Permission Denied
-
- Posts: 4
- Joined: Wed Oct 13, 2021 8:31 am
Permission Denied
OK. Getting FOTS1346 Permission Denied.
I've tried it with an 80-byte PW file down to a 8-byte PW file.
There are no sequence numbers anywhere.
I've manually logged into the server from OMVS on a Z/OS LPAR without issue, so I know the PW is good and that the port is open.
ANY help would be appreciated.
Here are the control statements the batch job:
rmtuser="NJSFTPD"
server="10.13.98.98"
coz_bin='/usr/local/coz621/bin'
export DISPLAY=none
ssh_opts="-oBatchMode=no"
ssh_opts="$ssh_opts -F/etc/ssh/ssh_config_nj_STD"
ssh_opts="$ssh_opts -oConnectTimeout=60"
ssh_opts="$ssh_opts -oServerAliveInterval=60"
ssh_opts="$ssh_opts -oStrictHostKeyChecking=no"
export PASSWD_DSN='//TSOSPCC.SFTP.CNTL(NJSFTPD)'
export SSH_ASKPASS=$coz_bin/read_passwd_dsn.sh
export DISPLAY=none
mvsfile='//DD:TODASD1'
rmtfile='/oracle/WEEKLY/drivers/RMODtoSAR/acaprov/acaprov.txt'
$coz_bin/cozsftp -vvv $ssh_opts -b- $rmtuser@$server <<EOB
lzopts mode=TEXT
lpwd
pwd
get $rmtfile $mvsfile -r
rm '/oracle/WEEKLY/drivers/RMODtoSAR/acaprov/acaprov.txt'
Here's the output:
CoZBatch[N]: version: 6.2.1 2021-01-15
CoZBatch[N]: Copyright (C) Dovetailed Technologies, LLC. 2005-2021. All rights reserved.
<- ()
CoZBatch: executing progname=login-shell="-/bin/sh"
Co:Z SFTP version: 6.2.1 (7.6p1) 2021-01-15
Copyright (C) Dovetailed Technologies, LLC. 2008-2021. All rights reserved.
ZosSettings[W]: Fixed section found in user config file - ignoring
Connecting to 10.13.98.98...
[04:48:58.721870] debug3: connect_to_server arg=/bin/ssh
[04:48:58.721923] debug3: connect_to_server arg=-oForwardX11 no
[04:48:58.721944] debug3: connect_to_server arg=-oForwardAgent no
[04:48:58.721965] debug3: connect_to_server arg=-oClearAllForwardings yes
[04:48:58.721985] debug3: connect_to_server arg=-v
[04:48:58.722001] debug3: connect_to_server arg=-v
[04:48:58.722022] debug3: connect_to_server arg=-v
[04:48:58.722038] debug3: connect_to_server arg=-o
[04:48:58.722058] debug3: connect_to_server arg=BatchMode=no
[04:48:58.722075] debug3: connect_to_server arg=-F
[04:48:58.722095] debug3: connect_to_server arg=/etc/ssh/ssh_config_nj_STD
[04:48:58.722112] debug3: connect_to_server arg=-o
[04:48:58.722132] debug3: connect_to_server arg=ConnectTimeout=60
[04:48:58.722149] debug3: connect_to_server arg=-o
[04:48:58.722169] debug3: connect_to_server arg=ServerAliveInterval=60
[04:48:58.722190] debug3: connect_to_server arg=-o
[04:48:58.722206] debug3: connect_to_server arg=StrictHostKeyChecking=no
[04:48:58.722227] debug3: connect_to_server arg=-obatchmode yes
[04:48:58.722247] debug3: connect_to_server arg=-l
[04:48:58.722263] debug3: connect_to_server arg=NJSFTPD
[04:48:58.722284] debug3: connect_to_server arg=-oProtocol 2
[04:48:58.722300] debug3: connect_to_server arg=-s
[04:48:58.722320] debug3: connect_to_server arg=--
[04:48:58.722337] debug3: connect_to_server arg=10.13.98.98
[04:48:58.722357] debug3: connect_to_server arg=sftp
[04:48:58.790585] debug2: setting ssh _CEE_RUNOPTS=HEAP(12M,1M,,FREE),ENVAR("_CEE_REALLOC_CONTROL=256K,25")
OpenSSH_6.4, OpenSSL 1.0.2h 3 May 2016
debug1: Reading configuration data /etc/ssh/ssh_config_nj_STD
debug3: cipher ok: aes256-cbc [aes256-cbc,aes192-cbc,aes128-cbc,aes128-ctr,aes192-ctr,aes256-ctr,rijndael-cbc@lysator.li
u.se,3des-cbc,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour]
debug3: cipher ok: aes192-cbc [aes256-cbc,aes192-cbc,aes128-cbc,aes128-ctr,aes192-ctr,aes256-ctr,rijndael-cbc@lysator.li
u.se,3des-cbc,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour]
debug3: cipher ok: aes128-cbc [aes256-cbc,aes192-cbc,aes128-cbc,aes128-ctr,aes192-ctr,aes256-ctr,rijndael-cbc@lysator.li
u.se,3des-cbc,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour]
debug3: cipher ok: aes128-ctr [aes256-cbc,aes192-cbc,aes128-cbc,aes128-ctr,aes192-ctr,aes256-ctr,rijndael-cbc@lysator.li
u.se,3des-cbc,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour]
debug3: cipher ok: aes192-ctr [aes256-cbc,aes192-cbc,aes128-cbc,aes128-ctr,aes192-ctr,aes256-ctr,rijndael-cbc@lysator.li
u.se,3des-cbc,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour]
debug3: cipher ok: aes256-ctr [aes256-cbc,aes192-cbc,aes128-cbc,aes128-ctr,aes192-ctr,aes256-ctr,rijndael-cbc@lysator.li
u.se,3des-cbc,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour]
debug3: cipher ok: rijndael-cbc@lysator.liu.se [aes256-cbc,aes192-cbc,aes128-cbc,aes128-ctr,aes192-ctr,aes256-ctr,rijnda
el-cbc@lysator.liu.se,3des-cbc,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour]
debug3: cipher ok: 3des-cbc [aes256-cbc,aes192-cbc,aes128-cbc,aes128-ctr,aes192-ctr,aes256-ctr,rijndael-cbc@lysator.liu.
se,3des-cbc,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour]
debug3: cipher ok: arcfour128 [aes256-cbc,aes192-cbc,aes128-cbc,aes128-ctr,aes192-ctr,aes256-ctr,rijndael-cbc@lysator.li
u.se,3des-cbc,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour]
debug3: cipher ok: arcfour256 [aes256-cbc,aes192-cbc,aes128-cbc,aes128-ctr,aes192-ctr,aes256-ctr,rijndael-cbc@lysator.li
u.se,3des-cbc,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour]
debug3: cipher ok: blowfish-cbc [aes256-cbc,aes192-cbc,aes128-cbc,aes128-ctr,aes192-ctr,aes256-ctr,rijndael-cbc@lysator.
liu.se,3des-cbc,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour]
debug3: cipher ok: cast128-cbc [aes256-cbc,aes192-cbc,aes128-cbc,aes128-ctr,aes192-ctr,aes256-ctr,rijndael-cbc@lysator.l
iu.se,3des-cbc,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour]
debug3: cipher ok: arcfour [aes256-cbc,aes192-cbc,aes128-cbc,aes128-ctr,aes192-ctr,aes256-ctr,rijndael-cbc@lysator.liu.s
e,3des-cbc,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour]
debug3: ciphers ok: [aes256-cbc,aes192-cbc,aes128-cbc,aes128-ctr,aes192-ctr,aes256-ctr,rijndael-cbc@lysator.liu.se,3des-
cbc,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour]
debug2: mac_setup: found hmac-sha2-256
debug3: mac ok: hmac-sha2-256 [hmac-sha2-256,hmac-sha2-512]
debug2: mac_setup: found hmac-sha2-512
debug3: mac ok: hmac-sha2-512 [hmac-sha2-256,hmac-sha2-512]
debug3: macs ok: [hmac-sha2-256,hmac-sha2-512]
debug1: Reading configuration data /etc/ssh/zos_ssh_config
debug3: setUseZEDC: 0
debug1: zsshSmfSetConnSmfStatus: SMF status is 0
debug2: ssh_connect: needpriv 0
debug1: Connecting to 10.13.98.98 [10.13.98.98] port 22.
debug2: fd 3 setting O_NONBLOCK
debug1: fd 3 clearing O_NONBLOCK
debug1: Connection established.
