A few points here...
The ICSF STC is not the API itself. It is the I/O server that reads and
writes to the PKDS and CKDS.
Use of the ICSF APIs can be allowed or disallowed by RACF (and Top Secret
and ACF/2).
- You didn't say if the CSFSERV class was active or inactive in your
security product.
- You didn't say if the CSFSERV CSFRNG (Random number generate) was
permitted.
But in any case, the Open_SSH ported tool - was not coded to interface
with ICSF, as far as I know.
Hayim
_____________________________________
Hayim Sokolsky, CISSP
Mainframe Security Architect
DTCC Corporate Information Security
18301 Bermuda Green Dr, MS 1-CIS
Tampa FL 33647-1760
Tel. (813) 470-2177
"MONTERO ROMERO, ENRIQUE ELOI" <[email protected]>
Sent by: IBM Mainframe Discussion List <[email protected]>
2010.03.12 09:04
Please respond to
IBM Mainframe Discussion List <[email protected]>
To
[email protected]
cc
Subject
SSH & ICSF is not working
Hi to all,
We have the ICSF running as an STC in our environment.
===> CSFM400I CRYPTOGRAPHY - SERVICES ARE NOW AVAILABLE.
I am trying to SHH against a linux server in BATCH.
//SSHCOMM EXEC PGM=BPXBATCH,
// PARM=('SH /ZOSAA/bin/ssh -vvv [email protected] ls')
But I am getting this message:
OpenSSH_3.8.1p1, OpenSSL 0.9.7d 17 Mar 2004
debug1: Reading configuration data /u/myuserid/.ssh/config
debug1: Applying options for *
debug3: Seeding PRNG from /usr/lib/ssh/ssh-rand-helper
(rand child) Couldn't exec '/usr/lib/ssh/ssh-rand-helper': EDC5129I No
such file
ssh-rand-helper child produced insufficient data
On the other side,
/ZOSAA/usr/lib/ssh/ is a link to /usr/lib/ssh/
lrwxrwxrwx 1 xxxxxxx yyyy 12 May 30 2008 usr -> $VERSION/usr
MYUSRXX:/: >cd /usr/lib/ssh
MYUSRXX:/ZOSAA/usr/lib/ssh: >ls -l
total 12992
drwxr-xr-x 2 XXXXXXX XXXXXXX 8192 Oct 30 11:41 IBM
-rwxr-xr-x 2 XXXXXXX XXXXXXX 372736 Oct 30 11:41 sftp-server
-rwxr-xr-x 2 XXXXXXX XXXXXXX 2748416 Oct 30 11:40 ssh-askpass
-rwsr-xr-x 2 XXXXXXX XXXXXXX 2658304 Oct 30 11:41 ssh-keysign
-rwxr-xr-x 2 XXXXXXX XXXXXXX 864256 Oct 30 11:41 ssh-rand-helper
MYUSRXX:/ZOSAA/usr/lib/ssh: >
Why if the ICSF is running, I am still getting the ssh-rand-helper instead
of the ICSF ?
Best regards, and happy weekend.
Enrique MOntero
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
<BR>_____________________________________________________________
<FONT size=2><BR>
DTCC DISCLAIMER: This email and any files transmitted with it are
confidential and intended solely for the use of the individual or
entity to whom they are addressed. If you have received this email
in error, please notify us immediately and delete the email and any
attachments from your system. The recipient should check this email
and any attachments for the presence of viruses. The company
accepts no liability for any damage caused by any virus transmitted
by this email.</FONT>
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to [email protected] with the message: GET IBM-MAIN INFO
Search the archives at http://bama.ua.edu/archives/ibm-main.html
