David / Kirk,
You previously mentioned you were awaiting a fix for this.
< We would just ask you to hold off until we have a fix for this available. We should have this fix soon and we will let customers know once it's available. You can contact our support site for details.>
According to IBM, because this is open source, this is the way it is , no changes in the works, not what I wanted to hear.
We have to revisit every SFTP process before applying SI55522
IBM's recommendation for Logging Success or Failure in OpenSSH Batch Mode File Transfers.
http://www.ibm.com/support/docview.wss?uid=nas8N1018799
Paul
-----Original Message-----
From: Steinmetz, Paul
Sent: Thursday, January 29, 2015 11:12 AM
To: 'midrange-l@xxxxxxxxxxxx'
Subject: RE: Possible issue with PTF SI55522
David / Kirk,
Here's IBM's recommendation for Logging Success or Failure in OpenSSH Batch Mode File Transfers.
http://www.ibm.com/support/docview.wss?uid=nas8N1018799
I tested this, works fine.
I tried coding for RC years ago, was not successful, I did not have the specifics below..
I'm still waiting for an update from IBM, I don't want to revisit every OpenSSH touch point.
QSH CMD(&CM3)
RCVMSG MSGTYPE(*COMP) RMV(*NO) MSGDTA(&MSGDTA) MSGID(&MSGID)
IF (&MSGID *EQ 'QSH0005') +
CHGVAR &RC %BIN(&MSGDTA)
IF (&RC *EQ 0) THEN(DO)
SNDMSG MSG('The file transfer completed successfully.') TOUSR(user_profile)
ENDDO
IF (&RC *GE 1) THEN(DO)
SNDMSG MSG('The file transfer failed') TOUSR(user_profile)
ENDDO
ENDPGM
Paul
-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of Steinmetz, Paul
Sent: Wednesday, January 28, 2015 5:17 PM
To: 'midrange-l@xxxxxxxxxxxx'
Subject: RE: Possible issue with PTF SI55522
I applied SI55522 to a test LPAR.
Ran a SFTP test, test LPAR being the client.
The "Uploading" line no longer appears.
In order to check for successful transfers, I will need to 1)Turn debug logging on
2) Add logic to the SFTP logging program to also check for "Transferred"
Any other thoughts???
Message before PTF
sftp> put /PAULS/PAULSTST.TXT /PAULS/PAULSTXT.TXT (replace
Uploading /PAULS/PAULSTST.TXT to /PAULS/PAULSTXT.TXT
sftp>
Message after the PTF
sftp> put /PAULS/PAULSTST.TXT /PAULS/PAULSTXT.TXT (replace
sftp>
Message after the PTF with debug detail logging turned on, -v
OpenSSH_6.6, OpenSSL 1.0.1j 15 Oct 2014
debug1: Reading configuration data /QOpenSys/QIBM/ProdData/SC1/OpenSSH/openssh-4.7p1/etc/ssh_config
debug1: Connecting to 172.16.23.5 [172.16.23.5] port 22.
debug1: Connection established.
debug1: identity file /home/PAULS/.ssh/id_rsa type 1
debug1: identity file /home/PAULS/.ssh/id_rsa-cert type -1
debug1: identity file /home/PAULS/.ssh/id_dsa type -1
debug1: identity file /home/PAULS/.ssh/id_dsa-cert type -1
debug1: identity file /home/PAULS/.ssh/id_ecdsa type -1
debug1: identity file /home/PAULS/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/PAULS/.ssh/id_ed25519 type -1
debug1: identity file /home/PAULS/.ssh/id_ed25519-cert type -1
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_6.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.8
debug1: match: OpenSSH_5.8 pat OpenSSH_5* compat 0x0c000000
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 23:f6:2b:62:0c:fb:ee:44:71:9e:ae:10:cf:03:f6:56
debug1: Host '172.16.23.5' is known and matches the ECDSA host key.
debug1: Found key in /home/PAULS/.ssh/known_hosts:1
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering RSA public key: /home/PAULS/.ssh/id_rsa
debug1: Server accepts key: pkalg ssh-rsa blen 279
debug1: key_parse_private2: missing begin marker
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
Authenticated to 172.16.23.5 ([172.16.23.5]:22).
debug1: channel 0: new [client-session]
debug1: Requesting no-more-sessions@xxxxxxxxxxx
debug1: Entering interactive session.
debug1: Sending subsystem: sftp
sftp> put /PAULS/PAULSTST.TXT /PAULS/PAULSTXT.TXT (replace
sftp>
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: free: client-session, nchannels 1
Transferred: sent 3568, received 2192 bytes, in 0.1 seconds
Bytes per second: sent 26141.1, received 16059.8
debug1: Exit status 0
Paul
-----Original Message-----
From: Steinmetz, Paul
Sent: Wednesday, January 21, 2015 9:08 PM
To: 'midrange-l@xxxxxxxxxxxx'
Subject: RE: Possible issue with PTF SI55522
Any update on this?
Paul
-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf Of David Hunter
Sent: Tuesday, January 06, 2015 2:28 PM
To: midrange-l@xxxxxxxxxxxx
Subject: RE: Possible issue with PTF SI55522
Kirk,
I can clarify this for you as I work at Townsend Security. The email that went out was not properly worded, the issue is not a problem with the functionality of version 6.6p1 of OpenSSH, the issue is with how our own application interacts with that version. There was a small change made that causes our application to report errors for SSH sFTP transfers even when they're successful. We do not want to discourage anyone from applying PTF SI55522, or more appropriately PTF SI55602 which supersedes it. We would just ask you to hold off until we have a fix for this available. We should have this fix soon and we will let customers know once it's available. You can contact our support site for details.
David
David Hunter
Townsend Security
"QXJzIGVzdCBjZWxhcmUgYXJ0ZW0="
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit:
http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at
http://archive.midrange.com/midrange-l.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe, unsubscribe, or change list options,
visit:
http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take a moment to review the archives at
http://archive.midrange.com/midrange-l.
As an Amazon Associate we earn from qualifying purchases.