debug1: cipher_init: none from source OpenSSL, used in non-FIPS mode
debug1: cipher_init: none from source OpenSSL, used in non-FIPS mode
debug3: timeout: 59999 ms remain after connect
debug1: permanently_set_uid: 0/1
debug3: zsshGetpw: passwd name=TSOSPCC, uid=0, gid=1, dir=/, shell=/bin/sh
debug3: Incorrect RSA1 identifier
debug3: Could not load "/etc/ssh/id_rsa.pub" as a RSA1 public key
debug1: identity file /etc/ssh/id_rsa.pub type 1
debug1: identity file /etc/ssh/id_rsa.pub-cert type -1
debug3: Incorrect RSA1 identifier
debug3: Could not load "/etc/ssh/id_dsa.pub" as a RSA1 public key
debug1: identity file /etc/ssh/id_dsa.pub type 2
debug1: identity file /etc/ssh/id_dsa.pub-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.4
debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.1.9
debug1: no match: Sun_SSH_1.1.9
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "10.13.98.98" from file "/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /.ssh/known_hosts:11
debug3: load_hostkeys: loaded 1 keys
debug3: load_hostkeys: loading entries for host "10.13.98.98" from file "/etc/ssh/ssh_known_hosts"
debug3: load_hostkeys: loaded 0 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-rsa
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256
,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-rsa,ecdsa-sha2-nistp256-cert-v0
1@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-dss-cert-v01@openssh
.com,ssh-dss-ce
rt-v00@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-dss
debug2: kex_parse_kexinit: aes256-cbc,aes192-cbc,aes128-cbc,aes128-ctr,aes192-ctr,aes256-ctr,rijndael-cbc@lysator.liu.se
,3des-cbc,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour
debug2: kex_parse_kexinit: aes256-cbc,aes192-cbc,aes128-cbc,aes128-ctr,aes192-ctr,aes256-ctr,rijndael-cbc@lysator.liu.se
,3des-cbc,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour
debug2: kex_parse_kexinit: hmac-sha2-256,hmac-sha2-512
debug2: kex_parse_kexinit: hmac-sha2-256,hmac-sha2-512
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,diffie-hellman-group-exchange-sha256,diffie-hellman-
group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour
debug2: kex_parse_kexinit: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5
,hmac-md5-96
debug2: kex_parse_kexinit: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5
,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: af-ZA,ar-EG,ar-SA,bg-BG,bn-IN,ca-ES,cs-CZ,da-DK,de,de-AT,de-CH,de-DE,de-LU,el-CY,el-GR,en-AU,
en-CA,en-GB,en-IE,en-IN,en-MT,en-NZ,en-SG,en-US,es,es-AR,es-BO,es-CL,es-CO,es-CR,es-EC,es-ES,es-GT,es-MX,es-NI,es-PA,es-
PE,es-PY,es-SV,
es-UY,es-VE,et-EE,fi-FI,fr,fr-BE,fr-CA,fr-CH,fr-FR,fr-LU,gu-IN,he-IL,hi-IN,hr-HR,hu-HU,id-ID,is-IS,it,it-IT,ja-JP,kk-KZ,
kn-IN,ko,ko-KR,lt-LT,lv-LV,mk-MK,mr-IN,ms-MY,mt-MT,nb-NO,nl-BE,nl-NL,nn-NO,pl,pl-PL,pt-BR,pt-PT,ro-RO,ru,ru-RU,sh-BA,sk-
SK,sl-SI,sq-AL,
sr-CS,sv,sv-SE,ta-IN,te-IN,th-TH,tr-TR,uk-UA,zh,zh-CN,zh-HK,zh-SG,zh-TW,ar,ca,cz,da,el,et,fi,he,hu,ja,lt,lv,nl,no,no-NO,
no-NY,nr,pt,sr-SP,sr-YU,th,tr,i-default
debug2: kex_parse_kexinit: af-ZA,ar-EG,ar-SA,bg-BG,bn-IN,ca-ES,cs-CZ,da-DK,de,de-AT,de-CH,de-DE,de-LU,el-CY,el-GR,en-AU,
en-CA,en-GB,en-IE,en-IN,en-MT,en-NZ,en-SG,en-US,es,es-AR,es-BO,es-CL,es-CO,es-CR,es-EC,es-ES,es-GT,es-MX,es-NI,es-PA,es-
PE,es-PY,es-SV,
es-UY,es-VE,et-EE,fi-FI,fr,fr-BE,fr-CA,fr-CH,fr-FR,fr-LU,gu-IN,he-IL,hi-IN,hr-HR,hu-HU,id-ID,is-IS,it,it-IT,ja-JP,kk-KZ,
kn-IN,ko,ko-KR,lt-LT,lv-LV,mk-MK,mr-IN,ms-MY,mt-MT,nb-NO,nl-BE,nl-NL,nn-NO,pl,pl-PL,pt-BR,pt-PT,ro-RO,ru,ru-RU,sh-BA,sk-
SK,sl-SI,sq-AL,
sr-CS,sv,sv-SE,ta-IN,te-IN,th-TH,tr-TR,uk-UA,zh,zh-CN,zh-HK,zh-SG,zh-TW,ar,ca,cz,da,el,et,fi,he,hu,ja,lt,lv,nl,no,no-NO,
no-NY,nr,pt,sr-SP,sr-YU,th,tr,i-default
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug1: mac_setup_by_alg: hmac-sha2-256 from source OpenSSL, used in non-FIPS mode
debug2: mac_setup: found hmac-sha2-256
debug1: kex: server->client aes128-ctr hmac-sha2-256 none
debug1: mac_setup_by_alg: hmac-sha2-256 from source OpenSSL, used in non-FIPS mode
debug2: mac_setup: found hmac-sha2-256
debug1: kex: client->server aes128-ctr hmac-sha2-256 none
debug1: choose_kex: diffie-hellman-group-exchange-sha256 from source OpenSSL, used in non-FIPS mode
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<4096<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 265/512
debug2: bits set: 2061/4095
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA MD5 fp b3:1e:ea:55:3a:2b:8e:a7:36:d1:9f:83:d0:7a:39:32
debug3: load_hostkeys: loading entries for host "10.13.98.98" from file "/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /.ssh/known_hosts:11
debug3: load_hostkeys: loaded 1 keys
debug3: load_hostkeys: loading entries for host "10.13.98.98" from file "/etc/ssh/ssh_known_hosts"
debug3: load_hostkeys: loaded 0 keys
debug1: Host '10.13.98.98' is known and matches the RSA host key.
debug1: Found key in /.ssh/known_hosts:11
debug2: bits set: 2047/4095
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: cipher_init: aes128-ctr from source OpenSSL, used in non-FIPS mode
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: cipher_init: aes128-ctr from source OpenSSL, used in non-FIPS mode
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /etc/ssh/id_rsa.pub (1AEF8E10), explicit
debug2: key: /etc/ssh/id_dsa.pub (1AF05D68), explicit
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug3: start over, passed a different list gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug3: preferred password
debug3: authmethod_lookup password
debug3: remaining preferred:
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
debug1: read_passphrase: can't open /dev/tty: EDC5128I No such device. (errno2=0x056201A9)
debug1: permanently_drop_suid: 0
/usr/local/coz621/bin/read_passwd_dsn.sh prompt: "NJSFTPD@10.13.98.98's password: "
fromdsn(TSOSPCC.UTIL.JCL(NJSFTPD))[N]: 1 records/80 bytes read; 81 bytes written in 0.001 seconds (79.102 KBytes/sec).
debug3: packet_send2: adding 64 (len 60 padlen 4 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug3: __catgets: NLS setup complete (1), using message catalog openssh.cat
FOTS1346 Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: EDC5128I No such device. (errno2=0x056201A9)
debug1: permanently_drop_suid: 0
/usr/local/coz621/bin/read_passwd_dsn.sh prompt: "NJSFTPD@10.13.98.98's password: "
fromdsn(TSOSPCC.UTIL.JCL(NJSFTPD))[N]: 1 records/80 bytes read; 81 bytes written in 0.001 seconds (79.102 KBytes/sec).
debug3: packet_send2: adding 64 (len 60 padlen 4 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug3: __catgets: NLS setup complete (1), using message catalog openssh.cat
FOTS1346 Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: EDC5128I No such device. (errno2=0x056201A9)
debug1: permanently_drop_suid: 0
/usr/local/coz621/bin/read_passwd_dsn.sh prompt: "NJSFTPD@10.13.98.98's password: "
fromdsn(TSOSPCC.UTIL.JCL(NJSFTPD))[N]: 1 records/80 bytes read; 81 bytes written in 0.001 seconds (79.102 KBytes/sec).
debug3: packet_send2: adding 64 (len 60 padlen 4 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
debug3: __catgets: NLS setup complete (1), using message catalog openssh.cat
FOTS1373 Permission denied (gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive).
