I read that as well. As it turns out, the user/password authentication worked fine and none of those switches were needed. The Apache Jenkins server where the connection was initiated was already making an SSH connection using the user/password.

Thanks,
Todd


-----Original Message-----
From: JAVA400-L [mailto:java400-l-bounces@xxxxxxxxxxxx] On Behalf Of Jack Woehr
Sent: Wednesday, September 23, 2015 10:39 PM
To: Java Programming on and around the IBM i
Subject: Re: SSH to IBMi

From page 15 of Securing Communications cited already, emphasis added:




*2. Establish an SSH session to the i5OSP2 system by entering the following command:ssh -T barlen2@i5OSP2This command establishes an SSH session and tries to sign on with user BARLEN2 to thei5OSP2 system. *




*The -T switch is important when you initiate a session from the i5/OSPASE shell. It causes the ssh program not to try to allocate a TTY device. This is special tothe i5/OS PASE environment. Without specifying the switch (parameter), you receive anerror message that the system call received a parameter that is not valid and theconnection is closed. The reason for this is that an i5/OS terminal session does notrepresent a true TTY terminal as all UNIX-type terminals do.*

On Tue, Sep 22, 2015 at 11:52 PM, Jack Woehr < jwoehr@xxxxxxxxxxxxxxxxxxxxxxxx> wrote:


On Tue, Sep 22, 2015 at 3:15 PM, Allen, Todd
<Todd.Allen@xxxxxxxxxxxxxxxxx
wrote:

Using the -t switch allows the password to be sent when connecting to
the Linux system. Is there a reason that does not work on the IBMi systems?


Probably the answer to that is in
Securing Communications with *OpenSSH* on IBM i5/OS
<http://www.redbooks.ibm.com/redpapers/pdfs/redp4163.pdf>


Failing that, I guess the keys must be used. I've not been able to
connect that way yet.



The public key for the logger-in must be in a file authorized_keys
located in the .ssh subdir of the login account's home directory in
the unix file system.

E.g. if dilbert@xxxxxxxxxxxx is the account ssh'ing into myserver.com,
then on myserver.com, the file /home/DILBERT/.ssh/authorized_keys must
contain dilbert's public key. Also, .ssh must be rwx------ and
authorized_keys must be rw-------



Thanks,
Todd


-----Original Message-----
From: JAVA400-L [mailto:java400-l-bounces@xxxxxxxxxxxx] On Behalf Of
Jack Woehr
Sent: Monday, September 21, 2015 12:13 PM
To: Java Programming on and around the IBM i
Subject: Re: SSH to IBMi

The server can't find a public key that would let you go in without a
password so it wants to prompt you for a password. It can't open the
tty for prompting you, so fails. You probably want to use keys for running this.

On Mon, Sep 21, 2015 at 9:45 AM, Allen, Todd <
Todd.Allen@xxxxxxxxxxxxxxxxx>
wrote:

I have a Websphere Jython script that has been tested and works fine.
I can call it from PuTTY with no problems. (I had to replace the
qsh bash with sh to work outside of QShell.) Now I am trying to
call the script via SSH and it fails with the “permission denied”
error. It appears the SSH connection is working fine but I’m
puzzled why it fails after that. The verbose log is below. I
don’t know if there is a problem with the SSH command itself or the
SSH server setup. Any
guidance is appreciated.


SSH: Connecting from host [SVN-IT-R001]
SSH: Connecting with configuration [webt1] ...
SSH: EXEC: STDOUT/STDERR from command [ssh -t -t -v webt1
"/QIBM/UserData/WebSphere/AppServer/V8/Express/profiles/WSPROD80T2/
bin
/wsadmin2 -user jenkins -password zzzz -lang jython -f
/apps/WebAppData/installation/ideploy.py MyEAR
/apps/WebAppData/installation/EAR/MyEAR-1.02.3.0.ear"] ...
OpenSSH_6.6, OpenSSL 1.0.1p 9 Jul 2015
debug1: Reading configuration data
/QOpenSys/QIBM/ProdData/SC1/OpenSSH/openssh-4.7p1/etc/ssh_config
debug1: Connecting to webt1 [10.31.107.40] port 22.
debug1: Connection established.
debug1: identity file /home/JENKINS/.ssh/id_rsa type -1
debug1: identity file /home/JENKINS/.ssh/id_rsa-cert type -1
debug1: identity file /home/JENKINS/.ssh/id_dsa type -1
debug1: identity file /home/JENKINS/.ssh/id_dsa-cert type -1
debug1: identity file /home/JENKINS/.ssh/id_ecdsa type -1
debug1: identity file /home/JENKINS/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/JENKINS/.ssh/id_ed25519 type -1
debug1: identity file /home/JENKINS/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6
debug1: Remote protocol version 2.0, remote software version
OpenSSH_6.6
debug1: match: OpenSSH_6.6 pat OpenSSH* compat 0x04000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5-etm@xxxxxxxxxxx
none
debug1: kex: client->server aes128-ctr hmac-md5-etm@xxxxxxxxxxx
none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA
84:38:d8:88:8e:7b:30:c3:90:8c:1b:ac:52:cf:cf:33
debug1: Host 'webt1' is known and matches the ECDSA host key.
debug1: Found key in /home/JENKINS/.ssh/known_hosts:1
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Trying private key: /home/JENKINS/.ssh/id_rsa
debug1: Trying private key: /home/JENKINS/.ssh/id_dsa
debug1: Trying private key: /home/JENKINS/.ssh/id_ecdsa
debug1: Trying private key: /home/JENKINS/.ssh/id_ed25519
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug1: Next authentication method: password
debug1: read_passphrase: can't open /dev/tty: No such device or
address
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: No such device or
address
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: No such device or
address
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug1: No more authentication methods to try.
Permission denied (publickey,password,keyboard-interactive).
SSH: EXEC: completed after 1,014 ms
SSH: Disconnecting configuration [webt1] ...
ERROR: Exception when publishing, exception message [Exec exit
status not zero. Status [255]]


