The userid tag at the end of the key is really irrelevant. I think it's more for a memory aid to the humans as to what key it represents than anything else. The fact that I can copy keys around to all my systems without changing that piece gives me the confidence to say don't worry about that.
I noticed that I gave one bad piece of information, previously. The public key of the target system needs to go into ~/.ssh/known_hosts. The authorized_keys file is for incoming sessions, not outgoing. Sigh. Sorry about that. I guess I would recommend trying to do this interactively first, rather than via a batch job. Once you have that working, it should be trivial to get it to work in batch. It could be that the system you're trying to SSH to only accepts SSH version 2 keys. So, lets try to do that. The steps that I would follow, if starting from scratch are: 1. On the source z/OS USS system, do the ssh-keygen, and let it put the keys into the default ~/.ssh/ directory. 2. Copy the public key of the target system to ~/.ssh/known_hosts. 3. Copy the contents of id_rsa.pub to the target system ~/.ssh/authorized keys. 4. Interactively try to SSH to the target system: ssh -v -l userid host.name.or.ip The -v part may be of help, since it tells SSH to be verbose about what it's trying to do to connect to the system. If needed, additional -v switches can be specified: -vv, -vvv Don't go too crazy on that, it can get really, really, really verbose. Mark Post -----Original Message----- From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf Of James Melin Sent: Monday, February 13, 2006 11:33 AM To: LINUX-390@VM.MARIST.EDU Subject: Re: Attempting to get ported tools SSH to talk to a SLES 9 image on z. On the whole of it, I would tend to agree, Mark. So I double checked things and they looked OK. Just to be clear on where I stood I started over on the z/OS side with the key stuff. I cleaned up /u/{userid}/.ssh - empty. I cleaned up /etc/ssh except for the config files. I cleaned up and deleted /.ssh (more on that momentarily) I created a new rsa1 key for my user ID, put the public key into the authorized key file for the same user ID on the target Linux. The odd thing is that the creation process shows this fingerprint: 1024 a7:f2:20:71:9a:a9:75:bc:b2:c0:77:56:c4:ea:44:4c [EMAIL PROTECTED] - showing not my ID, but the RACFID associated with the first instance of UID 0. For whatever reason, my ID in USS has UID 0 set for it. I disagree with this, but that's the way it is. I am in the process of requesting another ID as I think this has direct bearing on the issue. I also created /.ssh and copied the /home/{userid}/.ssh/authorized_keys file to /.ssh on the target Linux. When I ran the batch job, after deleting everything in the /.ssh directory on z/OS, and scratching the .ssh dir completely, the batch job re-created the .ssh directory, and created a known_hosts file and a prng_seed file, generating this slightly different message: FSUM1006 A shell was not specified. Processing continues using the default shell name. Warning: Permanently added the RSA host key for IP address '137.70.100.32' to the list of known hosts. FOTS1373 Permission denied (publickey,keyboard-interactive). The target Linux machine is already set up to do a password check for SSH logon against RACF LDAP. When I changed the batch job to use IBMUSER as the ID instead of my ID I did get a confirmed call to RACF LDAP in the log. That is the first thing the PAM module is configured to do - make the RACF LDAP call. I don't know if this is interfering or contributing to the murkiness of this issue. I can get this to work Linux to Linux just fine, and I am clearly communicating to the Linux from z/OS because I see the attempts. It's figuring out what conversation is/needs to take place where I am stuck. IF anyone has further insight into this, I am absolutely receptive. -J ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