Connection closed.
[04:49:03.606068] Connection closed
[04:49:03.606157] debug1: _zos_exit(255): SSH failed to start connection (12)
CoZBatch: returning rc=exitcode=12
I've tried it with an 80-byte PW file down to a 8-byte PW file.
There are no sequence numbers anywhere.
I've manually logged into the server from OMVS on a Z/OS LPAR without issue, so I know the PW is good and that the port is open.
ANY help would be appreciated.
Here are the control statements the batch job:
rmtuser="NJSFTPD"
server="10.13.98.98"
coz_bin='/usr/local/coz621/bin'
export DISPLAY=none
ssh_opts="-oBatchMode=no"
ssh_opts="$ssh_opts -F/etc/ssh/ssh_config_nj_STD"
ssh_opts="$ssh_opts -oConnectTimeout=60"
ssh_opts="$ssh_opts -oServerAliveInterval=60"
ssh_opts="$ssh_opts -oStrictHostKeyChecking=no"
export PASSWD_DSN='//TSOSPCC.SFTP.CNTL(NJSFTPD)'
export SSH_ASKPASS=$coz_bin/read_passwd_dsn.sh
export DISPLAY=none
mvsfile='//DD:TODASD1'
rmtfile='/oracle/WEEKLY/drivers/RMODtoSAR/acaprov/acaprov.txt'
$coz_bin/cozsftp -vvv $ssh_opts -b- $rmtuser@$server <<EOB
lzopts mode=TEXT
lpwd
pwd
get $rmtfile $mvsfile -r
rm '/oracle/WEEKLY/drivers/RMODtoSAR/acaprov/acaprov.txt'
Here's the output:
CoZBatch[N]: version: 6.2.1 2021-01-15
CoZBatch[N]: Copyright (C) Dovetailed Technologies, LLC. 2005-2021. All rights reserved.
<- ()
CoZBatch: executing progname=login-shell="-/bin/sh"
Co:Z SFTP version: 6.2.1 (7.6p1) 2021-01-15
Copyright (C) Dovetailed Technologies, LLC. 2008-2021. All rights reserved.
ZosSettings[W]: Fixed section found in user config file - ignoring
Connecting to 10.13.98.98...
[04:48:58.721870] debug3: connect_to_server arg=/bin/ssh
[04:48:58.721923] debug3: connect_to_server arg=-oForwardX11 no
[04:48:58.721944] debug3: connect_to_server arg=-oForwardAgent no
[04:48:58.721965] debug3: connect_to_server arg=-oClearAllForwardings yes
[04:48:58.721985] debug3: connect_to_server arg=-v
[04:48:58.722001] debug3: connect_to_server arg=-v
[04:48:58.722022] debug3: connect_to_server arg=-v
[04:48:58.722038] debug3: connect_to_server arg=-o
[04:48:58.722058] debug3: connect_to_server arg=BatchMode=no
[04:48:58.722075] debug3: connect_to_server arg=-F
[04:48:58.722095] debug3: connect_to_server arg=/etc/ssh/ssh_config_nj_STD
[04:48:58.722112] debug3: connect_to_server arg=-o
[04:48:58.722132] debug3: connect_to_server arg=ConnectTimeout=60
[04:48:58.722149] debug3: connect_to_server arg=-o
[04:48:58.722169] debug3: connect_to_server arg=ServerAliveInterval=60
[04:48:58.722190] debug3: connect_to_server arg=-o
[04:48:58.722206] debug3: connect_to_server arg=StrictHostKeyChecking=no
[04:48:58.722227] debug3: connect_to_server arg=-obatchmode yes
[04:48:58.722247] debug3: connect_to_server arg=-l
[04:48:58.722263] debug3: connect_to_server arg=NJSFTPD
[04:48:58.722284] debug3: connect_to_server arg=-oProtocol 2
[04:48:58.722300] debug3: connect_to_server arg=-s
[04:48:58.722320] debug3: connect_to_server arg=--
[04:48:58.722337] debug3: connect_to_server arg=10.13.98.98
[04:48:58.722357] debug3: connect_to_server arg=sftp
[04:48:58.790585] debug2: setting ssh _CEE_RUNOPTS=HEAP(12M,1M,,FREE),ENVAR("_CEE_REALLOC_CONTROL=256K,25")
OpenSSH_6.4, OpenSSL 1.0.2h 3 May 2016
debug1: Reading configuration data /etc/ssh/ssh_config_nj_STD
debug3: cipher ok: aes256-cbc [aes256-cbc,aes192-cbc,aes128-cbc,aes128-ctr,aes192-ctr,aes256-ctr,rijndael-cbc@lysator.li
u.se,3des-cbc,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour]
debug3: cipher ok: aes192-cbc [aes256-cbc,aes192-cbc,aes128-cbc,aes128-ctr,aes192-ctr,aes256-ctr,rijndael-cbc@lysator.li
u.se,3des-cbc,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour]
debug3: cipher ok: aes128-cbc [aes256-cbc,aes192-cbc,aes128-cbc,aes128-ctr,aes192-ctr,aes256-ctr,rijndael-cbc@lysator.li
u.se,3des-cbc,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour]
debug3: cipher ok: aes128-ctr [aes256-cbc,aes192-cbc,aes128-cbc,aes128-ctr,aes192-ctr,aes256-ctr,rijndael-cbc@lysator.li
u.se,3des-cbc,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour]
debug3: cipher ok: aes192-ctr [aes256-cbc,aes192-cbc,aes128-cbc,aes128-ctr,aes192-ctr,aes256-ctr,rijndael-cbc@lysator.li
u.se,3des-cbc,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour]
debug3: cipher ok: aes256-ctr [aes256-cbc,aes192-cbc,aes128-cbc,aes128-ctr,aes192-ctr,aes256-ctr,rijndael-cbc@lysator.li
u.se,3des-cbc,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour]
debug3: cipher ok: rijndael-cbc@lysator.liu.se [aes256-cbc,aes192-cbc,aes128-cbc,aes128-ctr,aes192-ctr,aes256-ctr,rijnda
el-cbc@lysator.liu.se,3des-cbc,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour]
debug3: cipher ok: 3des-cbc [aes256-cbc,aes192-cbc,aes128-cbc,aes128-ctr,aes192-ctr,aes256-ctr,rijndael-cbc@lysator.liu.
se,3des-cbc,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour]
debug3: cipher ok: arcfour128 [aes256-cbc,aes192-cbc,aes128-cbc,aes128-ctr,aes192-ctr,aes256-ctr,rijndael-cbc@lysator.li
u.se,3des-cbc,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour]
debug3: cipher ok: arcfour256 [aes256-cbc,aes192-cbc,aes128-cbc,aes128-ctr,aes192-ctr,aes256-ctr,rijndael-cbc@lysator.li
u.se,3des-cbc,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour]
debug3: cipher ok: blowfish-cbc [aes256-cbc,aes192-cbc,aes128-cbc,aes128-ctr,aes192-ctr,aes256-ctr,rijndael-cbc@lysator.
liu.se,3des-cbc,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour]
debug3: cipher ok: cast128-cbc [aes256-cbc,aes192-cbc,aes128-cbc,aes128-ctr,aes192-ctr,aes256-ctr,rijndael-cbc@lysator.l
iu.se,3des-cbc,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour]
debug3: cipher ok: arcfour [aes256-cbc,aes192-cbc,aes128-cbc,aes128-ctr,aes192-ctr,aes256-ctr,rijndael-cbc@lysator.liu.s
e,3des-cbc,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour]
debug3: ciphers ok: [aes256-cbc,aes192-cbc,aes128-cbc,aes128-ctr,aes192-ctr,aes256-ctr,rijndael-cbc@lysator.liu.se,3des-
cbc,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour]
debug2: mac_setup: found hmac-sha2-256
debug3: mac ok: hmac-sha2-256 [hmac-sha2-256,hmac-sha2-512]
debug2: mac_setup: found hmac-sha2-512
debug3: mac ok: hmac-sha2-512 [hmac-sha2-256,hmac-sha2-512]
debug3: macs ok: [hmac-sha2-256,hmac-sha2-512]
debug1: Reading configuration data /etc/ssh/zos_ssh_config
debug3: setUseZEDC: 0
debug1: zsshSmfSetConnSmfStatus: SMF status is 0
debug2: ssh_connect: needpriv 0
debug1: Connecting to 10.13.98.98 [10.13.98.98] port 22.
