssh so I will try the ssy_keygen
> -e there. [...]
I'd start with "man ssh-keygen". The key
import/export options have changed some over
the years in some places.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-21-2010 07:21 AM
тАО07-21-2010 07:21 AM
Re: SFTP Difficulty from IBM to OpenVMS
I converted the key to SSH2 format via a Unix machine, then converted it to STREAM LF on the OpenVMS system. Once this was completed, the SFTP session was successful. Thanks to everyone for your help in resolving this issue.
Sincerely,
Rene