Todd Allen
Estes Express Lines
804-353-1900 x2283
tallen@xxxxxxxxxxxxxxxxx<mailto:tallen@xxxxxxxxxxxxxxxxx>
www.estes-express.com<http://www.estes-express.com>


For More Than 80 Years—Delivering Solutions That Exceed Expectations.

This communication and any transmitted documents are intended to be
confidential. If there is a problem with this transmission, please
contact the sender. If the reader of this message is not the
intended recipient, or the employee or agent responsible to deliver
it to the intended recipient, you are hereby notified that any
dissemination, distribution or copying of this communication is strictly prohibited.
--
This is the Java Programming on and around the IBM i (JAVA400-L)
mailing list To post a message email: JAVA400-L@xxxxxxxxxxxx To
subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/java400-l
or email: JAVA400-L-request@xxxxxxxxxxxx Before posting, please
take a moment to review the archives at
http://archive.midrange.com/java400-l.




--
Absolute Performance, Inc.
6328 Monarch Park Place
Niwot, Colorado 80503

NON-DISCLOSURE NOTICE: This communication including any and all
attachments is for the intended recipient(s) only and may contain
confidential and privileged information. If you are not the intended
recipient of this communication, any disclosure, copying further
distribution or use of this communication is prohibited. If you
received this communication in error, please contact the sender and
delete/destroy all copies of this communication immediately.
--
This is the Java Programming on and around the IBM i (JAVA400-L)
mailing list To post a message email: JAVA400-L@xxxxxxxxxxxx To
subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/java400-l
or email: JAVA400-L-request@xxxxxxxxxxxx Before posting, please take
a moment to review the archives at http://archive.midrange.com/java400-l.

For More Than 80 Years—Delivering Solutions That Exceed Expectations.

This communication and any transmitted documents are intended to be
confidential. If there is a problem with this transmission, please
contact the sender. If the reader of this message is not the intended
recipient, or the employee or agent responsible to deliver it to the
intended recipient, you are hereby notified that any dissemination,
distribution or copying of this communication is strictly prohibited.
--
This is the Java Programming on and around the IBM i (JAVA400-L)
mailing list To post a message email: JAVA400-L@xxxxxxxxxxxx To
subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/java400-l
or email: JAVA400-L-request@xxxxxxxxxxxx Before posting, please take
a moment to review the archives at
http://archive.midrange.com/java400-l.




--
Absolute Performance, Inc.
6328 Monarch Park Place
Niwot, Colorado 80503

NON-DISCLOSURE NOTICE: This communication including any and all
attachments is for the intended recipient(s) only and may contain
confidential and privileged information. If you are not the intended
recipient of this communication, any disclosure, copying further
distribution or use of this communication is prohibited. If you
received this communication in error, please contact the sender and
delete/destroy all copies of this communication immediately.




--
Absolute Performance, Inc.
6328 Monarch Park Place
Niwot, Colorado 80503

NON-DISCLOSURE NOTICE: This communication including any and all attachments is for the intended recipient(s) only and may contain confidential and privileged information. If you are not the intended recipient of this communication, any disclosure, copying further distribution or use of this communication is prohibited. If you received this communication in error, please contact the sender and delete/destroy all copies of this communication immediately.
--
This is the Java Programming on and around the IBM i (JAVA400-L) mailing list To post a message email: JAVA400-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/java400-l
or email: JAVA400-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at http://archive.midrange.com/java400-l.

For More Than 80 Years—Delivering Solutions That Exceed Expectations.

This communication and any transmitted documents are intended to be confidential. If there is a problem with this transmission, please contact the sender. If the reader of this message is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited.

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2021 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.