debug2: fd 3 setting O_NONBLOCK
debug1: fd 3 clearing O_NONBLOCK
debug1: Connection established.
debug1: cipher_init: none from source OpenSSL, used in non-FIPS mode
debug1: cipher_init: none from source OpenSSL, used in non-FIPS mode
debug3: timeout: 59999 ms remain after connect
debug1: permanently_set_uid: 0/1
debug3: zsshGetpw: passwd name=TSOSPCC, uid=0, gid=1, dir=/, shell=/bin/sh
debug3: Incorrect RSA1 identifier
debug3: Could not load "/etc/ssh/id_rsa.pub" as a RSA1 public key
debug1: identity file /etc/ssh/id_rsa.pub type 1
debug1: identity file /etc/ssh/id_rsa.pub-cert type -1
debug3: Incorrect RSA1 identifier
debug3: Could not load "/etc/ssh/id_dsa.pub" as a RSA1 public key
debug1: identity file /etc/ssh/id_dsa.pub type 2
debug1: identity file /etc/ssh/id_dsa.pub-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.4
debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.1.9
debug1: no match: Sun_SSH_1.1.9
debug2: fd 3 setting O_NONBLOCK
debug3: load_hostkeys: loading entries for host "10.13.98.98" from file "/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /.ssh/known_hosts:11
debug3: load_hostkeys: loaded 1 keys
debug3: load_hostkeys: loading entries for host "10.13.98.98" from file "/etc/ssh/ssh_known_hosts"
debug3: load_hostkeys: loaded 0 keys
debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-rsa
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256
,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-rsa,ecdsa-sha2-nistp256-cert-v0
1@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-dss-cert-v01@openssh
.com,ssh-dss-ce
rt-v00@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-dss
debug2: kex_parse_kexinit: aes256-cbc,aes192-cbc,aes128-cbc,aes128-ctr,aes192-ctr,aes256-ctr,rijndael-cbc@lysator.liu.se
,3des-cbc,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour
debug2: kex_parse_kexinit: aes256-cbc,aes192-cbc,aes128-cbc,aes128-ctr,aes192-ctr,aes256-ctr,rijndael-cbc@lysator.liu.se
,3des-cbc,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour
debug2: kex_parse_kexinit: hmac-sha2-256,hmac-sha2-512
debug2: kex_parse_kexinit: hmac-sha2-256,hmac-sha2-512
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,diffie-hellman-group-exchange-sha256,diffie-hellman-
group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour
debug2: kex_parse_kexinit: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5
,hmac-md5-96
debug2: kex_parse_kexinit: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5
,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: af-ZA,ar-EG,ar-SA,bg-BG,bn-IN,ca-ES,cs-CZ,da-DK,de,de-AT,de-CH,de-DE,de-LU,el-CY,el-GR,en-AU,
en-CA,en-GB,en-IE,en-IN,en-MT,en-NZ,en-SG,en-US,es,es-AR,es-BO,es-CL,es-CO,es-CR,es-EC,es-ES,es-GT,es-MX,es-NI,es-PA,es-
PE,es-PY,es-SV,
es-UY,es-VE,et-EE,fi-FI,fr,fr-BE,fr-CA,fr-CH,fr-FR,fr-LU,gu-IN,he-IL,hi-IN,hr-HR,hu-HU,id-ID,is-IS,it,it-IT,ja-JP,kk-KZ,
kn-IN,ko,ko-KR,lt-LT,lv-LV,mk-MK,mr-IN,ms-MY,mt-MT,nb-NO,nl-BE,nl-NL,nn-NO,pl,pl-PL,pt-BR,pt-PT,ro-RO,ru,ru-RU,sh-BA,sk-
SK,sl-SI,sq-AL,
sr-CS,sv,sv-SE,ta-IN,te-IN,th-TH,tr-TR,uk-UA,zh,zh-CN,zh-HK,zh-SG,zh-TW,ar,ca,cz,da,el,et,fi,he,hu,ja,lt,lv,nl,no,no-NO,
no-NY,nr,pt,sr-SP,sr-YU,th,tr,i-default
debug2: kex_parse_kexinit: af-ZA,ar-EG,ar-SA,bg-BG,bn-IN,ca-ES,cs-CZ,da-DK,de,de-AT,de-CH,de-DE,de-LU,el-CY,el-GR,en-AU,
en-CA,en-GB,en-IE,en-IN,en-MT,en-NZ,en-SG,en-US,es,es-AR,es-BO,es-CL,es-CO,es-CR,es-EC,es-ES,es-GT,es-MX,es-NI,es-PA,es-
PE,es-PY,es-SV,
es-UY,es-VE,et-EE,fi-FI,fr,fr-BE,fr-CA,fr-CH,fr-FR,fr-LU,gu-IN,he-IL,hi-IN,hr-HR,hu-HU,id-ID,is-IS,it,it-IT,ja-JP,kk-KZ,
kn-IN,ko,ko-KR,lt-LT,lv-LV,mk-MK,mr-IN,ms-MY,mt-MT,nb-NO,nl-BE,nl-NL,nn-NO,pl,pl-PL,pt-BR,pt-PT,ro-RO,ru,ru-RU,sh-BA,sk-
SK,sl-SI,sq-AL,
sr-CS,sv,sv-SE,ta-IN,te-IN,th-TH,tr-TR,uk-UA,zh,zh-CN,zh-HK,zh-SG,zh-TW,ar,ca,cz,da,el,et,fi,he,hu,ja,lt,lv,nl,no,no-NO,
no-NY,nr,pt,sr-SP,sr-YU,th,tr,i-default
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug1: mac_setup_by_alg: hmac-sha2-256 from source OpenSSL, used in non-FIPS mode
debug2: mac_setup: found hmac-sha2-256
debug1: kex: server->client aes128-ctr hmac-sha2-256 none
debug1: mac_setup_by_alg: hmac-sha2-256 from source OpenSSL, used in non-FIPS mode
debug2: mac_setup: found hmac-sha2-256
debug1: kex: client->server aes128-ctr hmac-sha2-256 none
debug1: choose_kex: diffie-hellman-group-exchange-sha256 from source OpenSSL, used in non-FIPS mode
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<4096<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 265/512
debug2: bits set: 2061/4095
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Server host key: RSA MD5 fp b3:1e:ea:55:3a:2b:8e:a7:36:d1:9f:83:d0:7a:39:32
debug3: load_hostkeys: loading entries for host "10.13.98.98" from file "/.ssh/known_hosts"
debug3: load_hostkeys: found key type RSA in file /.ssh/known_hosts:11
debug3: load_hostkeys: loaded 1 keys
debug3: load_hostkeys: loading entries for host "10.13.98.98" from file "/etc/ssh/ssh_known_hosts"
debug3: load_hostkeys: loaded 0 keys
debug1: Host '10.13.98.98' is known and matches the RSA host key.
debug1: Found key in /.ssh/known_hosts:11
debug2: bits set: 2047/4095
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: cipher_init: aes128-ctr from source OpenSSL, used in non-FIPS mode
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: cipher_init: aes128-ctr from source OpenSSL, used in non-FIPS mode
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /etc/ssh/id_rsa.pub (1AEF8E10), explicit
debug2: key: /etc/ssh/id_dsa.pub (1AF05D68), explicit
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug3: start over, passed a different list gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug3: preferred password
debug3: authmethod_lookup password
debug3: remaining preferred:
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
debug1: read_passphrase: can't open /dev/tty: EDC5128I No such device. (errno2=0x056201A9)
debug1: permanently_drop_suid: 0
/usr/local/coz621/bin/read_passwd_dsn.sh prompt: "NJSFTPD@10.13.98.98's password: "
fromdsn(TSOSPCC.UTIL.JCL(NJSFTPD))[N]: 1 records/80 bytes read; 81 bytes written in 0.001 seconds (79.102 KBytes/sec).
debug3: packet_send2: adding 64 (len 60 padlen 4 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug3: __catgets: NLS setup complete (1), using message catalog openssh.cat
FOTS1346 Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: EDC5128I No such device. (errno2=0x056201A9)
debug1: permanently_drop_suid: 0
/usr/local/coz621/bin/read_passwd_dsn.sh prompt: "NJSFTPD@10.13.98.98's password: "
fromdsn(TSOSPCC.UTIL.JCL(NJSFTPD))[N]: 1 records/80 bytes read; 81 bytes written in 0.001 seconds (79.102 KBytes/sec).
debug3: packet_send2: adding 64 (len 60 padlen 4 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug3: __catgets: NLS setup complete (1), using message catalog openssh.cat
FOTS1346 Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: EDC5128I No such device. (errno2=0x056201A9)
debug1: permanently_drop_suid: 0
/usr/local/coz621/bin/read_passwd_dsn.sh prompt: "NJSFTPD@10.13.98.98's password: "
fromdsn(TSOSPCC.UTIL.JCL(NJSFTPD))[N]: 1 records/80 bytes read; 81 bytes written in 0.001 seconds (79.102 KBytes/sec).
debug3: packet_send2: adding 64 (len 60 padlen 4 extra_pad 64)
debug2: we sent a password packet, wait for reply
debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
debug3: __catgets: NLS setup complete (1), using message catalog openssh.cat
FOTS1373 Permission denied (gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive).
