× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



Can someone tell me how to enable logging for SSHD? The only link I can
find is broken. It appears there is a way to add some information to the
system log. I am hoping maybe I can get a clue to what is happening.

On Wed, Aug 16, 2017 at 8:38 PM, Diego Kesselman <diegokesselman@xxxxxxxxx>
wrote:

Try adding this to the end of your sshd_config


ibmpaseforienv PASE_USRGRP_LIMITED=N

and then

ENDTCPSVR *SSHD

STRTCPSVR *SSHD


El 16/08/17 a las 19:33, Evan Harris escribió:

Hi Matt

there's an 8 character limit which stumped us for a while as it was not
very obvious, so I wondered if that was maybe it. Doesn't sound like it.

On Thu, Aug 17, 2017 at 12:30 PM, Matt Lavinder <
mlavinder@xxxxxxxxxxxxxxxxxxx> wrote:

Ed - That rings a bell. It is 8, but you might have to elighten me a bit
more.


On Wed, Aug 16, 2017 at 8:26 PM, Evan Harris <auctionitis@xxxxxxxxx>
wrote:

How many characters in the user name ?

On Thu, Aug 17, 2017 at 12:19 PM, Matt Lavinder <
mlavinder@xxxxxxxxxxxxxxxxxxx> wrote:

Scott - Sorry, but I guess I have done this so many times I did not

feel

the need to go into that much detail. I am at my wits end with this,
because I am NOT a newbie at this. I got SSH working years ago on V5R4
thanks to your articles. I definately created an RSA key. I added the
contents of rsa_id.pub on his Mac to the the authorized_keys file on

the

IBM i.

Jack - I have checked, double checked and triple checked all the
permissions of the folders and files and I keep checking to make sure

the

key isn’t on multiple lines.

Public key auth works my user profile and I use it all day, every

day. I

have configured SSH clients and servers many times on various Linux

distros

and I have never had a problem on IBM i or elsewhere. Again, it works

if I

allow him to sign in with a password. It does NOT work if I add my

Mac's

SSH to the authorized_keys on HIS profile, and that is the very key I

am

using to help me troubleshoot.

This HAS to be some sort of profile authorities issue, but I am at a

loss.

Like I said, I have checked all the permissions multiple times. I even
found a script to display the chmod numbers for the files and

directories,

just to be sure. What I am getting is that I have checked all the

right

things.

I am probably going to have to open a PMR with IBM. I would say I am
overlooking something dumb, but god help me, I have knack for stumbling

on

to bizarre stuff. I was hoping for a simple answer.


On Wed, Aug 16, 2017 at 6:22 PM, Jack Woehr

<jwoehr@absolute-performance.

com

wrote:
Also be sure that when you added the key to authorized_keys it was

one

line

wrapping, not 2 or 3 lines broken.

On Wed, Aug 16, 2017 at 4:21 PM, Jack Woehr

<jwoehr@absolute-performance.c

om

wrote:
On the target machine:

- .ssh should be 700
- authorized_keys should 600


On Wed, Aug 16, 2017 at 4:12 PM, Scott Klement <
midrange-l@xxxxxxxxxxxxxxxx> wrote:

Not much information here. About all you've told us is "it doesn't

work"

and "from a Mac". But, I use a key generated on my Mac all day

long

and

can log in via SSH without any problems.

Is it possible that you generated the wrong type of key?

Or that the authorities are wrong?



On 8/16/2017 4:59 PM, Matt Lavinder wrote:

We are trying to give a new employee access to the PASE/Bash

command

shell
via Terminal. I have added his Mac’s RSA key to the

authorized_keys

file,

but it still will not let them connect. It will let them connect

with

a

password, but that is not what we want.

For the life of me, I cannot figure out what is different between

the

way

they are configured and I am. This all works for me when using

my

key

and
my profile. If I add my Mac's key to their authorized_keys file,

it

will

not let me connect either (yes, I used their user name).

I have a lot more system authorities than the new employee does,

but

I

can’t imagine why that would be the issue.

Is there a specific authority a user needs to be able to

communicate

with

the SSHD?

Does anyone have any other ideas?

--

This is the Midrange Systems Technical Discussion (MIDRANGE-L)

mailing

list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our

affiliate

link: http://amzn.to/2dEadiD



--
Absolute Performance, Inc.
12303 Airport Way, Suite 100
Broomfield, CO 80021

NON-DISCLOSURE NOTICE: This communication including any and all
attachments is for the intended recipient(s) only and may contain
confidential and privileged information. If you are not the

intended

recipient of this communication, any disclosure, copying further
distribution or use of this communication is prohibited. If you

received

this communication in error, please contact the sender and

delete/destroy

all copies of this communication immediately.



--
Absolute Performance, Inc.
12303 Airport Way, Suite 100
Broomfield, CO 80021

NON-DISCLOSURE NOTICE: This communication including any and all
attachments is for the intended recipient(s) only and may contain
confidential and privileged information. If you are not the intended
recipient of this communication, any disclosure, copying further
distribution or use of this communication is prohibited. If you

received

this communication in error, please contact the sender and

delete/destroy

all copies of this communication immediately.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)

mailing

list

To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our

affiliate

link: http://amzn.to/2dEadiD



--




*Matt Lavinder Programmer AnalystData Management Inc.Phone: (336)
573-5045Fax: (336) 573-5001*
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing

list

To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD



--

Regards
Evan Harris
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing

list

To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD



--




*Matt Lavinder Programmer AnalystData Management Inc.Phone: (336)
573-5045Fax: (336) 573-5001*
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD




--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD





As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:
Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.