FOTS1842 problem renaming PRNG seedfile

Discussion of the COZBATCH utility for z/OS
Post Reply
senthil
Posts: 4
Joined: Thu Jul 31, 2014 12:42 am

FOTS1842 problem renaming PRNG seedfile

Post by senthil »

Hi,
We are getting two different error messages for two jobs that are trying to do SFTP.

Job 1:
debug1: Reading configuration data /export/home/HEATFTP/.ssh/ssh_config
FOTS1842 problem renaming PRNG seedfile from /export/home/CA7/.ssh/prng_seed.BsHjiVp499 to /export/home/CA7/.ssh/prng_seed (EDC5129I
No such file or directory. (errno2=0xEF07602A))
FOTS1945 ssh-rand-helper child produced insufficient data
[89.567] Connection closed

Job 2:
debug1: Reading configuration data /export/home/HEATFTP/.ssh/ssh_config
FOTS1842 problem renaming PRNG seedfile from /export/home/CA7/.ssh/prng_seed.xf33555008 to /export/home/CA7/.ssh/prng_seed (EDC5129I
No such file or directory. (errno2=0xEF07602A))
FOTS1945 ssh-rand-helper child produced insufficient data
[86.725] Connection closed

We need to fix this issue as soon as possible. Please provide the solution to fix this issue permanently.
Please let me know if you need more information.
dovetail
Site Admin
Posts: 2022
Joined: Thu Jul 29, 2004 12:12 pm

Re: FOTS1842 problem renaming PRNG seedfile

Post by dovetail »

This is an error in IBM Ported Tools OpenSSH.
See the IBM Ported Tools OpenSSH User's Guide (search for ssh-rand-helper) for suggested setup actions to eliminate this problem.

However, the best thing to do is to install ICSF HCF77A0 (if you don't already have it) and to enable /dev/random support in IBM Ported Tools (see the IBM Ported Tools OpenSSH Users' Guide) or this guide that we have created:
http://dovetail.com/docs/pt-quick-inst/ ... nst-random

Using ICSF will be MUCH better than ssh-rand-helper and you will eliminate these kinds of problems
mwdazzo
Posts: 55
Joined: Fri Jan 07, 2011 10:02 am

Re: FOTS1842 problem renaming PRNG seedfile

Post by mwdazzo »

I have come across this problem recently. My additional question is why did our cozbatch job get a return code=0 when getting this error? Is there a way to have cozbatch return an error code when encountering this problem.

I have read the existing response and the IBM doc to add the ZOS_SSH_PRNG_CMDS_TIMEOUT environment variable. Is there an example of adding this environment variable in unix services?

Thanks Matt
dovetail
Site Admin
Posts: 2022
Joined: Thu Jul 29, 2004 12:12 pm

Re: FOTS1842 problem renaming PRNG seedfile

Post by dovetail »

COZBATCH exits with a return code based on the exit code from the z/OS Unix shell script that you are running.

I would have to see your shell script to determine why, but you can debug it yourself by adding:

set -x

to the beginning of the shell script and reproduce the problem.

Some notes:

- IBM sftp or CO:Z cozsftp commands will exit with a non-zero exit code if the underlying ssh command fails.
mwdazzo
Posts: 55
Joined: Fri Jan 07, 2011 10:02 am

Re: FOTS1842 problem renaming PRNG seedfile

Post by mwdazzo »

I ran a test with set -x in the script but the error did not occur as this is an intermittent issue. Not sure if this would indicate anything to you, but what might I look for if the problem happened? tks