Connection closed.
[04:49:03.606068] Connection closed
[04:49:03.606157] debug1: _zos_exit(255): SSH failed to start connection (12)
CoZBatch: returning rc=exitcode=12
Re: Permission Denied
What was done to correct your issue? I am have the same problem
fromdsn(xxxxxx.x.xxxL(PWD))ÝN¨: 1 records/80 bytes read; 81 bytes written in 0 m
FOTS1346 Permission denied, please try again.
fromdsn(xxxxxx.x.xxxL(PWD))ÝN¨: 1 records/80 bytes read; 81 bytes written in 0 m
FOTS1346 Permission denied, please try again.
Re: Permission Denied
upated post to notify me
Re: Permission Denied
This is an error message from IBM z/OS OpenSSH, which indicates that ssh authentication failed:
FOTS1346 Permission denied, please try again.
This message is from the Co:Z read_passwd_dsn.sh script, which is used to read your password and supply it to z/OS OpenSSH:
fromdsn(xxxxxx.x.xxxL(PWD))ÝN¨: 1 records/80 bytes read; 81 bytes written in 0 m
The 81 bytes written means that the password was 80 bytes, plus one byte for a line terminator.
Therefore, you should check you password.
FOTS1346 Permission denied, please try again.
This message is from the Co:Z read_passwd_dsn.sh script, which is used to read your password and supply it to z/OS OpenSSH:
fromdsn(xxxxxx.x.xxxL(PWD))ÝN¨: 1 records/80 bytes read; 81 bytes written in 0 m
The 81 bytes written means that the password was 80 bytes, plus one byte for a line terminator.
Therefore, you should check you password.
Re: Permission Denied
I have check the password file it is FB 80 nonum
not to reveal password i x it out
xxxxxxxx
xxxxxxxx4444444444444444444444444444444444444444444444444444444444444444
xxxxxxxx0000000000000000000000000000000000000000000000000000000000000000
Also one of my team members tunning the same jcl connects while getting
1 records/80 bytes read; 81 bytes written in 0 m
use a similar pwd file
not to reveal password i x it out
xxxxxxxx
xxxxxxxx4444444444444444444444444444444444444444444444444444444444444444
xxxxxxxx0000000000000000000000000000000000000000000000000000000000000000
Also one of my team members tunning the same jcl connects while getting
1 records/80 bytes read; 81 bytes written in 0 m
use a similar pwd file
Re: Permission Denied
Sorry, I was wrong, this message doesn't mean that the password was 80 bytes:
fromdsn(xxxxxx.x.xxxL(PWD))ÝN¨: 1 records/80 bytes read; 81 bytes written in 0 ms
In older versions of Co:Z this was the password length + 1, but it was changed so that the length of the password is no longer displayed.
If you want to verify that the password is being read correctly, you can do the following from a z/OS Unix shell (logged into a userid that can read the password dataset):
> export PATH=$PATH:<coz home>/bin
> export PASSWD_DSN="HLQ.XXX(MEMBER)"
> echo /$(read_passwd_dsn.sh)/
fromdsn(HLQ.XXX(MEMBER)))[N]: 1 records/80 bytes read; 81 bytes written in 0 milliseconds.
/Test123/
The last line is the password that will be provided to /bin/ssh, enclosed in slashes.
Even if the password is correct, there might be other problems with the SSH connection authentication. The server may be prompting for something besides a password. The way to see is to do a trace of the z/OS OpenSSH client by adding "-vvv" to the cozsftp command. This trace will usually provide enough details to see why the server is not allowing the authentication to proceed.
fromdsn(xxxxxx.x.xxxL(PWD))ÝN¨: 1 records/80 bytes read; 81 bytes written in 0 ms
In older versions of Co:Z this was the password length + 1, but it was changed so that the length of the password is no longer displayed.
If you want to verify that the password is being read correctly, you can do the following from a z/OS Unix shell (logged into a userid that can read the password dataset):
> export PATH=$PATH:<coz home>/bin
> export PASSWD_DSN="HLQ.XXX(MEMBER)"
> echo /$(read_passwd_dsn.sh)/
fromdsn(HLQ.XXX(MEMBER)))[N]: 1 records/80 bytes read; 81 bytes written in 0 milliseconds.
/Test123/
The last line is the password that will be provided to /bin/ssh, enclosed in slashes.
Even if the password is correct, there might be other problems with the SSH connection authentication. The server may be prompting for something besides a password. The way to see is to do a trace of the z/OS OpenSSH client by adding "-vvv" to the cozsftp command. This trace will usually provide enough details to see why the server is not allowing the authentication to proceed.
Re: Permission Denied
Thanks the results
$ export PATH=$PATH:/usr/lpp/coz/bin
$ export PASSWD_DSN="p544at.a.cntl(pwd)"
$ echo /$(read_passwd_dsn.sh)/
/usr/lpp/coz/bin/read_passwd_dsn.sh prompt: "Enter password: "
fromdsn(Pxxxxx.CNTL(PWD))ÝN¨: 1 records/80 bytes read; 81 bytes written in 0 m
illiseconds.
/#Xxxxxx7/
$
correct password
$ export PATH=$PATH:/usr/lpp/coz/bin
$ export PASSWD_DSN="p544at.a.cntl(pwd)"
$ echo /$(read_passwd_dsn.sh)/
/usr/lpp/coz/bin/read_passwd_dsn.sh prompt: "Enter password: "
fromdsn(Pxxxxx.CNTL(PWD))ÝN¨: 1 records/80 bytes read; 81 bytes written in 0 m
illiseconds.
/#Xxxxxx7/
$
correct password
Re: Permission Denied
Even if the password is correct, there might be other problems with the SSH connection authentication. The server may be prompting for something besides a password. The way to see is to do a trace of the z/OS OpenSSH client by adding "-vvv" to the cozsftp command. This trace will usually provide enough details to see why the server is not allowing the authentication to proceed.
Re: Permission Denied
not being to firmiliar with this could you tell me how to specify -vvv for the trace?
Re: Permission Denied
It depends on how you are invoking cozsftp.
If you are using our sample JCL and scripts: https://dovetail.com/docs/sftp/client.html#client-batch
then add:
sftp_opts="$sftp_opts -vvv"
You might first want to try running cozsftp interactively, from a Unix shell with the same z/OS userid as the batch job.
> cozsftp -vvv user@host
try entering the password interactively and see if you can log in.
Note: for interatively entering passwords, log on to a z/OS Unix shell using ssh (like PuTTY from Windows). The TSO OMVS shell won't allow you to enter secure passwords for z/OS OpenSSH.
If you are using our sample JCL and scripts: https://dovetail.com/docs/sftp/client.html#client-batch
then add:
sftp_opts="$sftp_opts -vvv"
You might first want to try running cozsftp interactively, from a Unix shell with the same z/OS userid as the batch job.
> cozsftp -vvv user@host
try entering the password interactively and see if you can log in.
Note: for interatively entering passwords, log on to a z/OS Unix shell using ssh (like PuTTY from Windows). The TSO OMVS shell won't allow you to enter secure passwords for z/OS OpenSSH.
Re: Permission Denied
1
CoZBatchÝN¨: version: 6.2.1 2021-01-15
CoZBatchÝN¨: Copyright (C) Dovetailed Technologies, LLC. 2005-2021. All rights reserved.
<- ()
CoZBatchÝI¨: executing progname=login-shell="-/bin/sh"
Connect using SSH_ASKPASS, password will be read from xxxxx.x.xxxx(PWD)...
Executing: /usr/lpp/coz/bin/cozsftp -oBatchMode=no -oConnectTimeout=60 -oServerAliveInterval=60 -oPubkeyAuthentication=
no -oStrictHostKeyChecking=no -vvv -b- 'pxxxxx@10.225.199.2'
Co:Z SFTP version: 6.2.1 (7.6p1) 2021-01-15
Copyright (C) Dovetailed Technologies, LLC. 2008-2021. All rights reserved.
