zOS to zOS Permission denied (publickey,password)

Discussion of Co:Z sftp, a port of OpenSSH sftp for z/OS
Post Reply
rhutson
Posts: 5
Joined: Wed May 12, 2021 3:43 pm

zOS to zOS Permission denied (publickey,password)

Post by rhutson »

I have a puzzle I cannot figure out. Trying to sftp from one z/OS system to another. Job is run under userid, say userid1, which has a certificate in ACF2. Its public key is stored on the remote system in userid2's home directory .ssh/authorized_keys. Job gets:

Connecting to <zOS2>...
FOTS1373 userid2@<zOS2>: Permission denied (publickey,password).

Ý13:42:01.284930¨ Connection closed

If I copy the authorized_key file to another user's home directory, say userid3, it works. I cannot find any difference in the definitions of userid2 and userid3.
rhutson
Posts: 5
Joined: Wed May 12, 2021 3:43 pm

Re: zOS to zOS Permission denied (publickey,password)

Post by rhutson »

Here are the control statements I am using:

coz_bin="/usr/local/coz/bin"
ruser="userid1"
server="<zOS2>"
servercp="ISO8859-1"

ssh_opts="-oConnectTimeout=60"
ssh_opts="$ssh_opts -oServerAliveInterval=60"
ssh_opts="$ssh_opts -oStrictHostKeyChecking=no" # accept initial host keys

$coz_bin/cozsftp $ssh_opts -k coz-ring -b- $ruser@$server <<EOB
lzopts mode=text,servercp=$servercp
dsput -d //TEST.FILE //TEST.FILE
EOB
SteveGoetze
Posts: 390
Joined: Fri Jul 30, 2004 5:29 pm

Re: zOS to zOS Permission denied (publickey,password)

Post by SteveGoetze »

If the key works from a different user's home directory, you may want to verify that userid1's directory tree has the proper permissions. You should ensure that: the authorized_keys file, the .ssh directory, and the home directory are not writable by any user other than the owning userid.
rhutson
Posts: 5
Joined: Wed May 12, 2021 3:43 pm

Re: zOS to zOS Permission denied (publickey,password)

Post by rhutson »

Found the problem! The .ssh directory needed the owner/execution bit on (744). Now it is working.
Post Reply