× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



> Maybe I'm confused because I don't really understand how these keys
work.
> It's like the first time I rented a car with a key fob instead of a real
> key, never having seen one of these, I spent a chunk of time trying to
> figure out where to put the key fob and how to start the engine without
a
> key.  Now that I know how a key fob works and that there is a button to
> push, starting a car with a key fob is a piece of cake.
 
The keys use asymmetric encryption aka public key cryptography to
authenticate you to the server. Using the private key, you can encrypt a
message that anyone with the public key can decrypt, but without the
private key nobody else can use encrypt a message which the public key can
decrypt. The net result is that having the private key identifies you.
They client needs the private key and any server who you want to connect
to needs the public key.
 
> Now back to the attached link.

> I see step 3 is using QP2TERM to create a DSA or RSA key pair.

> I see step 6 is FTPing the public key from the iSeries to the PC.

> Doesn't this make the iSeries the client and the PC the host and allow
the
> iSeries to connect to the PC?  Does it also allow the PC to connect to
the
> iSeries?
 
Basically yes, but the steps are the same for any Unix-like system running
OpenSSH. So pretty much just swap things around.
 
There are about a bajillion tutorials on the internet about how to set up
public key encryption with OpenSSH. IBM i is really *no different* than
any other system in this regard because we use OpenSSH just like Linux,
BSD, AIX, Solaris, and pretty much every other OS on the planet. About the
only difference is the location of sshd_config file on IBM i
(/QOpenSys/ProdData/SC1/OpenSSH/etc/sshd_config instead of
/etc/sshd_config or /etc/ssh/sshd_config). That's it. If you're still
having issues, make sure your permissions are set correctly, as out of the
box IBM i directory permissions aren't always to OpenSSH's liking (mostly
removing other and group write authority).
 
 
If you really need an IBM i-specific document, this is the best I've
found:
[1]https://club.alanseiden.com/learninghall/article/locking-down-ssh-on-the-ibm-i-with-public-keys/
(yes, better than any of the IBM documents).
---
Kevin Adler
Software Development - Open Source, PASE, IBM i Access ODBC
IBM Systems, Dept 47U
Email: kadler@xxxxxxxxxx
015-3 C117
3605 HWY 52 N
Rochester, MN 55901-1407
United States
 
 

----- Original message -----
From: smith5646midrange@xxxxxxxxx
Sent by: "MIDRANGE-L" <midrange-l-bounces@xxxxxxxxxxxxxxxxxx>
To: "'Midrange Systems Technical Discussion'"
<midrange-l@xxxxxxxxxxxxxxxxxx>
Cc:
Subject: RE: Calling a program on the i via OpenSSH
Date: Mon, Feb 4, 2019 11:46 AM
 
Maybe I'm confused because I don't really understand how these keys
work.
It's like the first time I rented a car with a key fob instead of a real
key, never having seen one of these, I spent a chunk of time trying to
figure out where to put the key fob and how to start the engine without
a
key.  Now that I know how a key fob works and that there is a button to
push, starting a car with a key fob is a piece of cake.

Now back to the attached link.

I see step 3 is using QP2TERM to create a DSA or RSA key pair.

I see step 6 is FTPing the public key from the iSeries to the PC.

Doesn't this make the iSeries the client and the PC the host and allow
the
iSeries to connect to the PC?  Does it also allow the PC to connect to
the
iSeries?

I did finally get a connection to work but I'm not sure I can explain
how I
did it and which of the steps that I did were really necessary and which
ones were not.  I'm deleting everything and starting over to see if I
can do
it again.

-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of
Jim
Oberholtzer
Sent: Monday, February 4, 2019 12:30 PM
To: 'Midrange Systems Technical Discussion'
<midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: RE: Calling a program on the i via OpenSSH

The process is about the same, and as Chris pointed out as well, very
easy
if not a bit meticulous.  

The trick is to create the key on the IBM i side.  See:

[2]http://www-01.ibm.com/support/docview.wss?uid=nas8N1012710

You'll see almost the same process is followed.   That document is a bit
old
but updated through 7.2.

