CoZ SFTP Server on z/OS 2.4

Discussion of Co:Z sftp, a port of OpenSSH sftp for z/OS
Post Reply
rpinion
Posts: 6
Joined: Thu Jun 22, 2017 2:46 pm

CoZ SFTP Server on z/OS 2.4

Post by rpinion »

I have setup CoZ SFTP server on our z/OS 2.4 system. If I connect from a sftp client on a PC, Bitvise, using an ID that has a RACF/OMVS UID 0, it works. If I use a nonzero RACF/OMVS UID, it doesn't work. There are no RACF violations displayed.

Here is part of the SFTP server log for the UID 0 RACF user of BCI01, the one that works.

Oct 18 21:03:12 NODENAME sshd[83886267]: subsystem request for sftp by user BCI01
Oct 18 21:03:12 NODENAME sshd[83886267]: debug1: subsystem: exec() /usr/local/coz/bin/sftp-server.sh
Oct 18 21:03:12 NODENAME sshd[83886267]: debug3: do_exec: subsystem 1
Oct 18 21:03:12 NODENAME sshd[83886267]: debug3: do_exec: passwd name=BCI01, uid=0, gid=4, dir=/u/bci01, shell=/bin/sh
Oct 18 21:03:12 NODENAME sshd[83886267]: debug3: do_exec_no_pty: no JSCBAUTH propagation to child
Oct 18 21:03:12 NODENAME sshd[83886267]: debug2: fd 3 setting TCP_NODELAY
Oct 18 21:03:12 NODENAME sshd[83886267]: debug2: fd 9 setting O_NONBLOCK
Oct 18 21:03:12 NODENAME sshd[83886267]: debug2: fd 8 setting O_NONBLOCK
Oct 18 21:03:12 NODENAME sshd[83886267]: debug2: fd 12 setting O_NONBLOCK
Oct 18 21:03:12 NODENAME sshd[67109056]: debug3: zsshCloseOldDev: fd=-1
Oct 18 21:03:12 NODENAME sshd[67109056]: debug3: zsshCloseOldDev: fd=-1
Oct 18 21:03:12 NODENAME sshd[67109056]: debug1: permanently_set_uid: 0/4
Oct 18 21:03:33 NODENAME sshd[83886267]: debug1: server_input_global_request: rtype keep-alive@bitvise.com want_reply 1

Here is part of the SFTP server log for the non UID 0 RACF user of BCI03, the one that doesn't work.
As soon as the key exchange completes, and it is successful, I get disconnected.

Oct 18 20:58:41 NODENAME sshd[16777403]: subsystem request for sftp by user BCI03
Oct 18 20:58:41 NODENAME sshd[16777403]: debug1: subsystem: exec() /usr/local/coz/bin/sftp-server.sh
Oct 18 20:58:41 NODENAME sshd[16777403]: debug3: do_exec: subsystem 1
Oct 18 20:58:41 NODENAME sshd[16777403]: debug3: do_exec: passwd name=BCI03, uid=600, gid=4, dir=/u/bci03, shell=/bin/sh
Oct 18 20:58:41 NODENAME sshd[16777403]: debug3: do_exec_no_pty: no JSCBAUTH propagation to child
Oct 18 20:58:41 NODENAME sshd[16777403]: debug2: fd 3 setting TCP_NODELAY
Oct 18 20:58:41 NODENAME sshd[16777403]: debug2: fd 11 setting O_NONBLOCK
Oct 18 20:58:41 NODENAME sshd[16777403]: debug2: fd 9 setting O_NONBLOCK
Oct 18 20:58:41 NODENAME sshd[16777403]: debug2: fd 13 setting O_NONBLOCK
Oct 18 20:58:41 NODENAME sshd[16777404]: debug3: zsshCloseOldDev: fd=-1
Oct 18 20:58:41 NODENAME sshd[16777404]: debug3: zsshCloseOldDev: fd=-1
Oct 18 20:58:41 NODENAME sshd[16777403]: debug2: channel 0: read 124 from efd 13
Oct 18 20:58:41 NODENAME sshd[16777403]: debug3: channel 0: discard efd
Oct 18 20:58:41 NODENAME sshd[16777403]: debug2: channel 0: read<=0 rfd 11 len 0
Oct 18 20:58:41 NODENAME sshd[16777403]: debug2: channel 0: read failed
Oct 18 20:58:41 NODENAME sshd[16777403]: debug2: channel 0: close_read
Oct 18 20:58:41 NODENAME sshd[16777403]: debug2: channel 0: input open -> drain
Oct 18 20:58:41 NODENAME sshd[16777403]: debug2: channel 0: ibuf empty
Oct 18 20:58:41 NODENAME sshd[16777403]: debug2: channel 0: send eof
Oct 18 20:58:41 NODENAME sshd[16777403]: debug2: channel 0: input drain -> closed
Oct 18 20:58:41 NODENAME sshd[16777403]: debug2: notify_done: reading

It appears to me the CoZ SFTP server is not being launched. But again, there are no error messages in SYSLOGD or on the
console that tell me anything about the CoZ SFTP server failing to launch.

I read through the CoZ documentation several times to see If I've missed something. But, I can't
find anything.

The mainframe SSH Daemon is running with a userid that has UID 0, and has SSHD as the non 0 UID alternate id. BCI03 is defined with a UID of 600.
As a side note, if I use IBM's SFTP server, I get the same results. I get connect successfully, but the connection is terminated immediately. If do just an SSH using BCI03, I get a successful SSH terminal connection.
rpinion
Posts: 6
Joined: Thu Jun 22, 2017 2:46 pm

Re: CoZ SFTP Server on z/OS 2.4

Post by rpinion »

Never mind, I found my problem. I had permission bits on /etc/ssh/sftp-server.rc set to 751 instead of 755. It works now for a non uid 0 user.
Post Reply