× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.



No one is using QSECOFR... Each user has their own login.

I was able to change the sshd_config to allow password authentication. I also added two additional users to AllowUsers, AND enabled QSSHD user profile (it was disabled).

I installed VS Code and the IBM i Extension. I was able to connect using my user and password.

My only question is whether these actions made our system less secure. But VS Code is working. Although, I received a warning about my user profile having too much authority for a developer.

Thanks,
Greg

-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of Jack Woehr via MIDRANGE-L
Sent: Wednesday, August 30, 2023 3:34 PM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Cc: Jack Woehr <jwoehr@xxxxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: VS Code

What are you trying to do? Allow QSECOFR login? Or allow password
authentication?

On Wed, Aug 30, 2023 at 1:23 PM Greg Wilburn <
gwilburn@xxxxxxxxxxxxxxxxxxxxxxx> wrote:

OK... so the sshd_config rang a bell for me.

We made some changes after a security audit. I have the following at the
end of the sshd_config

# Recommended for RDi
# PubkeyAuthentication yes
PasswordAuthentication no
#LogLevel DEBUG
#LogLevel DEBUG
StrictModes no
AllowTcpForwarding yes
AllowUsers gwilburn jreed

So PasswordAuthentication no is likely the culprit? What about
AllowUsers? (the two listed are myself and another programmer)

-----Original Message-----
From: MIDRANGE-L <midrange-l-bounces@xxxxxxxxxxxxxxxxxx> On Behalf Of
Jack Woehr via MIDRANGE-L
Sent: Wednesday, August 30, 2023 3:03 PM
To: Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxxxxxxxx>
Cc: Jack Woehr <jwoehr@xxxxxxxxxxxxxxxxxxxxxxxx>
Subject: Re: VS Code

By default QSECOFR login via SSH is disallowed, if that's what you're
trying to do.
You can edit the sshd_config to enable that.

On Wed, Aug 30, 2023 at 11:48 AM Greg Wilburn <
gwilburn@xxxxxxxxxxxxxxxxxxxxxxx> wrote:

I have a vendor trying to connect to our IBM i system (v7r5) with VS Code
IDE. They are connected to our network via VPN and can run 5250 sessions
and such.

I started our SSH server, but we are seeing the following error in
QSYSOPR
messages and our History Log.

sshd[15191]: fatal: QsyGetProfileHandleNoPwd qsshd CPF22E3 [preauth] from
QSECOFR

Does this connection require pre-shared keys?

TIA,
Greg

[Logo]<https://www.totalbizfulfillment.com/> Greg Wilburn
Director of IT
301.895.3792 ext. 1231
301.895.3895 direct
gwilburn@xxxxxxxxxxxxxxxxxxxxxxx<mailto:gwilburn@xxxxxxxxxxxxxxxxxxxxxxx

1 Corporate Dr
Grantsville, MD 21536
www.totalbizfulfillment.com<http://www.totalbizfulfillment.com>
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.



--

*JACK WOEHR, IBM Champion 2021-2023
<https://www.credly.com/users/jack-woehr/badges>*

*SENIOR IBM i ENGINEER*

303.847.8442
jwoehr@xxxxxxxxxxxxxxxxxxxxxxxx
<https://www.linkedin.com/in/jackwoehr/> stay connected
<https://www.linkedin.com/company/absolute-performance-inc./>

<https://www.absolute-performance.com/>
www.absolute-performance.com

NON-DISCLOSURE NOTICE: This communication including any and all
attachments is for the intended recipient(s) only and may contain

confidential and privileged information. If you are not the intended
recipient of this communication, any disclosure, copying further

distribution or use of this communication is prohibited. If you received
this communication in error, please contact the sender and

delete/destroy all copies of this communication immediately.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxxxxxxxxxx for any subscription related
questions.




As an Amazon Associate we earn from qualifying purchases.

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.