--
Jim Oberholtzer
Agile Technology Architects

-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of
smith5646midrange@xxxxxxxxx
Sent: Monday, February 04, 2019 10:46 AM
To: 'Midrange Systems Technical Discussion'
<midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: RE: Calling a program on the i via OpenSSH

Doesn't this configure the HMC being the host and the iSeries being the
client?  I need the other way around.  The iSeries will be my host.
 There
will be a Window or Linux box connecting to the iSeries.

-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of
Jim
Oberholtzer
Sent: Monday, February 4, 2019 11:31 AM
To: 'Midrange Systems Technical Discussion'
<midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: RE: Calling a program on the i via OpenSSH

There is an excellent tutorial, however while its purpose is slightly
different than your ultimate needs, the first part, setting up the SSH
is
the same.  

Find the technote:  "Sending HMC commands from a CL program":

[3]http://www-01.ibm.com/support/docview.wss?uid=nas8N1019126

There is specifically a section on setting up openssh in there.  

Clearly the rest of it can be of interest since the HMC is a Linux
appliance.  Works from Winders too.  

--
Jim Oberholtzer
Agile Technology Architects

-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of
smith5646midrange@xxxxxxxxx
Sent: Monday, February 04, 2019 10:02 AM
To: 'Midrange Systems Technical Discussion'
<midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: RE: Calling a program on the i via OpenSSH

Can someone post a link that shows how to set up OpenSSH public /
private
keys with the iSeries being the server and a Windows machine being the
client?  I don't understand how to configure keys (I'm definitely out of
my
league on this) and the only examples that I can find are iSeries to
iSeries
or the iSeries as a client and that's not helping me with the Windows
part.

-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of
Justin
Taylor
Sent: Monday, February 4, 2019 9:02 AM
To: Midrange Systems Technical Discussion
<midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: RE: Calling a program on the i via OpenSSH

Can't you just autostart *SSHD?

I don't have *SECOFR and I can start *SSHD.

-----Original Message-----
From: smith5646midrange@xxxxxxxxx
[[4]mailto:smith5646midrange@xxxxxxxxx]
Sent: Saturday, February 02, 2019 11:24 AM
To: 'Midrange Systems Technical Discussion'
<midrange-l@xxxxxxxxxxxxxxxxxx>
Subject: RE: Calling a program on the i via OpenSSH

Since STRTCPSVR *SSHD has to be run by a secofr profile (unless I am
reading
the internet incorrectly), I am looking for best practice for starting
it
when the system IPLs.  Is there a reason not to add it to QSTRUP and
compile
it with a *secofr profile with adopt *owner auth?  Is there some other
option that I am not finding during my research on automating it's
startup?

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: [5]https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at
[6]https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link:
[7]https://amazon.midrange.com

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: [8]https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at
[9]https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link:
[10]https://amazon.midrange.com

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: [11]https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at
[12]https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link:
[13]https://amazon.midrange.com

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: [14]https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at
[15]https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link:
[16]https://amazon.midrange.com

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: [17]https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives at
[18]https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link:
[19]https://amazon.midrange.com

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: [20]https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at [21]https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: [22]https://amazon.midrange.com
 

 

References

Visible links
1. https://club.alanseiden.com/learninghall/article/locking-down-ssh-on-the-ibm-i-with-public-keys/
2. http://www-01.ibm.com/support/docview.wss?uid=nas8N1012710
3. http://www-01.ibm.com/support/docview.wss?uid=nas8N1019126
4. mailto:smith5646midrange@xxxxxxxxx
5. https://lists.midrange.com/mailman/listinfo/midrange-l
6. https://archive.midrange.com/midrange-l
7. https://amazon.midrange.com/
8. https://lists.midrange.com/mailman/listinfo/midrange-l
9. https://archive.midrange.com/midrange-l
10. https://amazon.midrange.com/
11. https://lists.midrange.com/mailman/listinfo/midrange-l
12. https://archive.midrange.com/midrange-l
13. https://amazon.midrange.com/
14. https://lists.midrange.com/mailman/listinfo/midrange-l
15. https://archive.midrange.com/midrange-l
16. https://amazon.midrange.com/
17. https://lists.midrange.com/mailman/listinfo/midrange-l
18. https://archive.midrange.com/midrange-l
19. https://amazon.midrange.com/
20. https://lists.midrange.com/mailman/listinfo/midrange-l
21. https://archive.midrange.com/midrange-l
22. https://amazon.midrange.com/

As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.