IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

IWETHEY Home / IWETHEY Board / iSeries and AS/400 Forum / Re: OpenSSH on the iSeries
Post #191,804
by dk91056
1/26/05 7:29:43 PM
1/26/05 8:25:06 PM
Reply
New Re: OpenSSH on the iSeries
You need option 33 for SS1 wich is on the OS/400 cd's.

You then download openssl-3.7.1.0.exe and zlib-1.1.4.0.exe from www.bullfreeware.com. ftp them binary to /QOpenSys/..., expand them running the .exe and restore them using /usr/sbin/restore under PASE using QP2TERM.

Generate host and client keys as normally using /usr/local/bin/ssh-keygen, and move the content of the generated id_rsa.pub, id_dsa.pub and identity.pub to a file called authorized_keys and move it to the dest host in users homedir in .ssh directory. See to that that same username is used on dest host as on iseries logon, or use the ssh -l when running ssh in general.

Interactive logon/tty is not supported - in other words make the whole config as 'dont promt for passwords' config.

You also need to adjust client ssh_config with dsa or identity and PasswordAuthentication no.

My /QOpenSys/usr/local/etc/ssh_config:

ForwardX11 no
RhostsRSAAuthentication no
RSAAuthentication yes
PasswordAuthentication no
HostbasedAuthentication no
BatchMode no
CheckHostIP no
AddressFamily any
ConnectTimeout 0
StrictHostKeyChecking no
#IdentityFile /.ssh/identity
IdentityFile /.ssh/id_dsa

If ssh-rand-helper fails then edit ssh_prng_cmds and replace cmds in script with 50-100 lines of > "/QOpenSys/usr/bin/ls" /QOpenSys/usr/bin 0.02 < (no<>) - Can also be done nicer thru API or PGM wich decreases connection time.

Editing files is most easy done using OS/400 cmdline EDTF '/QOpenSys/../filename' or thru a mapped NetServer SMB drive using a pceditor. Use OPSNAV to setup that env.

Use /QOpenSys/usr/local/bin/ssh -vvv x.x.x.x to debug.

FYI scp and sftp also works.

iSeries is just black magic !
Regards
michel@dk.ibm.com
Expand Edited by dk91056 Jan. 26, 2005, 08:23:00 PM EST
Expand Edited by dk91056 Jan. 26, 2005, 08:25:06 PM EST
Expand All History
Post #191,805
by Another Scott
1/26/05 7:36:00 PM
Reply
New Thanks for the post.
As you can see, the topic has generated quite a bit of interest.

Cheers,
Scott.
Post #191,808
by daemon
1/26/05 8:16:33 PM
Reply
New thanks for joining in, a lot of peple were just helped
Anyone who has passed through the regular gradations of a classical education, and is not made a fool by it, may consider himself as having had a very narrow escape: Samuel Butler
clearwater highschool marching band [link|http://www.chstornadoband.org/|http://www.chstornadoband.org/]
Post #191,824
by imric
1/26/05 9:31:11 PM
Reply
New Awesome.
Of course, now I'll have to make time to actually try it!

Thanks!
[link|http://forfree.sytes.net|
]
Imric's Tips for Living
  • Paranoia Is a Survival Trait
  • Pessimists are never disappointed - but sometimes, if they are very lucky, they can be pleasantly surprised...
  • Even though everyone is out to get you, it doesn't matter unless you let them win.


Nothing is as simple as it seems in the beginning,
As hopeless as it seems in the middle,
Or as finished as it seems in the end.
 
 
Post #191,855
by slugbug
1/26/05 11:17:57 PM
Reply
New thanks!
....that was way easier than the route I took to get it going.

As others here have said....thanks for the info!
Post #195,408
by djelimon
2/18/05 2:14:34 PM
Reply
New Re: thanks!
Uh oh...

"In any event, IBM will remove the initial 9406 versions of the 520 Express machines from marketing on April 1 (no joke).

