CZPOSTPR EXIT not firing

A discussion of Co:Z sftp, a port of OpenSSH sftp for z/OS
Post Reply
tsgapd
Posts: 3
Joined: Tue Apr 14, 2015 9:27 am

CZPOSTPR EXIT not firing

Post by tsgapd » Thu Aug 16, 2018 6:08 am

Hi there,
We have been running COZ SFTP and utilising the CZPOSTPR EXIT to generate SYSLOG entries so that we can automate processes when files are delivered to us. Works beautifully. USS files / MVS datasets no problems....until this week.

In order to prevent a user from running SSH commands we added an entry to /etc/ssh/sshd_config along the lines of:

Match User USER1
ForceCommand internal-sftp
X11Forwarding no
AllowTcpForwarding no


This works in that it prevents USER1 from running SSH commands and still lets them SFTP into us but what we have noticed is that the EXIT doesn't get called. It's definitely this entry in the config that results in the EXIT being called/ not being called as we can switch on/ off and prove.

A -vvv on both a failed & successful call of the EXIT shows very few differences:

Working Transfer that calls the EXIT
===============================
debug2: Remote version: 3
debug2: Init extension: "posix-rename@openssh.com"
debug2: Init extension: "coz-zopts@dovetail.com"
debug3: Sent message coz-zopts@dovetail.com ",%servercp" -> ""
debug3: Received reply T:201 I:1
debug3: Sent message coz-zopts@dovetail.com "clientcp=IBM-1047" -> ""
debug3: Received reply T:201 I:2
debug3: Sent message fd 6 T:16 I:3

debug2: channel 0: input drain -> closed
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug3: channel 0: is not converting type "exit-status"
debug2: channel 0: rcvd eof "

Transfer that works but fails to call the EXIT
======================================
debug2: Remote version: 3
debug2: Init extension: "posix-rename@openssh.com"
debug2: Init extension: "statvfs@openssh.com"
debug2: Init extension: "fstatvfs@openssh.com"
debug2: Init extension: "hardlink@openssh.com"
debug3: Sent message fd 6 T:16 I:1

debug3: Got file attribute "nlink_t_zos@us.ibm.com"

debug2: channel 0: output drain -> closed
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug3: channel 0: is not converting type "exit-status"
debug2: channel 0: rcvd close


Is there anything there that would cause our issue? Has anyone amended sshd_config and seen this before?

Thanks in advance,


Andrew Davis

dovetail
Site Admin
Posts: 1856
Joined: Thu Jul 29, 2004 12:12 pm

Re: CZPOSTPR EXIT not firing

Post by dovetail » Thu Oct 04, 2018 3:02 pm

If you use:
ForceCommand internal-sftp

then you are running the IBM provided sftp server and not Co:Z SFTP.

Post Reply