Receiving the error message when running a fromdsn command on a Windows server using Cygwin.
fromdsn-client[E]: startSocketConnection: COZ_SERVER_HOST not configured
Did I miss a configuration step?
Thanks.
COZ_SERVER_HOST not configured
Here is more information.
This error is ocurring when we are trying to add command security to the user's SSH public key. The application script was part of the z/OS job STDIN (in-line) but we moved it to the server. It appears it's running before the cozagent has had a chance to run?
command="/path/to/script" ssh-rsa .....
Is this doable? We are trying to lockdown what can run remotely for this application.
This error is ocurring when we are trying to add command security to the user's SSH public key. The application script was part of the z/OS job STDIN (in-line) but we moved it to the server. It appears it's running before the cozagent has had a chance to run?
command="/path/to/script" ssh-rsa .....
Is this doable? We are trying to lockdown what can run remotely for this application.
Co:Z Launcher uses ssh to remotely start Co:ZAgent, which in turn runs the user's logon shell on the remote system.
If you put a command in the sshd authorized keys file, it will run *instead* of CoZAgent for that key. For Co:Z Launcher to setup the correct remote environment, CoZAgent must be the target program.
See "man sshd" on your target platform for more information.
If you put a command in the sshd authorized keys file, it will run *instead* of CoZAgent for that key. For Co:Z Launcher to setup the correct remote environment, CoZAgent must be the target program.
See "man sshd" on your target platform for more information.
Gary,
I'm unclear as to whether your issue is resolved...
If you have a command in the authorized keys file for a key, it will run before the target command (cozagent). Thats not a problem, except your command can't do any fromdsn/todsn commands since the environment established by cozagent won't be present yet.
What your command/script could do is to verify that the $SSH_ORIGINAL_COMMAND is in fact cozagent, and then "exec" it. This would prevent the key from being used to run a different command.
But, I'm not clear as to the intent of what you are trying to accomplish.
Please give me a call if you want to discuss.
I'm unclear as to whether your issue is resolved...
If you have a command in the authorized keys file for a key, it will run before the target command (cozagent). Thats not a problem, except your command can't do any fromdsn/todsn commands since the environment established by cozagent won't be present yet.
What your command/script could do is to verify that the $SSH_ORIGINAL_COMMAND is in fact cozagent, and then "exec" it. This would prevent the key from being used to run a different command.
But, I'm not clear as to the intent of what you are trying to accomplish.
Please give me a call if you want to discuss.
You are right on target. We have a filter in place to inspect the command for /opt/dovetail/coz/bin/cozagent and exec it.
The purpose of this is to prevent a user from logging into the functional Unix id:
saf-ssh-agent -c keyring ssh user@server
saf-ssh-agent -c keyring ssh user@server "any cmd" < /dev/null
We were attempting to further limit the actual script cozagent would run and hence trying to use that in the authorized_keys file but that will not work. Does that help?
Thanks.
The purpose of this is to prevent a user from logging into the functional Unix id:
saf-ssh-agent -c keyring ssh user@server
saf-ssh-agent -c keyring ssh user@server "any cmd" < /dev/null
We were attempting to further limit the actual script cozagent would run and hence trying to use that in the authorized_keys file but that will not work. Does that help?
Thanks.