SSH to mainframe from personal laptop.

[Anil Khanna]

Hi,

Have two questions:

1. Have some one tried running a GitHub CI pipeline with mainframes? Any example be appreciated.
2. Can we do SSH to mainframe from personal laptop. If someone has done it, please guide. I've tried it by adding the public key as authorized keys, however it ends with 'permission denied, please try again'.

Any guidance is appreciated.

[utkarsh]

I think you can not SSH to mainframes.

[darmstadt]

Yes, as long as the SSH daemon is running and you have an OMVS segment and your SAF product allows you to.

[Anil Khanna]

We're using ZD&T and I'm not sure if that is causing the SSH to fail to get connected. I'm able to connect the same mainframe IP for FTP. But with SSH gets denied.

Diagnostic messages are listed below:

Code: Select all

C:\Users\username> ssh -v gmsusername@3.1xx.1xx.2xx
OpenSSH_for_Windows_8.6p1, LibreSSL 3.4.3
debug1: Authenticator provider $SSH_SK_PROVIDER did not resolve; disabling
debug1: Connecting to 3.1xx.1xx.2xx [3.1xx.1xx.2xx] port 22.
debug1: Connection established.
debug1: identity file C:\\Users\\username/.ssh/id_rsa type 0
debug1: identity file C:\\Users\\username/.ssh/id_rsa-cert type -1
debug1: identity file C:\\Users\\username/.ssh/id_dsa type -1
debug1: identity file C:\\Users\\username/.ssh/id_dsa-cert type -1
debug1: identity file C:\\Users\\username/.ssh/id_ecdsa type -1
debug1: identity file C:\\Users\\username/.ssh/id_ecdsa-cert type -1
debug1: identity file C:\\Users\\username/.ssh/id_ecdsa_sk type -1
debug1: identity file C:\\Users\\username/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file C:\\Users\\username/.ssh/id_ed25519 type -1
debug1: identity file C:\\Users\\username/.ssh/id_ed25519-cert type -1
debug1: identity file C:\\Users\\username/.ssh/id_ed25519_sk type -1
debug1: identity file C:\\Users\\username/.ssh/id_ed25519_sk-cert type -1
debug1: identity file C:\\Users\\username/.ssh/id_xmss type -1
debug1: identity file C:\\Users\\username/.ssh/id_xmss-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_for_Windows_8.6
debug1: Remote protocol version 2.0, remote software version OpenSSH_8.9p1 Ubuntu-3
debug1: compat_banner: match: OpenSSH_8.9p1 Ubuntu-3 pat OpenSSH* compat 0x04000000
debug1: Authenticating to 3.1xx.1xx.2xx:22 as 'gmsusername'
debug1: load_hostkeys: fopen C:\\Users\\username/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen __PROGRAMDATA__\\ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen __PROGRAMDATA__\\ssh/ssh_known_hosts2: No such file or directory
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: algorithm: curve25519-sha256
debug1: kex: host key algorithm: ssh-ed25519
debug1: kex: server->client cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: kex: client->server cipher: chacha20-poly1305@openssh.com MAC: <implicit> compression: none
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: SSH2_MSG_KEX_ECDH_REPLY received
debug1: Server host key: ssh-ed25519 SHA256:XOjFTjQNCB9Zsjt38Bm3/SfTAjTVFQ1dbZRaCBEPLgA
debug1: load_hostkeys: fopen C:\\Users\\username/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen __PROGRAMDATA__\\ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen __PROGRAMDATA__\\ssh/ssh_known_hosts2: No such file or directory
debug1: Host '3.1xx.1xx.2xx' is known and matches the ED25519 host key.
debug1: Found key in C:\\Users\\username/.ssh/known_hosts:1
debug1: rekey out after 134217728 blocks
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: rekey in after 134217728 blocks
debug1: pubkey_prepare: ssh_get_authentication_socket: No such file or directory
debug1: Will attempt key: C:\\Users\\username/.ssh/id_rsa RSA SHA256:cDQRUaA+Sq6VFnVk3lzOYr99+4U40AnoByR2WuvqYrk
debug1: Will attempt key: C:\\Users\\username/.ssh/id_dsa
debug1: Will attempt key: C:\\Users\\username/.ssh/id_ecdsa
debug1: Will attempt key: C:\\Users\\username/.ssh/id_ecdsa_sk
debug1: Will attempt key: C:\\Users\\username/.ssh/id_ed25519
debug1: Will attempt key: C:\\Users\\username/.ssh/id_ed25519_sk
debug1: Will attempt key: C:\\Users\\username/.ssh/id_xmss
debug1: SSH2_MSG_EXT_INFO received
debug1: kex_input_ext_info: server-sig-algs=<ssh-ed25519,sk-ssh-ed25519@openssh.com,ssh-rsa,rsa-sha2-256,rsa-sha2-512,ssh-dss,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,sk-ecdsa-sha2-nistp256@openssh.com,webauthn-sk-ecdsa-sha2-nistp256@openssh.com>
debug1: kex_input_ext_info: publickey-hostbound@openssh.com (unrecognised)
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Offering public key: C:\\Users\\username/.ssh/id_rsa RSA SHA256:cDQRUaA+Sq6VFnVk3lzOYr99+4U40AnoByR2WuvqYrk
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: C:\\Users\\username/.ssh/id_dsa
debug1: Trying private key: C:\\Users\\username/.ssh/id_ecdsa
debug1: Trying private key: C:\\Users\\username/.ssh/id_ecdsa_sk
debug1: Trying private key: C:\\Users\\username/.ssh/id_ed25519
debug1: Trying private key: C:\\Users\\username/.ssh/id_ed25519_sk
debug1: Trying private key: C:\\Users\\username/.ssh/id_xmss
debug1: Next authentication method: password
gmsusername@3.1xx.1xx.2xx's password:
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
gmsusername@3.1xx.1xx.2xx's password:
debug1: Authentications that can continue: publickey,password
Permission denied, please try again.
gmsusername@3.1xx.1xx.2xx's password:
debug1: Authentications that can continue: publickey,password
debug1: No more authentication methods to try.
gmsusername@3.1xx.1xx.2xx: Permission denied (publickey,password).

[Robert Sample]

SSH negotiates when authentication method to use between the two systems. The messages you list indicate that no common authentication method exists between them. Also, it does not appear that the SSH system on the PC is set up correctly since known_hosts doesn't exist.

[Anil Khanna]

debug1: load_hostkeys: fopen C:\\Users\\username/.ssh/known_hosts2: No such file or directory
debug1: load_hostkeys: fopen __PROGRAMDATA__\\ssh/ssh_known_hosts: No such file or directory
debug1: load_hostkeys: fopen __PROGRAMDATA__\\ssh/ssh_known_hosts2: No such file or directory
debug1: Host '3.1xx.1xx.2xx' is known and matches the ED25519 host key.
debug1: Found key in C:\\Users\\username/.ssh/known_hosts:1

Last line above is what are you telling?

If I have to create a known host, what do I do? Any direction on that please?

[Anil Khanna]

I get the same problem again, if there is any advice, please share.

[Anuj Dhawan]

What port are you using to initiate the SSH? Does the ping work from your laptop to mainframes?

[Robert Sample]

From https://www.howtouselinux.com/post/ssh-known_hosts-file:  "The ssh known_hosts file is a file that stores the public key of all of the servers that you have connected using ssh." and "In the context of computer networking, known_hosts is a file used by SSH (Secure Shell) clients to verify the identity of a remote server before establishing a connection."  The web site also gives the format for the known_hosts file.  The PC definitely is not configured for SSH.