Keyring: 'SFTPRING' was not found

Discussion of the Co:Z Co-Processing Toolkit for z/OS
Post Reply
jens.elbaek
Posts: 1
Joined: Thu Sep 03, 2015 8:18 am

Keyring: 'SFTPRING' was not found

Post by jens.elbaek » Thu Sep 03, 2015 8:28 am

Allthough the keyring is created I get this error. Can anybody help?

CoZBatchÝN¨: Copyright (C) 2005-2013 Dovetailed Technologies LLC. All rights reserved.
CoZBatchÝN¨: version 3.1.2 2015-08-13
CoZBatchÝI¨: executing progname=login-shell="-/bin/sh"
Connect via saf-ssh-agent using SAF Certificate "SFTPRING:SFTP-SERVER-TEST-2015"...
Executing: /u/jnxjel/coz/bin/cozsftp -k SFTPRING:SFTP-SERVER-TEST-2015 -b- 'SFTPtestuserØ10.31.6.234'
SafSshAgentÝE¨: Keyring: 'SFTPRING' was not found
SpawnSafSshAgentÝE¨: Timeout waiting for SSH_AUTH_SOCK creation
Co:Z SFTP version: 3.1.2 (5.0p1) 2015-08-13
Copyright (C) Dovetailed Technologies, LLC. 2008-2014. All rights reserved.
---------------------------------------------------------------------------------------------
//STDIN DD * 00007309
export cert="SFTPRING:SFTP-SERVER-TEST-2015" 00007413
export user=SFTPtestuser 00007511
export host=10.31.6.234 00007611
export lzopts="mode=text" 00007711
export lfile=/u/jnxjel/testfile.txt 00007811
export rfile=./testfile.txt 00007911
export cozbin_dir=/u/jnxjel/coz/bin 00008011
export script_dir=/u/jnxjel/coz/samples/sftp_batch 00008111
/u/jnxjel/coz/samples/sftp_batch/sftp_put.sh 00009011

---------------------------------------------------------------------------------------------
These are the commands that created the ring:
Generate CA cert:

RACDCERT CERTAUTH -
GENCERT -
SUBJECTSDN(CN('JNDATA SDC-PRODPLEX CA') -
OU('JNDATA SDC-PRODPLEX Certificate Authority') -
O('JNDATA SDC-PRODPLEX') -
C('DK')) -
SIZE(4096) -
NOTAFTER(DATE(2025/12/31)) -
KEYUSAGE(CERTSIGN) -
WITHLABEL('JNDATA SDC-PRODPLEX ROOT CA')
RACDCERT CERTAUTH LIST(LABEL('JNDATA SDC-PRODPLEX ROOT CA'))


Generate SFTP cert:

RACDCERT ID(TCPIP) GENCERT +
SUBJECTSDN( +
CN('FTP-HOTEL.SDC.DK') +
T('SFTP_TEST_SERVER') +
OU('SDC Udvikling A/S') +
O('Skandinavisk Data Center A/S') +
L('Ballerup') +
SP('Ballerup') +
C('DK')) +
NOTAFTER(DATE(2025/12/31)) +
SIZE(4096) +
WITHLABEL('SFTP-SERVER-TEST-2015') +
SIGNWITH(CERTAUTH -
LABEL('JNDATA SDC-PRODPLEX ROOT CA'))


Define Keyring;

RACDCERT ID(TCPIP) ADDRING(SFTPRING)

Connect to keyring:

RACDCERT ID(TCPIP) CONNECT(ID(TCPIP) +
LABEL('SFTP-SERVER-TEST-2015') +
RING(SFTPRING) DEFAULT USAGE(PERSONAL))

RACDCERT ID(TCPIP) CONNECT(CERTAUTH +
LABEL('JNDATA SDC-PRODPLEX ROOT CA') +
RING(SFTPRING) USAGE(CERTAUTH))


Listring:

Digital ring information for user TCPIP:

Ring:
>SFTPRING<
Certificate Label Name Cert Owner USAGE DEFAULT
-------------------------------- ------------ -------- -------
SFTP-SERVER-TEST-2015 ID(TCPIP) PERSONAL YES
JNDATA SDC-PRODPLEX ROOT CA CERTAUTH CERTAUTH NO

***

dovetail
Site Admin
Posts: 1910
Joined: Thu Jul 29, 2004 12:12 pm

Re: Keyring: 'SFTPRING' was not found

Post by dovetail » Tue Oct 20, 2015 9:30 am

Are you running the Co:Z SFTP job that is trying to use the key ring under the z/OS userid "TCPIP"? This is the id that owns the key ring that you created.

If so, does your TCPIP userid have the required permissions to access the key ring?
See: http://dovetail.com/docs/sftp/auth.html#auth-racf

Post Reply