Classification: Confidential There is a Webinar on the Dovetail Site: Ported Tools for z/OS: OpenSSH Key Authentication. The last page of PDF associated with this webinar has "common pitfalls"
You should check the enumerated items. HTH, -----Original Message----- From: IBM Mainframe Discussion List <IBM-MAIN@LISTSERV.UA.EDU> On Behalf Of Steve David Sent: Tuesday, May 20, 2025 6:37 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: SFTP Batch permission denied issue [CAUTION: This Email is from outside the Organization. Unless you trust the sender, Don’t click links or open attachments as it may be a Phishing email, which can steal your Information and compromise your Computer.] Hello, Running Co:Z SFTP on Dev lpar and We had problem with SFTP batch job (using common user id) which failed with permission denied. Mainframe TSO Userid (TSOUSR)who tried to submit batch job using common(Remote server-RMTSRVR) id, Q1: whether we need to have host(server) public key in TSO user specific directory(u/users/TSOUSR/.ssh/known_hosts) or the common user id (u/users/RMTSRVR/.ssh/known_hosts) on mainframe side Q2: Do we need give any surrogate access to individual TSO user who tried submit batch job with common remote server id in mainframe? Q3: we have public key of remote server saved in user specific directory (u/users/RMTSRVR/.ssh), is it mandatory to have (client public key)on remote target server authorized_keys directory as well? Q4:Not sure if this problem with any directory permission issue on remote server side? Logs: 1. Permission denied (public key, password,gasps-with-mic) When enabled ssh trace getting it shows public key authentication failed, but then proceed with other authentication.. Regards Nithi ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN ::DISCLAIMER:: ________________________________ The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. E-mail transmission is not guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or may contain viruses in transmission. The e mail and its contents (with or without referred errors) shall therefore not attach any liability on the originator or HCL or its affiliates. Views or opinions, if any, presented in this email are solely those of the author and may not necessarily reflect the views or opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of authorized representative of HCL is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. Before opening any email and/or attachments, please check them for viruses and other defects. ________________________________ ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
