Password authentication failing

Discussion of Co:Z sftp, a port of OpenSSH sftp for z/OS
Post Reply
PaulB42
Posts: 27
Joined: Fri Aug 21, 2009 5:32 am

Password authentication failing

Post by PaulB42 »

I am trying to setup SFTP between a customer's mainframe and windows server. I have done this several times on other systems for this same customer.

I set up ported tools the same as on other systems, and exchanged host public keys. I could connect and authenticate from the mainframe to the windows server, but they cannot authenticate the other way. They use Bitvize Tunnelier (?) on Windows. We have tried password authentication - they are using the correct userid and password ( I know, because I can logon to TSO with it).

This is the result of attempted password authentication from syslogd
Port of Entry information retained for uid:0 pid:33555562.
Connection from 10.xx.xx.xx port 2421
Failed password for XXXXXX from 10.xx.xx.xx port 2421 ssh2
fatal: FOTS1450 Timeout before authentication for 10.xx.xx.xx
I can't understand why it is not accepting the password because I am 100% confident they have the right one. Could it be getting changed in transmission by some ascii/ebcdic conversion?

In desperation I set up a mainframe-mainframe SFTP and get the same result, password rejected.

Any suggestions welcome as I am tearing my hair out and time is running out to get this working!
Top
dovetail
Site Admin
Posts: 2025
Joined: Thu Jul 29, 2004 12:12 pm

Re: Password authentication failing

Post by dovetail »

- Have you checked your z/OS system log or security product logs for violation errors?

- The ssh session is setup before sftp is started, so please verify that you also cannot login to this z/OS server / userid with a ssh telnet session ? (like with PuTTY)

Since the problem is with the server z/OS security or SSHD, I suggest that you get a debug3 log for SSHD to syslogd.
Note: this will affect all ssh sessions to this server, so you might want to do it off-hours if this is a production system.

Override this setting in /etc/ssh/sshd_config:

Code: Select all

LogLevel DEBUG3
You will have to get sshd to reload its config:

Code: Select all

kill -HUP `cat /var/run/sshd.pid`
You can post non-confidential parts of the log and we will review.
You probably will want to open an ETR with IBM on IBM Ported Tools OpenSSH
Top
PaulB42
Posts: 27
Joined: Fri Aug 21, 2009 5:32 am

Re: Password authentication failing

Post by PaulB42 »

Thanks.
I've resolved this issue ... PermitRootLogin was set to no in sshd_config, and both users I was testing with had UID(0). Setting it to yes made a lot of difference :)

I couldn't get SSH to give me lots of debugging though, the LogLevel DEBUG3 didn't seem to have any effect. I may have to take this up with IBM
Top
Post Reply

Return to “Co:Z SFTP”