Connecting to xx.xxx.xxx.x...
Ý13:17:50.677200¨ debug3: connect_to_server arg=/bin/ssh
Ý13:17:50.677231¨ debug3: connect_to_server arg=-oForwardX11 no
Ý13:17:50.677251¨ debug3: connect_to_server arg=-oForwardAgent no
Ý13:17:50.677254¨ debug3: connect_to_server arg=-oClearAllForwardings yes
Ý13:17:50.677260¨ debug3: connect_to_server arg=-o
Ý13:17:50.677265¨ debug3: connect_to_server arg=BatchMode=no
Ý13:17:50.677268¨ debug3: connect_to_server arg=-o
Ý13:17:50.677271¨ debug3: connect_to_server arg=ConnectTimeout=60
Ý13:17:50.677273¨ debug3: connect_to_server arg=-o
Ý13:17:50.677276¨ debug3: connect_to_server arg=ServerAliveInterval=60
Ý13:17:50.677279¨ debug3: connect_to_server arg=-o
Ý13:17:50.677282¨ debug3: connect_to_server arg=PubkeyAuthentication=no
Ý13:17:50.677284¨ debug3: connect_to_server arg=-o
Ý13:17:50.677288¨ debug3: connect_to_server arg=StrictHostKeyChecking=no
Ý13:17:50.677290¨ debug3: connect_to_server arg=-v
Ý13:17:50.677303¨ debug3: connect_to_server arg=-v
Ý13:17:50.677306¨ debug3: connect_to_server arg=-v
Ý13:17:50.677318¨ debug3: connect_to_server arg=-obatchmode yes
Ý13:17:50.677321¨ debug3: connect_to_server arg=-l
Ý13:17:50.677323¨ debug3: connect_to_server arg=p544at
Ý13:17:50.677326¨ debug3: connect_to_server arg=-oProtocol 2
Ý13:17:50.677371¨ debug3: connect_to_server arg=-s
Ý13:17:50.677423¨ debug3: connect_to_server arg=--
Ý13:17:50.677528¨ debug3: connect_to_server arg=10.225.199.2
Ý13:17:50.677551¨ debug3: connect_to_server arg=sftp
Ý13:17:50.685674¨ debug2: setting ssh _CEE_RUNOPTS=HEAP(12M,1M,,FREE),ENVAR("_CEE_REALLOC_CONTROL=256K,25")
OpenSSH_7.6p1, LibreSSL 3.0.2
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Reading configuration data /etc/ssh/zos_ssh_config
debug3: setUseZEDC: 0
debug1: zsshSmfSetConnSmfStatus: SMF status is 0
debug2: resolving "xx.xxx.xxx.x" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to xx.xxx.xxx.x Ýxx.xxx.xxx.x¨ port 22.
debug2: fd 3 setting O_NONBLOCK
debug1: fd 3 clearing O_NONBLOCK
debug1: Connection established.
debug1: cipher_init: none from source none, used in non-FIPS mode
debug1: cipher_init: none from source none, used in non-FIPS mode
debug3: zssh_packet_configure_socket: current getsockopt(3, SOL_SOCKET,SO_SNDBUF) = 65535
debug3: zssh_packet_configure_socket: setsockopt(3, SOL_SOCKET, SO_SNDBUF, 65536) succeeded
debug3: zssh_packet_configure_socket: current getsockopt(3, SOL_SOCKET,SO_RCVBUF) = 65535
debug3: zssh_packet_configure_socket: setsockopt(3, SOL_SOCKET, SO_RCVBUF, 65536) succeeded
debug3: timeout: 58319 ms remain after connect
debug3: zsshGetpw: passwd name=Pxxxxx, uid=107079, gid=0, dir=/u/p544at, shell=/bin/sh
debug1: key_load_public: EDC5129I No such file or directory. (errno2=0x05620062)
debug1: identity file /u/xxxxxx/.ssh/id_rsa type -1
debug1: key_load_public: EDC5129I No such file or directory. (errno2=0x05620062)
debug1: identity file /u/xxxxxx/.ssh/id_rsa-cert type -1
debug1: key_load_public: EDC5129I No such file or directory. (errno2=0x05620062)
debug1: identity file /u/xxxxxx/.ssh/id_dsa type -1
debug1: key_load_public: EDC5129I No such file or directory. (errno2=0x05620062)
debug1: identity file /u/xxxxxx/.ssh/id_dsa-cert type -1
debug1: key_load_public: EDC5129I No such file or directory. (errno2=0x05620062)
debug1: identity file /u/xxxxxx/.ssh/id_ecdsa type -1
debug1: key_load_public: EDC5129I No such file or directory. (errno2=0x05620062)
debug1: identity file /u/xxxxxx/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: EDC5129I No such file or directory. (errno2=0x05620062)
debug1: identity file /u/xxxxxxt/.ssh/id_ed25519 type -1
debug1: key_load_public: EDC5129I No such file or directory. (errno2=0x05620062)
debug1: identity file /u/xxxxxx/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6
debug1: match: OpenSSH_7.6 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to xx.xxx.xxx.x:22 as 'xxxxxx'
debug3: hostkeys_foreach: reading file "/u/xxxxxxt/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file /u/xxxxxx/.ssh/known_hosts:142
debug3: record_hostkey: found key type RSA in file /u/xxxxxx/.ssh/known_hosts:144
debug3: load_hostkeys: loaded 2 keys from xx.xxx.xxx.x
debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-n
istp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-
group-exchange-
sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256-cert-v01
@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@open
ssh.com,ecdsa-s
ha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519
debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@open
ssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@open
ssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-n
istp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-
group-exchange-
sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@o
penssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@o
penssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@open
ssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@open
ssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256
debug1: choose_kex: curve25519-sha256 from source OpenSSL, used in non-FIPS mode
debug1: kex: host key algorithm: rsa-sha2-512
debug1: mac_setup_by_alg: umac-64-etm@openssh.com from source OpenSSL, used in non-FIPS mode
debug1: kex: server->client cipher: aes128-ctr MAC: umac-64-etm@openssh.com compression: none
debug1: mac_setup_by_alg: umac-64-etm@openssh.com from source OpenSSL, used in non-FIPS mode
debug1: kex: client->server cipher: aes128-ctr MAC: umac-64-etm@openssh.com compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ssh-rsa SHA256:KTYzPqgQjDlG+YbA5VF8432xZ/T0RUWLSq0Df+z1yUU
debug3: hostkeys_foreach: reading file "/u/xxxxxx/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file /u/xxxxxx/.ssh/known_hosts:142
debug3: record_hostkey: found key type RSA in file /u/xxxxxx/.ssh/known_hosts:144
debug3: load_hostkeys: loaded 2 keys from xx.xxx.xxx.x
debug1: Host 'xx.xxx.xxx.x' is known and matches the RSA host key.
debug1: Found key in /u/xxxxxx/.ssh/known_hosts:142
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: cipher_init: aes128-ctr from source CPACF, used in non-FIPS mode
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: cipher_init: aes128-ctr from source CPACF, used in non-FIPS mode
debug1: rekey after 4294967296 blocks
debug2: key: /u/xxxxxx/.ssh/id_rsa (0)
debug2: key: /u/xxxxxx/.ssh/id_dsa (0)
debug2: key: /u/xxxxxx/.ssh/id_ecdsa (0)
debug2: key: /u/xxxxxx/.ssh/id_ed25519 (0)
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,e
cdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred keyboard-interactive,password
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
debug1: read_passphrase: can't open /dev/tty: EDC5128I No such device. (errno2=0x056201A9)
debug1: permanently_drop_suid: 107079
/usr/lpp/coz/bin/read_passwd_dsn.sh prompt: "xxxxxx@xx.xxx.xxx.x's password: "
13.17.52 S0173097 JHN302I Performance Essential NonVSAM Component is Active
fromdsn(PxxxxxA.xxx(PWD))ÝN¨: 1 records/80 bytes read; 81 bytes written in 0 milliseconds.
debug3: send packet: type 50
debug2: we sent a password packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug3: __catgets: NLS setup complete (1), using message catalog openssh.cat
FOTS1346 Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: EDC5128I No such device. (errno2=0x056201A9)
debug1: permanently_drop_suid: 107079
/usr/lpp/coz/bin/read_passwd_dsn.sh prompt: "xxxxxx@xx.xxx.xxx.x2's password: "
13.17.52 S0164463 JHN302I Performance Essential NonVSAM Component is Active
fromdsn(Pxxxxxx.CNTL(PWD))ÝN¨: 1 records/80 bytes read; 81 bytes written in 0 milliseconds.
