Using saf-ssh-agent on 'other' digital certificate

Discussion of the Co:Z Co-Processing Toolkit for z/OS
Post Reply
slhussey
Posts: 22
Joined: Thu Jun 19, 2014 9:55 am

Using saf-ssh-agent on 'other' digital certificate

Post by slhussey » Mon Oct 16, 2017 11:11 am

I am trying to extract the public key from a digital certificate that is not associated to my userid. Either another user or a batch ID. The message from saf-ssh-agent is:

SafSshAgent[E]: Keyring: 'DDT51###KeyRing' was not found

What needs to be setup to allow access to the public key for digital certificates owned by other identities?

The JCL used is:

//EXTRACT EXEC PGM=BPXBATCH
//STDPARM DD *
sh saf-ssh-agent -x -f /tmp/DDT51###.pub DDT51###KeyRing
/*
//STDOUT DD PATH='/tmp/&SYSUID..out',
// PATHOPTS=(OWRONLY,OCREAT,OTRUNC),
// PATHMODE=SIRWXU
//STDERR DD PATH='/tmp/&SYSUID..err',
// PATHOPTS=(OWRONLY,OCREAT,OTRUNC),
// PATHMODE=SIRWXU

dovetail
Site Admin
Posts: 1776
Joined: Thu Jul 29, 2004 12:12 pm

Re: Using saf-ssh-agent on 'other' digital certificate

Post by dovetail » Wed Oct 18, 2017 11:33 am

The full syntax for specifying a certificate is:

owner/keyring:label

owner/ - defaults to the current userid

:label - defaults to the "default" label on the key ring.

Post Reply