On that same day, IBM also plans to withdraw the OS/400 PASE AIX runtime environment (feature 5732 of OS/400) from marketing, as well as its feature 1893 36.4 GB, 10K RPM disk drives. Now that the i5 supports the real AIX, IBM doesn't want to sell customers an AIX runtime environment or pay to support it on older machines. Customers who want to run Unix applications on their OS/400 platforms will just have to upgrade to i5s and run the real AIX. "

[link|http://www.itjungle.com/tfh/tfh021405-story04.html|http://www.itjungle....1405-story04.html]

I think that says it all...
Post #196,179
by djelimon
2/24/05 6:43:25 AM
Reply
New Re: thanks!
false alarm

[link|http://www.itjungle.com/tfh/tfh022105-story02.html|http://www.itjungle....2105-story02.html]
     Re: OpenSSH on the iSeries - (Jessica) - (29) - Dec. 14, 2004, 06:37:35 PM EST
         Sorry, no one figured it out - (broomberg) - (6) - Dec. 14, 2004, 07:17:27 PM EST
             Sorta says something about the platform, don't it? -NT - (mmoffitt) - Dec. 14, 2004, 07:42:57 PM EST
             all things shall pass in time... - (slugbug) - Dec. 14, 2004, 08:20:59 PM EST
             Re: Sorry, no one figured it out - (Jessica) - (3) - Dec. 15, 2004, 02:24:25 PM EST
                 I dunno, is it angsty in here? - (jake123) - (1) - Dec. 15, 2004, 02:41:36 PM EST
                     Re: I dunno, is it angsty in here? - (Jessica) - Dec. 15, 2004, 03:13:01 PM EST
                 Not that... - (bepatient) - Dec. 15, 2004, 03:54:51 PM EST
         not knowing you box but from a generic nix point of view - (daemon) - (1) - Dec. 14, 2004, 07:28:20 PM EST
             Re: not knowing you box but from a generic nix point of view - (Jessica) - Dec. 15, 2004, 03:13:52 PM EST
         hold the phone... - (slugbug) - (12) - Dec. 14, 2004, 08:16:48 PM EST
             Re: hold the phone... - (Jessica) - (10) - Dec. 15, 2004, 03:16:42 PM EST
                 out of curiosity - (daemon) - Dec. 15, 2004, 05:51:44 PM EST
                 Re: hold the phone... - (djelimon) - (8) - Jan. 7, 2005, 02:21:30 PM EST
                     Re: hold the phone... - (slugbug) - (7) - Jan. 7, 2005, 08:46:07 PM EST
                         Re: hold the phone... - (djelimon) - (6) - Jan. 8, 2005, 01:27:10 AM EST
                             Re: hold the phone... - (djelimon) - (5) - Jan. 9, 2005, 09:15:40 PM EST
                                 OT: I like your .sig! -NT - (imric) - Jan. 9, 2005, 09:50:22 PM EST
                                 OT: Yes, I too like your .sig -NT - (slugbug) - Jan. 10, 2005, 08:39:15 PM EST
                                 it's been said before - (cforde) - (2) - Jan. 10, 2005, 10:34:32 PM EST
                                     problem was sales - (daemon) - Jan. 10, 2005, 10:42:50 PM EST
                                     I had to make a choice about a year ago - (broomberg) - Jan. 10, 2005, 11:08:37 PM EST
             Re: hold the phone... - (dk91056) - Jan. 27, 2005, 02:40:23 PM EST
         Re: OpenSSH on the iSeries - (dk91056) - (6) - Jan. 26, 2005, 08:25:06 PM EST
             Thanks for the post. - (Another Scott) - Jan. 26, 2005, 07:36:00 PM EST
             thanks for joining in, a lot of peple were just helped -NT - (daemon) - Jan. 26, 2005, 08:16:33 PM EST
             Awesome. - (imric) - Jan. 26, 2005, 09:31:11 PM EST
             thanks! - (slugbug) - (2) - Jan. 26, 2005, 11:17:57 PM EST
                 Re: thanks! - (djelimon) - (1) - Feb. 18, 2005, 02:14:34 PM EST
                     Re: thanks! - (djelimon) - Feb. 24, 2005, 06:43:25 AM EST

A few lettuce pieces short of a salad.
101 ms