SFTP Server

[mwdazzo]

We are currently using Coz sftp client successfully. I am looking at using Coz sftp server but having problems with the activation or maybe the setup in general.

I have read the Coz sftp users guide pg 4 and forward 'coz sftp config'. I have completed the server steps and also pg 5 activating sftp. I have never worked with an sftp server before. I'd like to test doing OpenSSH sftp client on Linux -> Co:Z SFTP server on z/OS. Is other documentation I am missing? Thanks

Here's my issues,

1. I do not believe sftp server is activating, how do I tell?
2. Do you have examples of testing to connect to the server from a linux client?

[coz]

I'll assume that you edited your /etc/ssh/sshd_config and updated the sftp subsystem as directed in the documentation. Please make sure that you have restarted sshd before trying to connect:

Code: Select all

kill -HUP `cat /var/run/sshd.pid`

To connect from linux, using the OpenSSH sftp client:

Code: Select all

linux> sftp user@my.zos.com

If your zos ssh server is listening on a port other than the standard 22, you will need to specify this when you connect:

Code: Select all

linux> sftp -o Port=2222 user@my.zos.com

Once connected and authenticated, you'll have an sftp prompt, where you can issue the following command:

Code: Select all

sftp> ls /+

If you receive something like the following:

Code: Select all

Couldn't stat remote file: No such file or directory
Can't ls: "/+" not found

You aren't connected to the Co:Z SFTP server. The common issues are:

1.) You don't have a file named sftp-server.rc in your $HOME/.ssh directory
2.) You have the file, but it's not executable. To fix this, issue a "chmod +x sftp-server.rc"
3.) Less commonly, the file $COZ_HOME/bin/sftp-server.sh is not executable
4.) There might be other permissions problems with your $HOME and $HOME/.ssh directories

[mwdazzo]

I have followed the manual and your advice below. When I attempt to sftp myuserid@my.zos.com all I get is connection refused. The permissions for $HOME and $HOME/.ssh directories are either 711 or 755. Is there a way to determine why the connection is being refused? thanks

hp1dev:mdazzo:/home/mdazzo: sftp st1mat@mvstech.xxx.xxx.com
Connecting to mvstech.xxx.xxx.com...
ssh: connect to host mvstech.xxx.xxx.com port 22: Connection refused
Connection closed

[coz]

Can you connect to your system with ssh rather than sftp?

If not, then you either don't have sshd running on z/OS, or you have a firewall problem.

[mwdazzo]

Oh, I did not realize that SSH server was required on mvs. Currently it is not running. tks

[mwdazzo]

Thanks for the help, I now have sshd running on mvs and can connect. Very cool putting datasets right to mvs using sftp.

[mwdazzo]

Now that the sand box works time for the production environment. My problem is after connecting to the ssh server using cmd sftp st1mat@mymvs.com my password is not accepted, I just get permission denied. The sequence is below, how do I trouble shoot this? Thanks Matt

hp1dev:mdazzo:/home/mdazzo/.ssh: sftp st1mat@mymvs.com
Connecting to mymvs.com...
The authenticity of host 'mymvs.com (xxx.xx.39.75)' can't be established.
RSA key fingerprint is 50:59:b7d6:3e:1a:10:31:31:c5:e8:22:bb:f2:b8.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'mymvs.com,xxx.xx.39.75' (RSA) to the list of known hosts.
st1mat@mymvs.com's password:
Permission denied, please try again.
st1mat@mymvs.com's password:

[dovetail]

Here are some diagnostic suggestions:

- can you login to this MVS system with this userid using an interactive ssh shell?
- does the problem occur with all userids or just this one?
- check the syslogd files to see if you are getting any sshd messages. If you see nothing at all, then check your syslogd setup.
- check the RACF (or ESM) logs for violations

Assuming that this problem occurs for all userids, then I suspect that there are issues with either the setup of the SSHD top-level userid or with the "privilege separation" userid. Check the IBM Ported Tools User's Guide Ch 5.

[mwdazzo]

Thanks for your help, below is the error message that was on the console and the RACF command to fix it.

ICH420I PROGRAM CELHV003 FROM LIBRARY CEE.SCEERUN2 CAUSED THE ENVIRONME
T TO BECOME UNCONTROLLED.
BPXP014I ENVIRONMENT MUST BE CONTROLLED FOR DAEMON (BPX.DAEMON)
PROCESSING.

RALTER PROGRAM ** ADDMEM('CEE.SCEERUN2'//NOPADCHK)