× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Rob,

Totally agree, but OpenSSH is part of LPP , 5733SC1 *INSTALLED OpenSSH, OpenSSL, zlib, and maintained via SC1 PTFs.
What do you suggest?
What are the options, if any?

Paul

-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of rob@xxxxxxxxx
Sent: Wednesday, February 04, 2015 11:52 AM
To: Midrange Systems Technical Discussion
Subject: RE: Possible issue with PTF SI55522

Which is unbelievably ludicrous!
"Open Source" doesn't mean it's free but you have to use it as it is. It means source is provided, modify as you will.

Which may mean the buck get's passed on to you to modify the source...


Rob Berendt
--
IBM Certified System Administrator - IBM i 6.1 Group Dekko Dept 1600 Mail to: 2505 Dekko Drive
Garrett, IN 46738
Ship to: Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com





From: "Steinmetz, Paul" <PSteinmetz@xxxxxxxxxx>
To: "'midrange-l@xxxxxxxxxxxx'" <midrange-l@xxxxxxxxxxxx>
Date: 02/04/2015 11:44 AM
Subject: RE: Possible issue with PTF SI55522
Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxx>



David / Kirk,

You previously mentioned you were awaiting a fix for this.

< We would just ask you to hold off until we have a fix for this
available. We should have this fix soon and we will let customers know
once it's available. You can contact our support site for details.>

According to IBM, because this is open source, this is the way it is , no
changes in the works, not what I wanted to hear.
We have to revisit every SFTP process before applying SI55522

IBM's recommendation for Logging Success or Failure in OpenSSH Batch Mode
File Transfers.

http://www.ibm.com/support/docview.wss?uid=nas8N1018799

Paul

-----Original Message-----
From: Steinmetz, Paul
Sent: Thursday, January 29, 2015 11:12 AM
To: 'midrange-l@xxxxxxxxxxxx'
Subject: RE: Possible issue with PTF SI55522

David / Kirk,

Here's IBM's recommendation for Logging Success or Failure in OpenSSH
Batch Mode File Transfers.

http://www.ibm.com/support/docview.wss?uid=nas8N1018799

I tested this, works fine.
I tried coding for RC years ago, was not successful, I did not have the
specifics below..
I'm still waiting for an update from IBM, I don't want to revisit every
OpenSSH touch point.

QSH CMD(&CM3)
RCVMSG MSGTYPE(*COMP) RMV(*NO) MSGDTA(&MSGDTA) MSGID(&MSGID)
IF (&MSGID *EQ 'QSH0005') +
CHGVAR &RC %BIN(&MSGDTA)
IF (&RC *EQ 0) THEN(DO)
SNDMSG MSG('The file transfer completed successfully.')
TOUSR(user_profile)
ENDDO
IF (&RC *GE 1) THEN(DO)
SNDMSG MSG('The file transfer failed') TOUSR(user_profile)
ENDDO
ENDPGM

Paul


-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of
Steinmetz, Paul
Sent: Wednesday, January 28, 2015 5:17 PM
To: 'midrange-l@xxxxxxxxxxxx'
Subject: RE: Possible issue with PTF SI55522

I applied SI55522 to a test LPAR.
Ran a SFTP test, test LPAR being the client.
The "Uploading" line no longer appears.
In order to check for successful transfers, I will need to 1)Turn debug
logging on
2) Add logic to the SFTP logging program to also check for "Transferred"

Any other thoughts???

Message before PTF
sftp> put /PAULS/PAULSTST.TXT /PAULS/PAULSTXT.TXT (replace
Uploading /PAULS/PAULSTST.TXT to /PAULS/PAULSTXT.TXT
sftp>

Message after the PTF
sftp> put /PAULS/PAULSTST.TXT /PAULS/PAULSTXT.TXT (replace
sftp>

Message after the PTF with debug detail logging turned on, -v

OpenSSH_6.6, OpenSSL 1.0.1j 15 Oct 2014
debug1: Reading configuration data
/QOpenSys/QIBM/ProdData/SC1/OpenSSH/openssh-4.7p1/etc/ssh_config
debug1: Connecting to 172.16.23.5 [172.16.23.5] port 22.
debug1: Connection established.
debug1: identity file /home/PAULS/.ssh/id_rsa type 1
debug1: identity file /home/PAULS/.ssh/id_rsa-cert type -1
debug1: identity file /home/PAULS/.ssh/id_dsa type -1
debug1: identity file /home/PAULS/.ssh/id_dsa-cert type -1
debug1: identity file /home/PAULS/.ssh/id_ecdsa type -1
debug1: identity file /home/PAULS/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/PAULS/.ssh/id_ed25519 type -1
debug1: identity file /home/PAULS/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.8

debug1: match: OpenSSH_5.8 pat OpenSSH_5* compat 0x0c000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA
23:f6:2b:62:0c:fb:ee:44:71:9e:ae:10:cf:03:f6:56
debug1: Host '172.16.23.5' is known and matches the ECDSA host key.
debug1: Found key in /home/PAULS/.ssh/known_hosts:1
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue:
publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/PAULS/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: key_parse_private2: missing begin marker
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
Authenticated to 172.16.23.5 ([172.16.23.5]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@xxxxxxxxxxx
debug1: Entering interactive session.
debug1: Sending subsystem: sftp
sftp> put /PAULS/PAULSTST.TXT /PAULS/PAULSTXT.TXT (replace
sftp>
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: free: client-session, nchannels 1
Transferred: sent 3568, received 2192 bytes, in 0.1 seconds
Bytes per second: sent 26141.1, received 16059.8
debug1: Exit status 0

Paul

-----Original Message-----
From: Steinmetz, Paul
Sent: Wednesday, January 21, 2015 9:08 PM
To: 'midrange-l@xxxxxxxxxxxx'
Subject: RE: Possible issue with PTF SI55522

Any update on this?

Paul

-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of
David Hunter
Sent: Tuesday, January 06, 2015 2:28 PM
To: midrange-l@xxxxxxxxxxxx
Subject: RE: Possible issue with PTF SI55522

Kirk,

I can clarify this for you as I work at Townsend Security. The email that
went out was not properly worded, the issue is not a problem with the
functionality of version 6.6p1 of OpenSSH, the issue is with how our own
application interacts with that version. There was a small change made
that causes our application to report errors for SSH sFTP transfers even
when they're successful. We do not want to discourage anyone from applying
PTF SI55522, or more appropriately PTF SI55602 which supersedes it. We
would just ask you to hold off until we have a fix for this available. We
should have this fix soon and we will let customers know once it's
available. You can contact our support site for details.



David





David Hunter

Townsend Security

"QXJzIGVzdCBjZWxhcmUgYXJ0ZW0="





--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at http://archive.midrange.com/midrange-l.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a
moment to review the archives at http://archive.midrange.com/midrange-l.


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.