>From what I've found on my googles it looks like perhaps this was once >possible, but I am wondering if it is still possible. Basically, I am getting >an issue with the __poe() function being called, and I have neither UID(0) nor >BPX.POE rights.
Here is what I've tried. - Created my own directory, $HOME/sshlab. - Copied sshd_config and zos_sshd_config from the /samples directory to my sshlab directory. - Generated my DSA, RSA and ECDSA keys - Updated my sshd_config to point to those keys (via HostKey) - Use port 54322 - Use my own sshd.pid file - Turned off "privilege separation" So my updates to sshd_config are as follows: HostKey /u/dvfjs/sshlab/ssh_host_rsa_key HostKey /u/dvfjs/sshlab/ssh_host_dsa_key HostKey /u/dvfjs/sshlab/ssh_host_ecdsa_key Port 54322 PidFile /u/dvfjs/sshlab/sshd.pid UsePrivilegeSeparation no I had to copy sshd to my own bin directory so that I could execute it. I then execute in debug mode: _ZOS_SSHD_CONFIG=$HOME/sshlab/zos_sshd_config $HOME/bin/sshd -f $HOME/sshlab/sshd_config -Dde This works so far: debug1: sshd version OpenSSH_6.4, OpenSSL 1.0.2h 3 May 2016 debug1: read PEM private key done: type RSA debug1: private host key: #0 type 1 RSA debug1: read PEM private key done: type DSA debug1: private host key: #1 type 2 DSA debug1: read PEM private key done: type ECDSA debug1: private host key: #2 type 3 ECDSA debug1: setgroups() failed: EDC5139I Operation not permitted. (errno2=0x0BD60000) debug1: rexec_argv[0]='/u/dvfjs/bin/sshd' debug1: rexec_argv[1]='-f' debug1: rexec_argv[2]='/u/dvfjs/sshlab/sshd_config' debug1: rexec_argv[3]='-Dde' debug1: CSVDYNEX: The exit HZSADDCHECK module FOTM4ASH is already existed: rc=4, rsn=1025 debug1: HZSCHECK: Unable to register the ssh Health Check routine: rc=8, rsn=84609025 debug1: CSVDYNEX: The exit HZSADDCHECK module FOTM4ASD is already existed: rc=4, rsn=1025 debug1: HZSCHECK: Unable to register the sshd Health Check routine: rc=8, rsn=84609025 debug1: Bind to port 54322 on 0.0.0.0. Server listening on 0.0.0.0 port 54322. But when I connect to it from an ssh client I get this: debug1: fd 4 clearing O_NONBLOCK debug1: Server will not fork when running in debugging mode. debug1: rexec start in 4 out 4 newsock 4 pipe -1 sock 7 debug1: sshd version OpenSSH_6.4, OpenSSL 1.0.2h 3 May 2016 debug1: read PEM private key done: type RSA debug1: private host key: #0 type 1 RSA debug1: read PEM private key done: type DSA debug1: private host key: #1 type 2 DSA debug1: read PEM private key done: type ECDSA debug1: private host key: #2 type 3 ECDSA debug1: setgroups() failed: EDC5139I Operation not permitted. (errno2=0x0BD60000) debug1: CSVDYNEX: The exit HZSADDCHECK module FOTM4ASH is already existed: rc=4, rsn=1025 debug1: HZSCHECK: Unable to register the ssh Health Check routine: rc=8, rsn=84609025 debug1: CSVDYNEX: The exit HZSADDCHECK module FOTM4ASD is already existed: rc=4, rsn=1025 debug1: HZSCHECK: Unable to register the sshd Health Check routine: rc=8, rsn=84609025 debug1: inetd sockets after dupping: 3, 3 FOTS1446 __poe() failed for accepted socket: EDC5139I Operation not permitted. (errno2=0x1331056F) sshd then terminates. I've not been able to find a setting that will turn of the call to __poe(), or ignore its failure result. Am I just out of luck until I can get a sysprog to set it up (or assign me BPX.POE rights, I suppose)? ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
