ibmi-brunch-learn

Announcement

Collapse
No announcement yet.

SFTP Batch Authentication Failed

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • SFTP Batch Authentication Failed

    I have installed keys and have tried the connectivity with remote server from AS400 using CALL QP2TERM and then logging into SFTP server using command - sftp -oPort=123 userid@sftpserver.com

    It works fine.

    But when I try the same thing in QSH through CL batch program it gives error - Host key verification failed.

    Any suggestion why it is failing?
    In QSH Command debug log I can see a message -

    debug1: Rhosts Authentication disabled, originating port will not be trusted.

  • #2
    Re: SFTP Batch Authentication Failed

    I can't see why it'd whether it's in Qshell or QP2TERM. The Rhosts Authentication should be the same in either case...

    Is it running under the same userid in the QShell environment? If there's a different userid, the keys would likely be different.

    Comment


    • #3
      Re: SFTP Batch Authentication Failed

      Originally posted by Scott Klement View Post
      I can't see why it'd whether it's in Qshell or QP2TERM. The Rhosts Authentication should be the same in either case...

      Is it running under the same userid in the QShell environment? If there's a different userid, the keys would likely be different.

      Thanks Scott, was eagerly waiting for your reply. User id is same, Does user profile special authority make difference *JOBCTL and *SPLCTL for QSH? This is the only thing I could think of. On the other hand user id can still access known_hosts file in QP2TERM.

      Also , Not sure why I'm seeing this message in debug, I know debug log is not truly helpful but still raises doubt in my mind -

      debug3: check_host_in_hostfile: filename /home/user_id/.ssh/known_hosts
      debug3: check_host_in_hostfile: filename /QOpenSys/QIBM/ProdData/SC1/OpenSSH/
      openssh-3.5p1/etc/ssh_known_hosts
      debug2: no key of type 0 for host xyz.com

      Comment


      • #4
        Re: SFTP Batch Authentication Failed

        Swaps400 -- you said this works from QP2TERM, but does not work from QShell. Are you posting these messages because they are different in QP2TERM vs QShell??

        Because, I think, that would be the easiest way to figure out what's going on... figure out what's different between QShell and QP2TERM... Because, really, they should be exactly the same if you're using the same userid. (I don't mean the userid in the 'userid@hostname.com' -- I mean, the IBM i userid who is running the QShell or QP2TERM utility)

        Comment


        • #5
          Re: SFTP Batch Authentication Failed

          Originally posted by Scott Klement View Post
          Swaps400 -- you said this works from QP2TERM, but does not work from QShell. Are you posting these messages because they are different in QP2TERM vs QShell??

          Because, I think, that would be the easiest way to figure out what's going on... figure out what's different between QShell and QP2TERM... Because, really, they should be exactly the same if you're using the same userid. (I don't mean the userid in the 'userid@hostname.com' -- I mean, the IBM i userid who is running the QShell or QP2TERM utility)
          That's correct Scott. Messages I've posted are different in QP2TERM and Qshell. I went through the log for both and first difference was Rhost Authentication. Next was the key not found in Qshell whereas QP2TERM it is fine.

          I am using same user id for running Qshell and QP2TERM.Since the home directory under that user profile have the known_hosts file, key validation should be same in both cases but still see this error

          Comment


          • #6
            Re: SFTP Batch Authentication Failed

            Originally posted by swaps400 View Post
            That's correct Scott. Messages I've posted are different in QP2TERM and Qshell. I went through the log for both and first difference was Rhost Authentication. Next was the key not found in Qshell whereas QP2TERM it is fine.

            I am using same user id for running Qshell and QP2TERM.Since the home directory under that user profile have the known_hosts file, key validation should be same in both cases but still see this error
            FYI, issue is resolved, I was using openssh-3.5p1 whereas QP2TERM was using openssh-3.8.1p1. I did not know about it as earlier set up is running fine with openssh-3.5p1.

            Comment


            • #7
              Re: SFTP Batch Authentication Failed

              Aha... so you had added the openssh-3.5p1 directory to your QShell PATH, and then had both of them installed... I can see how that would cause problems.

              I would avoid putting the openssh directory in your path, however. IBM puts symbolic links into /QOpenSys/usr/bin for the ssh utilties. I would add that to your path rather than the openssh directories. That way, when you update openssh (which will update the symlinks) you'll automatically get the current version.

              Comment

              Working...
              X