Mainframe, MVS and zOS Discussion


https://www.zmainframes.com/

SSH to mainframe from personal laptop.

https://www.zmainframes.com/viewtopic.php?t=9732

Page 1 of 1

SSH to mainframe from personal laptop.

Posted: Tue Aug 01, 2023 8:00 pm
by Anil Khanna
Hi,

Have two questions:
  1. Have some one tried running a GitHub CI pipeline with mainframes? Any example be appreciated.
  2. Can we do SSH to mainframe from personal laptop. If someone has done it, please guide. I've tried it by adding the public key as authorized keys, however it ends with 'permission denied, please try again'.
Any guidance is appreciated.

Re: SSH to mainframe from personal laptop.

Posted: Thu Aug 03, 2023 1:42 pm
by utkarsh
I think you can not SSH to mainframes.

Re: SSH to mainframe from personal laptop.

Posted: Thu Aug 03, 2023 2:47 pm
by darmstadt
Yes, as long as the SSH daemon is running and you have an OMVS segment and your SAF product allows you to.

Re: SSH to mainframe from personal laptop.

Posted: Mon Aug 07, 2023 3:35 pm
by Anil Khanna
We're using ZD&T and I'm not sure if that is causing the SSH to fail to get connected. I'm able to connect the same mainframe IP for FTP. But with SSH gets denied.

Diagnostic messages are listed below:

Code: Select all

C:\Users\username> ssh -v gmsusername@3.1xx.1xx.2xx
OpenSSH_for_Windows_8.6p1, LibreSSL 3.4.3
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Connecting to 3.1xx.1xx.2xx [3.1xx.1xx.2xx] port 22.
debug1: Connection established.
debug1: identity file C:\\Users\\username/.ssh/id_rsa type 0
debug1: identity file C:\\Users\\username/.ssh/id_rsa-cert type -1
debug1: identity file C:\\Users\\username/.ssh/id_dsa type -1
debug1: identity file C:\\Users\\username/.ssh/id_dsa-cert type -1
debug1: identity file C:\\Users\\username/.ssh/id_ecdsa type -1
debug1: identity file C:\\Users\\username/.ssh/id_ecdsa-cert type -1
debug1: identity file C:\\Users\\username/.ssh/id_ecdsa_sk type -1
debug1: identity file C:\\Users\\username/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file C:\\Users\\username/.ssh/id_ed25519 type -1
debug1: identity file C:\\Users\\username/.ssh/id_ed25519-cert type -1
debug1: identity file C:\\Users\\username/.ssh/id_ed25519_sk type -1
debug1: identity file C:\\Users\\username/.ssh/id_ed25519_sk-cert type -1
debug1: identity file C:\\Users\\username/.ssh/id_xmss type -1
debug1: identity file C:\\Users\\username/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.9p1 Ubuntu-3
debug1: compat_banner: match: OpenSSH_8.9p1 Ubuntu-3 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 3.1xx.1xx.2xx:22 as 'gmsusername'
debug1: load_hostkeys: fopen C:\\Users\\username/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen __PROGRAMDATA__\\ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen __PROGRAMDATA__\\ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:XOjFTjQNCB9Zsjt38Bm3/SfTAjTVFQ1dbZRaCBEPLgA
debug1: load_hostkeys: fopen C:\\Users\\username/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen __PROGRAMDATA__\\ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen __PROGRAMDATA__\\ssh/ssh_known_hosts2: No such file or directory
debug1: Host '3.1xx.1xx.2xx' is known and matches the ED25519 host key.
debug1: Found key in C:\\Users\\username/.ssh/known_hosts:1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: pubkey_prepare: ssh_get_authentication_socket: No such file or directory
debug1: Will attempt key: C:\\Users\\username/.ssh/id_rsa RSA SHA256:cDQRUaA+Sq6VFnVk3lzOYr99+4U40AnoByR2WuvqYrk
debug1: Will attempt key: C:\\Users\\username/.ssh/id_dsa
debug1: Will attempt key: C:\\Users\\username/.ssh/id_ecdsa
debug1: Will attempt key: C:\\Users\\username/.ssh/id_ecdsa_sk
debug1: Will attempt key: C:\\Users\\username/.ssh/id_ed25519
debug1: Will attempt key: C:\\Users\\username/.ssh/id_ed25519_sk
debug1: Will attempt key: C:\\Users\\username/.ssh/id_xmss
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,webauthn-sk-ecdsa-sha2-nistp256@openssh.com>
debug1: kex_input_ext_info: publickey-hostbound@openssh.com (unrecognised)
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: C:\\Users\\username/.ssh/id_rsa RSA SHA256:cDQRUaA+Sq6VFnVk3lzOYr99+4U40AnoByR2WuvqYrk
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: C:\\Users\\username/.ssh/id_dsa
debug1: Trying private key: C:\\Users\\username/.ssh/id_ecdsa
debug1: Trying private key: C:\\Users\\username/.ssh/id_ecdsa_sk
debug1: Trying private key: C:\\Users\\username/.ssh/id_ed25519
debug1: Trying private key: C:\\Users\\username/.ssh/id_ed25519_sk
debug1: Trying private key: C:\\Users\\username/.ssh/id_xmss
debug1: Next authentication method: password
gmsusername@3.1xx.1xx.2xx's password:
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
gmsusername@3.1xx.1xx.2xx's password:
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
gmsusername@3.1xx.1xx.2xx's password:
debug1: Authentications that can continue: publickey,password
debug1: No more authentication methods to try.
gmsusername@3.1xx.1xx.2xx: Permission denied (publickey,password).

Re: SSH to mainframe from personal laptop.

Posted: Mon Aug 07, 2023 11:14 pm
by Robert Sample
SSH negotiates when authentication method to use between the two systems. The messages you list indicate that no common authentication method exists between them. Also, it does not appear that the SSH system on the PC is set up correctly since known_hosts doesn't exist.

Re: SSH to mainframe from personal laptop.

Posted: Tue Aug 08, 2023 7:35 am
by Anil Khanna
debug1: load_hostkeys: fopen C:\\Users\\username/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen __PROGRAMDATA__\\ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen __PROGRAMDATA__\\ssh/ssh_known_hosts2: No such file or directory
debug1: Host '3.1xx.1xx.2xx' is known and matches the ED25519 host key.
debug1: Found key in C:\\Users\\username/.ssh/known_hosts:1
Last line above is what are you telling?

If I have to create a known host, what do I do? Any direction on that please?

Re: SSH to mainframe from personal laptop.

Posted: Thu Feb 08, 2024 9:43 pm
by Anil Khanna
I get the same problem again, if there is any advice, please share.

Re: SSH to mainframe from personal laptop.

Posted: Fri Feb 09, 2024 4:50 pm
by Anuj Dhawan
What port are you using to initiate the SSH? Does the ping work from your laptop to mainframes?

Re: SSH to mainframe from personal laptop.

Posted: Tue Feb 13, 2024 7:11 am
by Robert Sample
From https://www.howtouselinux.com/post/ssh-known_hosts-file:  "The ssh known_hosts file is a file that stores the public key of all of the servers that you have connected using ssh." and "In the context of computer networking, known_hosts is a file used by SSH (Secure Shell) clients to verify the identity of a remote server before establishing a connection."  The web site also gives the format for the known_hosts file.  The PC definitely is not configured for SSH.

Re: SSH to mainframe from personal laptop.

Posted: Wed May 08, 2024 7:11 pm
by utkarsh
Thanks Anuj and Robert. That project was scrapped though we started working on it again.

SSH didn't work. Our mainframe sandbox is ZD&T. Will that make a difference?
All times are UTC+05:30
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited