Post #191,804
1/26/05 7:29:43 PM
1/26/05 8:25:06 PM
|
Re: OpenSSH on the iSeries
You need option 33 for SS1 wich is on the OS/400 cd's.
You then download openssl-3.7.1.0.exe and zlib-1.1.4.0.exe from www.bullfreeware.com. ftp them binary to /QOpenSys/..., expand them running the .exe and restore them using /usr/sbin/restore under PASE using QP2TERM.
Generate host and client keys as normally using /usr/local/bin/ssh-keygen, and move the content of the generated id_rsa.pub, id_dsa.pub and identity.pub to a file called authorized_keys and move it to the dest host in users homedir in .ssh directory. See to that that same username is used on dest host as on iseries logon, or use the ssh -l when running ssh in general.
Interactive logon/tty is not supported - in other words make the whole config as 'dont promt for passwords' config.
You also need to adjust client ssh_config with dsa or identity and PasswordAuthentication no.
My /QOpenSys/usr/local/etc/ssh_config:
ForwardX11 no
RhostsRSAAuthentication no
RSAAuthentication yes
PasswordAuthentication no
HostbasedAuthentication no
BatchMode no
CheckHostIP no
AddressFamily any
ConnectTimeout 0
StrictHostKeyChecking no
#IdentityFile /.ssh/identity
IdentityFile /.ssh/id_dsa
If ssh-rand-helper fails then edit ssh_prng_cmds and replace cmds in script with 50-100 lines of > "/QOpenSys/usr/bin/ls" /QOpenSys/usr/bin 0.02 < (no<>) - Can also be done nicer thru API or PGM wich decreases connection time.
Editing files is most easy done using OS/400 cmdline EDTF '/QOpenSys/../filename' or thru a mapped NetServer SMB drive using a pceditor. Use OPSNAV to setup that env.
Use /QOpenSys/usr/local/bin/ssh -vvv x.x.x.x to debug.
FYI scp and sftp also works.
iSeries is just black magic !
Regards
michel@dk.ibm.com
Edited by dk91056
Jan. 26, 2005, 08:23:00 PM EST
Edited by dk91056
Jan. 26, 2005, 08:25:06 PM EST
Re: OpenSSH on the iSeries
You need option 33 for SS1 wich is on the OS/400 cd's.
You then download openssl-3.7.1.0.exe and zlib-1.1.4.0.exe from www.bullfreeware.com. ftp them binary to /QOpenSys/..., expand them running the .exe and restore them using /usr/sbin/restore under PASE using QP2TERM.
Generate host and client keys as normally using /usr/local/bin/ssh-keygen, and move the content of the generated id_rsa.pub, id_dsa.pub and identity.pub to a file called authorized_keys and move it to the dest host in users homedir in .ssh directory. See to that that same username is used on dest host as on iseries logon, or use the ssh -l when running ssh in general.
Interactive logon/tty is not supported - in other words make the whole config as 'dont promt for passwords' config.
You also need to adjust client ssh_config with dsa or identity and PasswordAuthentication no.
My /QOpenSys/usr/local/etc/ssh_config:
ForwardX11 no
RhostsRSAAuthentication no
RSAAuthentication yes
PasswordAuthentication no
HostbasedAuthentication no
BatchMode no
CheckHostIP no
AddressFamily any
ConnectTimeout 0
StrictHostKeyChecking no
#IdentityFile /.ssh/identity
IdentityFile /.ssh/id_dsa
If ssh-rand-helper fails then edit ssh_prng_cmds and replace cmds in script with 50-100 lines of > "/QOpenSys/usr/bin/ls" /QOpenSys/usr/bin 0.02 < (no<>) - Can also be done nicer thru API or PGM wich increases connection time.
Editing files is most easy done using OS/400 cmdline EDTF '/QOpenSys/../filename' or thru a mapped NetServer SMB drive using a pceditor. Use OPSNAV to setup that env.
Use /QOpenSys/usr/local/bin/ssh -vvv x.x.x.x to debug.
FYI scp and sftp also works.
iSeries is just black magic !
Regards
michel@dk.ibm.com
|
Post #191,805
1/26/05 7:36:00 PM
|
Thanks for the post.
As you can see, the topic has generated quite a bit of interest.
Cheers,
Scott.
|
Post #191,808
1/26/05 8:16:33 PM
|
thanks for joining in, a lot of peple were just helped
Anyone who has passed through the regular gradations of a classical education, and is not made a fool by it, may consider himself as having had a very narrow escape: Samuel Butler
clearwater highschool marching band [link|http://www.chstornadoband.org/|http://www.chstornadoband.org/]
|
Post #191,824
1/26/05 9:31:11 PM
|
Awesome.
Of course, now I'll have to make time to actually try it!
Thanks!
[link|http://forfree.sytes.net|
] Imric's Tips for Living
- Paranoia Is a Survival Trait
- Pessimists are never disappointed - but sometimes, if they are very lucky, they can be pleasantly surprised...
- Even though everyone is out to get you, it doesn't matter unless you let them win.
|
Nothing is as simple as it seems in the beginning,
As hopeless as it seems in the middle,
Or as finished as it seems in the end.
|
|
Post #191,855
1/26/05 11:17:57 PM
|
thanks!
....that was way easier than the route I took to get it going.
As others here have said....thanks for the info!
|
Post #195,408
2/18/05 2:14:34 PM
|
Re: thanks!
Uh oh...
"In any event, IBM will remove the initial 9406 versions of the 520 Express machines from marketing on April 1 (no joke).
On that same day, IBM also plans to withdraw the OS/400 PASE AIX runtime environment (feature 5732 of OS/400) from marketing, as well as its feature 1893 36.4 GB, 10K RPM disk drives. Now that the i5 supports the real AIX, IBM doesn't want to sell customers an AIX runtime environment or pay to support it on older machines. Customers who want to run Unix applications on their OS/400 platforms will just have to upgrade to i5s and run the real AIX. "
[link|http://www.itjungle.com/tfh/tfh021405-story04.html|http://www.itjungle....1405-story04.html]
I think that says it all...
|
Post #196,179
2/24/05 6:43:25 AM
|
Re: thanks!
false alarm
[link|http://www.itjungle.com/tfh/tfh022105-story02.html|http://www.itjungle....2105-story02.html]
|
