I have a puzzle I cannot figure out. Trying to sftp from one z/OS system to another. Job is run under userid, say userid1, which has a certificate in ACF2. Its public key is stored on the remote system in userid2's home directory .ssh/authorized_keys. Job gets:
Connecting to <zOS2>...
FOTS1373 userid2@<zOS2>: Permission denied (publickey,password).
Ý13:42:01.284930¨ Connection closed
If I copy the authorized_key file to another user's home directory, say userid3, it works. I cannot find any difference in the definitions of userid2 and userid3.
zOS to zOS Permission denied (publickey,password)
Re: zOS to zOS Permission denied (publickey,password)
Here are the control statements I am using:
coz_bin="/usr/local/coz/bin"
ruser="userid1"
server="<zOS2>"
servercp="ISO8859-1"
ssh_opts="-oConnectTimeout=60"
ssh_opts="$ssh_opts -oServerAliveInterval=60"
ssh_opts="$ssh_opts -oStrictHostKeyChecking=no" # accept initial host keys
$coz_bin/cozsftp $ssh_opts -k coz-ring -b- $ruser@$server <<EOB
lzopts mode=text,servercp=$servercp
dsput -d //TEST.FILE //TEST.FILE
EOB
coz_bin="/usr/local/coz/bin"
ruser="userid1"
server="<zOS2>"
servercp="ISO8859-1"
ssh_opts="-oConnectTimeout=60"
ssh_opts="$ssh_opts -oServerAliveInterval=60"
ssh_opts="$ssh_opts -oStrictHostKeyChecking=no" # accept initial host keys
$coz_bin/cozsftp $ssh_opts -k coz-ring -b- $ruser@$server <<EOB
lzopts mode=text,servercp=$servercp
dsput -d //TEST.FILE //TEST.FILE
EOB
Re: zOS to zOS Permission denied (publickey,password)
If the key works from a different user's home directory, you may want to verify that userid1's directory tree has the proper permissions. You should ensure that: the authorized_keys file, the .ssh directory, and the home directory are not writable by any user other than the owning userid.
Re: zOS to zOS Permission denied (publickey,password)
Found the problem! The .ssh directory needed the owner/execution bit on (744). Now it is working.