CoZBatch N : Copyright (C) 2005-2013 Dovetailed Technologies LLC. All rights res
CoZBatch N : version 2.4.4 2014-03-18
CoZBatch I : executing progname=login-shell="-/bin/sh"
+ remoteuser=xxxxx
+ server=xxx.xxx.xxxx.x
+ servercp=ISO8859-1
+ remotefile=
+ export PASSWD_DSN=//SYS4.TECH.CNTLCARD(PCHSFTPW)
+ export SSH_ASKPASS=/usr/lpp/coz/bin/read_passwd_dsn.sh
+ export DISPLAY=none
+ ssh_opts=-oBatchMode=no
+ ssh_opts=-oBatchMode=no -oConnectTimeout=60
+ ssh_opts=-oBatchMode=no -oConnectTimeout=60 -oServerAliveInterval=60
+ ssh_opts=-oBatchMode=no -oConnectTimeout=60 -oServerAliveInterval=60 -oStrictH
+ /usr/lpp/coz/bin/cozsftp -oBatchMode=no -oConnectTimeout=60 -oServerAliveInter
mvsftp@pwsftp01.classic.pchad.com
+ 0<< EOB
lzopts mode=text,servercp=ISO8859-1
cd /AppFTP/Itemization_Letter_Report
ls -l
Co:Z SFTP version: 2.4.4 (5.0p1) 2014-03-18
Copyright (C) Dovetailed Technologies, LLC. 2008-2013. All rights reserved.
/usr/lpp/coz/bin/read_passwd_dsn.sh prompt: "mvsftp@pwsftp01.classic.pchad.com's
fromdsn(SYS4.TECH.CNTLCARD(PCHSFTPW)) N : 1 records/80 bytes read; 9 bytes writt
Connection established, local_addr=xx.x.xx.xx local_port=23467 remote_addr=xxxx
cozsftp> lzopts mode=text,servercp=ISO8859-1
mode=text servercp=ISO8859-1
cozsftp> cd /AppFTP/Itemization_Letter_Report
cozsftp> ls -l
-rw-rw-rw- 1 0 0 71145 Apr 03 23:52 ITEM0403N.txtDONE
CoZBatch I : returning rc=exitcode=0
dovetail
Site Admin
Posts: 2022
Joined: Thu Jul 29, 2004 12:12 pm

Re: FOTS1842 problem renaming PRNG seedfile

Post by dovetail »

Nothing to see here, since you didn't get an ssh command failure, and cozsftp command exited with 0.

If the ssh command fails to start a connection, you should not get a exitcode 0. If the cozsftp command is the last command in your shell script, then its exit code with become the job step CC.
mwdazzo
Posts: 55
Joined: Fri Jan 07, 2011 10:02 am

Re: FOTS1842 problem renaming PRNG seedfile

Post by mwdazzo »

Thanks, in our case the connection was made successfully, the CD command worked, the last successful command was ls -l, the next command was a get command. I am guessing that the get command was never issued or executed do to the FOTS1842 error so that's why we got the cc=0. That would seem to align with your statement 'If the cozsftp command is the last command in your shell script, then its exit code with become the job step' Does that make sense? I really need to understand the best I can as to what happened here because this problem has to be explained to the powers that be. tks
dovetail
Site Admin
Posts: 2022
Joined: Thu Jul 29, 2004 12:12 pm

Re: FOTS1842 problem renaming PRNG seedfile

Post by dovetail »

If the cozsftp command is the last command in the shell script, then its exit code will be used as the job step condition code.

The cozsftp command will issue, under the covers, a IBM Ported Tools "ssh" command. If this fails to connect, say with a FOTS1842, then cozsftp will exit with a non-zero exit code from the cozsftp command.

The *subcommands* of cozsftp (ls, get, put, etc) will affect the cozsftp command exit code. These are not themselves shell commands.

The rules for this differ based on the switches that you are using on the cozsftp command, which seem to have been truncated in your post.

Are you using "-b-" ? The -b switch indicates that the input is a batch of commands, and this affects the cozsftp exit code:
-b batchfile
Batch mode reads a series of commands from an input batchfile instead of stdin. Since it lacks user interaction it should be used in conjunction with non-interactive authentication. A batchfile of ‘-’ may be used to indicate standard input. sftp will abort if any of the following commands fail: get, put, reget, reput, rename, ln, rm, mkdir, chdir, ls, lchdir, chmod, chown, chgrp, lpwd, df, symlink, and lmkdir. Termination on error can be suppressed on a command by command basis by prefixing the command with a ‘-’ character (for example, -rm /tmp/blah*).
If one of the "termination on error" conditions described above occurs, then cozsftp will exit with a non-zero exit code.
mwdazzo
Posts: 55
Joined: Fri Jan 07, 2011 10:02 am

Re: FOTS1842 problem renaming PRNG seedfile

Post by mwdazzo »

Yes, in this script we are using -b- switch
Post Reply