debug3: send packet: type 50
debug2: we sent a password packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug3: __catgets: NLS setup complete (1), using message catalog openssh.cat
FOTS1346 Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: EDC5128I No such device. (errno2=0x056201A9)
debug1: permanently_drop_suid: 107079
/usr/lpp/coz/bin/read_passwd_dsn.sh prompt: "xxxxxx@xx.xxx.xxx.x's password: "
13.17.53 S0157311 JHN302I Performance Essential NonVSAM Component is Active
fromdsn(xxxxxx.x.xxxx(PWD))ÝN¨: 1 records/80 bytes read; 81 bytes written in 0 milliseconds.
debug3: send packet: type 50
debug2: we sent a password packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
debug3: __catgets: NLS setup complete (1), using message catalog openssh.cat
FOTS1373 xxxxxx@xx.xxx.xxx.x: Permission denied (publickey,password).
debug3: zsshZertSetAttributes(5): SECATTR_IOCTL: 010205000000113c0000000038b7f5e0c9c2d440d6978595e2e2c840404040400000000
0000000000000000000000000
debug3: zsshZertSetAttributes(5): _SECATTR_SSH_SPEC: 0200c00000000000e2c6e3d7c340404000020000000f00110013000f00110013000
100000001000000000000
debug3: zERT SIOCSECATTR failed: EDC5247I Operation not supported. (errno2=0x76647365)
Ý13:17:53.157063¨ Connection closed
Ý13:17:53.157110¨ debug1: _zos_exit(255): SSH failed to start connection (12)
CoZBatchÝI¨: returning rc=exitcode=12
CoZBatchÝN¨: version: 6.2.1 2021-01-15
CoZBatchÝN¨: Copyright (C) Dovetailed Technologies, LLC. 2005-2021. All rights reserved.
<- ()
CoZBatchÝI¨: executing progname=login-shell="-/bin/sh"
Connect using SSH_ASKPASS, password will be read from xxxxx.x.xxxx(PWD)...
Executing: /usr/lpp/coz/bin/cozsftp -oBatchMode=no -oConnectTimeout=60 -oServerAliveInterval=60 -oPubkeyAuthentication=
no -oStrictHostKeyChecking=no -vvv -b- 'pxxxxx@10.225.199.2'
Co:Z SFTP version: 6.2.1 (7.6p1) 2021-01-15
Copyright (C) Dovetailed Technologies, LLC. 2008-2021. All rights reserved.
Connecting to xx.xxx.xxx.x...
Ý13:17:50.677200¨ debug3: connect_to_server arg=/bin/ssh
Ý13:17:50.677231¨ debug3: connect_to_server arg=-oForwardX11 no
Ý13:17:50.677251¨ debug3: connect_to_server arg=-oForwardAgent no
Ý13:17:50.677254¨ debug3: connect_to_server arg=-oClearAllForwardings yes
Ý13:17:50.677260¨ debug3: connect_to_server arg=-o
Ý13:17:50.677265¨ debug3: connect_to_server arg=BatchMode=no
Ý13:17:50.677268¨ debug3: connect_to_server arg=-o
Ý13:17:50.677271¨ debug3: connect_to_server arg=ConnectTimeout=60
Ý13:17:50.677273¨ debug3: connect_to_server arg=-o
Ý13:17:50.677276¨ debug3: connect_to_server arg=ServerAliveInterval=60
Ý13:17:50.677279¨ debug3: connect_to_server arg=-o
Ý13:17:50.677282¨ debug3: connect_to_server arg=PubkeyAuthentication=no
Ý13:17:50.677284¨ debug3: connect_to_server arg=-o
Ý13:17:50.677288¨ debug3: connect_to_server arg=StrictHostKeyChecking=no
Ý13:17:50.677290¨ debug3: connect_to_server arg=-v
Ý13:17:50.677303¨ debug3: connect_to_server arg=-v
Ý13:17:50.677306¨ debug3: connect_to_server arg=-v
Ý13:17:50.677318¨ debug3: connect_to_server arg=-obatchmode yes
Ý13:17:50.677321¨ debug3: connect_to_server arg=-l
Ý13:17:50.677323¨ debug3: connect_to_server arg=p544at
Ý13:17:50.677326¨ debug3: connect_to_server arg=-oProtocol 2
Ý13:17:50.677371¨ debug3: connect_to_server arg=-s
Ý13:17:50.677423¨ debug3: connect_to_server arg=--
Ý13:17:50.677528¨ debug3: connect_to_server arg=10.225.199.2
Ý13:17:50.677551¨ debug3: connect_to_server arg=sftp
Ý13:17:50.685674¨ debug2: setting ssh _CEE_RUNOPTS=HEAP(12M,1M,,FREE),ENVAR("_CEE_REALLOC_CONTROL=256K,25")
OpenSSH_7.6p1, LibreSSL 3.0.2
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Reading configuration data /etc/ssh/zos_ssh_config
debug3: setUseZEDC: 0
debug1: zsshSmfSetConnSmfStatus: SMF status is 0
debug2: resolving "xx.xxx.xxx.x" port 22
debug2: ssh_connect_direct: needpriv 0
debug1: Connecting to xx.xxx.xxx.x Ýxx.xxx.xxx.x¨ port 22.
debug2: fd 3 setting O_NONBLOCK
debug1: fd 3 clearing O_NONBLOCK
debug1: Connection established.
debug1: cipher_init: none from source none, used in non-FIPS mode
debug1: cipher_init: none from source none, used in non-FIPS mode
debug3: zssh_packet_configure_socket: current getsockopt(3, SOL_SOCKET,SO_SNDBUF) = 65535
debug3: zssh_packet_configure_socket: setsockopt(3, SOL_SOCKET, SO_SNDBUF, 65536) succeeded
debug3: zssh_packet_configure_socket: current getsockopt(3, SOL_SOCKET,SO_RCVBUF) = 65535
debug3: zssh_packet_configure_socket: setsockopt(3, SOL_SOCKET, SO_RCVBUF, 65536) succeeded
debug3: timeout: 58319 ms remain after connect
debug3: zsshGetpw: passwd name=Pxxxxx, uid=107079, gid=0, dir=/u/p544at, shell=/bin/sh
debug1: key_load_public: EDC5129I No such file or directory. (errno2=0x05620062)
debug1: identity file /u/xxxxxx/.ssh/id_rsa type -1
debug1: key_load_public: EDC5129I No such file or directory. (errno2=0x05620062)
debug1: identity file /u/xxxxxx/.ssh/id_rsa-cert type -1
debug1: key_load_public: EDC5129I No such file or directory. (errno2=0x05620062)
debug1: identity file /u/xxxxxx/.ssh/id_dsa type -1
debug1: key_load_public: EDC5129I No such file or directory. (errno2=0x05620062)
debug1: identity file /u/xxxxxx/.ssh/id_dsa-cert type -1
debug1: key_load_public: EDC5129I No such file or directory. (errno2=0x05620062)
debug1: identity file /u/xxxxxx/.ssh/id_ecdsa type -1
debug1: key_load_public: EDC5129I No such file or directory. (errno2=0x05620062)
debug1: identity file /u/xxxxxx/.ssh/id_ecdsa-cert type -1
debug1: key_load_public: EDC5129I No such file or directory. (errno2=0x05620062)
debug1: identity file /u/xxxxxxt/.ssh/id_ed25519 type -1
debug1: key_load_public: EDC5129I No such file or directory. (errno2=0x05620062)
debug1: identity file /u/xxxxxx/.ssh/id_ed25519-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_7.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_7.6
debug1: match: OpenSSH_7.6 pat OpenSSH* compat 0x04000000
debug2: fd 3 setting O_NONBLOCK
debug1: Authenticating to xx.xxx.xxx.x:22 as 'xxxxxx'
debug3: hostkeys_foreach: reading file "/u/xxxxxxt/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file /u/xxxxxx/.ssh/known_hosts:142
debug3: record_hostkey: found key type RSA in file /u/xxxxxx/.ssh/known_hosts:144
debug3: load_hostkeys: loaded 2 keys from xx.xxx.xxx.x
debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa
debug3: send packet: type 20
debug1: SSH2_MSG_KEXINIT sent
debug3: receive packet: type 20
debug1: SSH2_MSG_KEXINIT received
debug2: local client KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-n
istp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-
group-exchange-
sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1,ext-info-c
debug2: host key algorithms: ssh-rsa-cert-v01@openssh.com,rsa-sha2-512,rsa-sha2-256,ssh-rsa,ecdsa-sha2-nistp256-cert-v01
@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-ed25519-cert-v01@open
ssh.com,ecdsa-s
ha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-ed25519
debug2: ciphers ctos: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: ciphers stoc: aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@open
ssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@open
ssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug2: peer server KEXINIT proposal
debug2: KEX algorithms: curve25519-sha256,curve25519-sha256@libssh.org,ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-n
istp521,diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-
group-exchange-
sha1,diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
debug2: host key algorithms: ssh-rsa,rsa-sha2-512,rsa-sha2-256
debug2: ciphers ctos: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@o
penssh.com
debug2: ciphers stoc: chacha20-poly1305@openssh.com,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@o
penssh.com
debug2: MACs ctos: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@open
ssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: MACs stoc: umac-64-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512-etm@open
ssh.com,hmac-sha1-etm@openssh.com,umac-64@openssh.com,umac-128@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-sha1
debug2: compression ctos: none,zlib@openssh.com
debug2: compression stoc: none,zlib@openssh.com
debug2: languages ctos:
debug2: languages stoc:
debug2: first_kex_follows 0
debug2: reserved 0
debug1: kex: algorithm: curve25519-sha256
debug1: choose_kex: curve25519-sha256 from source OpenSSL, used in non-FIPS mode
debug1: kex: host key algorithm: rsa-sha2-512
debug1: mac_setup_by_alg: umac-64-etm@openssh.com from source OpenSSL, used in non-FIPS mode
debug1: kex: server->client cipher: aes128-ctr MAC: umac-64-etm@openssh.com compression: none
debug1: mac_setup_by_alg: umac-64-etm@openssh.com from source OpenSSL, used in non-FIPS mode
debug1: kex: client->server cipher: aes128-ctr MAC: umac-64-etm@openssh.com compression: none
debug3: send packet: type 30
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug3: receive packet: type 31
debug1: Server host key: ssh-rsa SHA256:KTYzPqgQjDlG+YbA5VF8432xZ/T0RUWLSq0Df+z1yUU
debug3: hostkeys_foreach: reading file "/u/xxxxxx/.ssh/known_hosts"
debug3: record_hostkey: found key type RSA in file /u/xxxxxx/.ssh/known_hosts:142
debug3: record_hostkey: found key type RSA in file /u/xxxxxx/.ssh/known_hosts:144
debug3: load_hostkeys: loaded 2 keys from xx.xxx.xxx.x
debug1: Host 'xx.xxx.xxx.x' is known and matches the RSA host key.
