Hello,
I've got this odd FOTS2916 error when I try to run the RUNSFTPK job, any idea what might be the reason for it? COZ finds the key and the transfer succeeds nevertheless:
...snip...
SafSshAgentÝT¨: <- GskCertificate()
SafSshAgentÝI¨: Opened label 'USERNAM-HOST-DATE-ssh-rsa' in keyring 'SSHring'
SafSshAgentÝF¨: <- SafSshAgent()
SafSshAgentÝT¨: -> run()
SafSshAgentÝD¨: Bound to socket /tmp/sshauth.USERNAM.50333916.BhGAxQ
...snip...
ZosSettingsÝF¨: -> ZosSettings()
Co:Z SFTP version: 2.0.1 (5.0p1) 2012-01-14
...snip...
ZosUtilÝF¨: <- zos_get_option()
FOTS2916 zsshGetKeyFromKeyRing: gsk_get_record_by_label from key ring 'USERNAM/SSHring' for label 'USERNAM-HOST-DATE-ssh-rsa' failed (53817358). Record not found.
SafSshAgentÝD¨: Got client socket client connection, peer check OK.
SafSshAgentÝF¨: hexdump of saf-ssh-agent received packet (1 bytes):
...snip...
FOTS2916 error but transfer succeeds
Re: FOTS2916 error but transfer succeeds
It looks like you are using both IBM's identity key ring authentication and our saf-ssh-agent. You need only one of these.
Could you send your JCL (or at least STDIN script) to info@dovetail.com? We can take a look and give you a suggested approach.
Could you send your JCL (or at least STDIN script) to info@dovetail.com? We can take a look and give you a suggested approach.
Re: FOTS2916 error but transfer succeeds
Hi Steve,
apologies for not getting right back to you all on this. I just managed to solve it today, and the reason for this was that I was pointing to a non-existant key in my /u/USER/.ssh/zos_user_ssh_config, and of course that file is also read by the cozbatch proc. My current key was defined in RACF as "USER/SSHring USER-HOST-20120217-ssh-rsa", but the file /u/USER/.ssh/zos_user_ssh_config pointed to a older key with the string:
IdentityKeyRingLabel "USER/SSHring USER-HOST-20120119-ssh-rsa". Silly me.
Thanks anyway for your help
apologies for not getting right back to you all on this. I just managed to solve it today, and the reason for this was that I was pointing to a non-existant key in my /u/USER/.ssh/zos_user_ssh_config, and of course that file is also read by the cozbatch proc. My current key was defined in RACF as "USER/SSHring USER-HOST-20120217-ssh-rsa", but the file /u/USER/.ssh/zos_user_ssh_config pointed to a older key with the string:
IdentityKeyRingLabel "USER/SSHring USER-HOST-20120119-ssh-rsa". Silly me.
Thanks anyway for your help
Re: FOTS2916 error but transfer succeeds
Glad you have everything working...
I should point out that we are recommending that Co:Z users choose saf-ssh-agent over identityKeyRingLabel due to the fact that with saf-ssh-agent, the private key can be held in the hardware crypto device, and never needs to be read by the user for signing.
I should point out that we are recommending that Co:Z users choose saf-ssh-agent over identityKeyRingLabel due to the fact that with saf-ssh-agent, the private key can be held in the hardware crypto device, and never needs to be read by the user for signing.