|
Jeff,
You are correct, the known_host file is created in the current directory
of the active user. You can change that with option 13 in WRKLNK, IIRC.
On the SBMJOB command and the WRKJOBSCDE you can indicate under which
user those jobs should run.
Adoptive authority may not work as that does not work on the IFS.
Do you want to run it in interactive jobs? Then perhaps a profile swap
may work (profile handle APIs).
At my work we run it under 1 user profile, but that are all batch jobs.
Kind regards,
Carel Teijgeler
Op 8-11-2018 om 20:38 schreef Jeff Crosby:
Before I forget this -and I
In various responses there are references to the /home/user directory
assume user is not the literal word "user" but the name of the user doingultimately
this.
The user in my case will not always be the same person. So do I
need to set up a user "SFTPUSER" (for example) and run any CL programwith
USRPRF(*OWNER) and SFTPUSER be the owner of said program?validate
So many gotchas . . . :)
On Thu, Nov 8, 2018 at 12:41 PM Carel <coteijgeler@xxxxxxxxx> wrote:
Odd.
Yesterday we make a connection with a new client. They sent us their
public key but that did not work correctly.
So we retrieved their public key with QP2TERM and the command I gave in
an earlier post. (ssh -l loginname server)
It will tell you it will retrieve the key and ask you if to continue.
Answer yes, then it wil ask 2 or 3 times for a passphrase which will not
be required, so 2 or 3 enters.
Then it says it has retreived the key.
It is stored in the file known_hosts on the IFS; if it does not exist it
will be created, otherwise appended to it. No EBCDIC there as it is
transferred directly to the IFS, you are in a UNIX type environment.
Then you can interacively connect with the other server with sftp.
We do it like this:
sftp -vvv –o UserKnownHostsFile=/home/[user]/.ssh/known_hosts -o
IdentityFile=/home/[user]/.ssh/id_rsa loginame@server
In a CLP programme:
QSH CMD('sftp -vvv -o UserKnownHostsFile=/home/[user]/.ssh/known_hosts
–o IdentityFile=/home/[user]/.ssh/id_rsa loginname@server')
You can add –b testscript to the command with a path to the text file
with commands (get, (m)put, quit, rm, etc).
If you have 1 connection working this way, then the others will be much
simpler to implement.
Of course this is a wat yo do it. For it works.
KInd regards,
Carel Teijgeler
Op 8-11-2018 om 18:11 schreef Kevin Adler:
The first time you connect to an SSH server it asks you to
keytheir
host key (sftp is just a special use of an SSH server). Thisvalidates
that the server is who you think it is. Once you've accepted the
youfingerprint, it will be saved in /home/user/.ssh/known_hosts and
waywon't
get asked again.
The problem is that when using sftp from QSH/QP2TERM there is no
environment)for
it to ask you to validate the key (since there's no TTY
fingerprint:and
so it doesn't even try and just says that it can't validate it("Host key
verification failed").something
You have a couple options to fix it:
- request the host key fingerprint from your partner and add it to
/home/user/.ssh/known_hosts manually. The fingerprint will look
like:(this
example.com ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEApkxN82QhSqYFD...
string is usually really long)endings
You need to ensure that the file is in ASCII and uses Unix line
(LF, not CRLF).
- connect once with ssh instead of sftp and accept the
/home/user/.ssh/known_hosts.established.
ssh -T example.com
The authenticity of host 'example.com (9.5.67.117)' can't be
ECDSA key fingerprint is
SHA256:5BYrcHeU+0QXkDqor8bfH+M7AbZz4a33ViCbE6G906M.
Are you sure you want to continue connecting (yes/no)?
Once you say yes, it will be stored in
fromNote
that you don't actually have to succeed in connecting, just answeryes to
the prompt.
- use ssh-keyscan to automatically add the fingerprints to
/home/user/.ssh/known_hosts:
ssh-keyscan example.com >> /home/user/.ssh/known_hosts
Note that you should run these commands from QP2TERM. When run
toQSH,
it will not be able to find the commands unless you add/QOpenSys/usr/bin
to the $PATH environment variable. Also, you could end up withEBCDIC data
in known_hosts if it doesn't already exist, which will cause ssh
listfail.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.
Please contact support@xxxxxxxxxxxx for any subscription related
questions.
Help support midrange.com by shopping at amazon.com with our affiliate
link: https://amazon.midrange.com
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.