debug1: Found key in /u/xxxxxx/.ssh/known_hosts:142
debug3: send packet: type 21
debug2: set_newkeys: mode 1
debug1: cipher_init: aes128-ctr from source CPACF, used in non-FIPS mode
debug1: rekey after 4294967296 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug3: receive packet: type 21
debug1: SSH2_MSG_NEWKEYS received
debug2: set_newkeys: mode 0
debug1: cipher_init: aes128-ctr from source CPACF, used in non-FIPS mode
debug1: rekey after 4294967296 blocks
debug2: key: /u/xxxxxx/.ssh/id_rsa (0)
debug2: key: /u/xxxxxx/.ssh/id_dsa (0)
debug2: key: /u/xxxxxx/.ssh/id_ecdsa (0)
debug2: key: /u/xxxxxx/.ssh/id_ed25519 (0)
debug3: send packet: type 5
debug3: receive packet: type 7
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,e
cdsa-sha2-nistp384,ecdsa-sha2-nistp521>
debug3: receive packet: type 6
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug3: send packet: type 50
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred keyboard-interactive,password
debug3: authmethod_lookup password
debug3: remaining preferred: ,password
debug3: authmethod_is_enabled password
debug1: Next authentication method: password
debug1: read_passphrase: can't open /dev/tty: EDC5128I No such device. (errno2=0x056201A9)
debug1: permanently_drop_suid: 107079
/usr/lpp/coz/bin/read_passwd_dsn.sh prompt: "xxxxxx@xx.xxx.xxx.x's password: "
13.17.52 S0173097 JHN302I Performance Essential NonVSAM Component is Active
fromdsn(PxxxxxA.xxx(PWD))ÝN¨: 1 records/80 bytes read; 81 bytes written in 0 milliseconds.
debug3: send packet: type 50
debug2: we sent a password packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug3: __catgets: NLS setup complete (1), using message catalog openssh.cat
FOTS1346 Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: EDC5128I No such device. (errno2=0x056201A9)
debug1: permanently_drop_suid: 107079
/usr/lpp/coz/bin/read_passwd_dsn.sh prompt: "xxxxxx@xx.xxx.xxx.x2's password: "
13.17.52 S0164463 JHN302I Performance Essential NonVSAM Component is Active
fromdsn(Pxxxxxx.CNTL(PWD))ÝN¨: 1 records/80 bytes read; 81 bytes written in 0 milliseconds.
debug3: send packet: type 50
debug2: we sent a password packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug3: __catgets: NLS setup complete (1), using message catalog openssh.cat
FOTS1346 Permission denied, please try again.
debug1: read_passphrase: can't open /dev/tty: EDC5128I No such device. (errno2=0x056201A9)
debug1: permanently_drop_suid: 107079
/usr/lpp/coz/bin/read_passwd_dsn.sh prompt: "xxxxxx@xx.xxx.xxx.x's password: "
13.17.53 S0157311 JHN302I Performance Essential NonVSAM Component is Active
fromdsn(xxxxxx.x.xxxx(PWD))ÝN¨: 1 records/80 bytes read; 81 bytes written in 0 milliseconds.
debug3: send packet: type 50
debug2: we sent a password packet, wait for reply
debug3: receive packet: type 51
debug1: Authentications that can continue: publickey,password
debug2: we did not send a packet, disable method
debug1: No more authentication methods to try.
debug3: __catgets: NLS setup complete (1), using message catalog openssh.cat
FOTS1373 xxxxxx@xx.xxx.xxx.x: Permission denied (publickey,password).
debug3: zsshZertSetAttributes(5): SECATTR_IOCTL: 010205000000113c0000000038b7f5e0c9c2d440d6978595e2e2c840404040400000000
0000000000000000000000000
debug3: zsshZertSetAttributes(5): _SECATTR_SSH_SPEC: 0200c00000000000e2c6e3d7c340404000020000000f00110013000f00110013000
100000001000000000000
debug3: zERT SIOCSECATTR failed: EDC5247I Operation not supported. (errno2=0x76647365)
Ý13:17:53.157063¨ Connection closed
Ý13:17:53.157110¨ debug1: _zos_exit(255): SSH failed to start connection (12)
CoZBatchÝI¨: returning rc=exitcode=12
Re: Permission Denied
From the trace, the server is prompting for the password using: "xxxxxx@xx.xxx.xxx.x's password: "
The client is sending the password three times and all are being rejected by the server.
Note: There are 3 tries, since that's the default for z/OS OpenSSH.
This is not the problem, but you should probably just try once, by adding this to your SFTPIND (Installation defaults) member used by your proc.
sftp_opts="$sftp_opts -oNumberOfPasswordPrompts=1"
It's hard to say why the login is failing, but it could be either:
- the password is not valid
- the server has disabled the userid
- the server has blacklisted the client ip
- some other server issue
FIRST, verify that you can make an interactive sftp connection from the same z/OS LPAR to this user@server -
Login with an SSH terminal to z/OS Unix so that you can interactively enter a password.
Note: The z/OS OpenSSH client won't allow passwords with TSO OMVS. From Windows, you might use PuTTY to connect via ssh to z/OS Unix.
Then, try an interactive connection using the IBM sftp client:
zos> sftp -vvv xxxxxx@xx.xxx.xxx.xxx
When prompted enter your password.
The client is sending the password three times and all are being rejected by the server.
Note: There are 3 tries, since that's the default for z/OS OpenSSH.
This is not the problem, but you should probably just try once, by adding this to your SFTPIND (Installation defaults) member used by your proc.
sftp_opts="$sftp_opts -oNumberOfPasswordPrompts=1"
It's hard to say why the login is failing, but it could be either:
- the password is not valid
- the server has disabled the userid
- the server has blacklisted the client ip
- some other server issue
FIRST, verify that you can make an interactive sftp connection from the same z/OS LPAR to this user@server -
Login with an SSH terminal to z/OS Unix so that you can interactively enter a password.
Note: The z/OS OpenSSH client won't allow passwords with TSO OMVS. From Windows, you might use PuTTY to connect via ssh to z/OS Unix.
Then, try an interactive connection using the IBM sftp client:
zos> sftp -vvv xxxxxx@xx.xxx.xxx.xxx
When prompted enter your password.