Permission Denied

Discussion of the free COZBATCH utility for z/OS
Post Reply
ChuckCottrell
Posts: 4
Joined: Wed Oct 13, 2021 8:31 am

Permission Denied

Post by ChuckCottrell »

OK. Getting FOTS1346 Permission Denied.
I've tried it with an 80-byte PW file down to a 8-byte PW file.
There are no sequence numbers anywhere.
I've manually logged into the server from OMVS on a Z/OS LPAR without issue, so I know the PW is good and that the port is open.

ANY help would be appreciated.

Here are the control statements the batch job:

rmtuser="NJSFTPD"
server="10.13.98.98"
coz_bin='/usr/local/coz621/bin'
export DISPLAY=none
ssh_opts="-oBatchMode=no"
ssh_opts="$ssh_opts -F/etc/ssh/ssh_config_nj_STD"
ssh_opts="$ssh_opts -oConnectTimeout=60"
ssh_opts="$ssh_opts -oServerAliveInterval=60"
ssh_opts="$ssh_opts -oStrictHostKeyChecking=no"
export PASSWD_DSN='//TSOSPCC.SFTP.CNTL(NJSFTPD)'
export SSH_ASKPASS=$coz_bin/read_passwd_dsn.sh
export DISPLAY=none
mvsfile='//DD:TODASD1'
rmtfile='/oracle/WEEKLY/drivers/RMODtoSAR/acaprov/acaprov.txt'
$coz_bin/cozsftp -vvv $ssh_opts -b- $rmtuser@$server <<EOB
lzopts mode=TEXT
lpwd
pwd
get $rmtfile $mvsfile -r
rm '/oracle/WEEKLY/drivers/RMODtoSAR/acaprov/acaprov.txt'


Here's the output:

CoZBatch[N]: version: 6.2.1 2021-01-15
CoZBatch[N]: Copyright (C) Dovetailed Technologies, LLC. 2005-2021. All rights reserved.
<- ()
CoZBatch: executing progname=login-shell="-/bin/sh"
Co:Z SFTP version: 6.2.1 (7.6p1) 2021-01-15
Copyright (C) Dovetailed Technologies, LLC. 2008-2021. All rights reserved.
ZosSettings[W]: Fixed section found in user config file - ignoring
Connecting to 10.13.98.98...
[04:48:58.721870] debug3: connect_to_server arg=/bin/ssh
[04:48:58.721923] debug3: connect_to_server arg=-oForwardX11 no
[04:48:58.721944] debug3: connect_to_server arg=-oForwardAgent no

[04:48:58.721965] debug3: connect_to_server arg=-oClearAllForwardings yes

[04:48:58.721985] debug3: connect_to_server arg=-v

[04:48:58.722001] debug3: connect_to_server arg=-v

[04:48:58.722022] debug3: connect_to_server arg=-v

[04:48:58.722038] debug3: connect_to_server arg=-o

[04:48:58.722058] debug3: connect_to_server arg=BatchMode=no

[04:48:58.722075] debug3: connect_to_server arg=-F

[04:48:58.722095] debug3: connect_to_server arg=/etc/ssh/ssh_config_nj_STD

[04:48:58.722112] debug3: connect_to_server arg=-o

[04:48:58.722132] debug3: connect_to_server arg=ConnectTimeout=60

[04:48:58.722149] debug3: connect_to_server arg=-o

[04:48:58.722169] debug3: connect_to_server arg=ServerAliveInterval=60

[04:48:58.722190] debug3: connect_to_server arg=-o

[04:48:58.722206] debug3: connect_to_server arg=StrictHostKeyChecking=no

[04:48:58.722227] debug3: connect_to_server arg=-obatchmode yes

[04:48:58.722247] debug3: connect_to_server arg=-l

[04:48:58.722263] debug3: connect_to_server arg=NJSFTPD

[04:48:58.722284] debug3: connect_to_server arg=-oProtocol 2

[04:48:58.722300] debug3: connect_to_server arg=-s

[04:48:58.722320] debug3: connect_to_server arg=--

[04:48:58.722337] debug3: connect_to_server arg=10.13.98.98

[04:48:58.722357] debug3: connect_to_server arg=sftp

[04:48:58.790585] debug2: setting ssh _CEE_RUNOPTS=HEAP(12M,1M,,FREE),ENVAR("_CEE_REALLOC_CONTROL=256K,25")

OpenSSH_6.4, OpenSSL 1.0.2h 3 May 2016

debug1: Reading configuration data /etc/ssh/ssh_config_nj_STD

debug3: cipher ok: aes256-cbc [aes256-cbc,aes192-cbc,aes128-cbc,aes128-ctr,aes192-ctr,aes256-ctr,rijndael-cbc@lysator.li
u.se,3des-cbc,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour]

debug3: cipher ok: aes192-cbc [aes256-cbc,aes192-cbc,aes128-cbc,aes128-ctr,aes192-ctr,aes256-ctr,rijndael-cbc@lysator.li
u.se,3des-cbc,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour]

debug3: cipher ok: aes128-cbc [aes256-cbc,aes192-cbc,aes128-cbc,aes128-ctr,aes192-ctr,aes256-ctr,rijndael-cbc@lysator.li
u.se,3des-cbc,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour]

debug3: cipher ok: aes128-ctr [aes256-cbc,aes192-cbc,aes128-cbc,aes128-ctr,aes192-ctr,aes256-ctr,rijndael-cbc@lysator.li
u.se,3des-cbc,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour]

debug3: cipher ok: aes192-ctr [aes256-cbc,aes192-cbc,aes128-cbc,aes128-ctr,aes192-ctr,aes256-ctr,rijndael-cbc@lysator.li
u.se,3des-cbc,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour]

debug3: cipher ok: aes256-ctr [aes256-cbc,aes192-cbc,aes128-cbc,aes128-ctr,aes192-ctr,aes256-ctr,rijndael-cbc@lysator.li
u.se,3des-cbc,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour]

debug3: cipher ok: rijndael-cbc@lysator.liu.se [aes256-cbc,aes192-cbc,aes128-cbc,aes128-ctr,aes192-ctr,aes256-ctr,rijnda
el-cbc@lysator.liu.se,3des-cbc,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour]

debug3: cipher ok: 3des-cbc [aes256-cbc,aes192-cbc,aes128-cbc,aes128-ctr,aes192-ctr,aes256-ctr,rijndael-cbc@lysator.liu.
se,3des-cbc,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour]

debug3: cipher ok: arcfour128 [aes256-cbc,aes192-cbc,aes128-cbc,aes128-ctr,aes192-ctr,aes256-ctr,rijndael-cbc@lysator.li
u.se,3des-cbc,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour]

debug3: cipher ok: arcfour256 [aes256-cbc,aes192-cbc,aes128-cbc,aes128-ctr,aes192-ctr,aes256-ctr,rijndael-cbc@lysator.li
u.se,3des-cbc,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour]

debug3: cipher ok: blowfish-cbc [aes256-cbc,aes192-cbc,aes128-cbc,aes128-ctr,aes192-ctr,aes256-ctr,rijndael-cbc@lysator.
liu.se,3des-cbc,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour]

debug3: cipher ok: cast128-cbc [aes256-cbc,aes192-cbc,aes128-cbc,aes128-ctr,aes192-ctr,aes256-ctr,rijndael-cbc@lysator.l
iu.se,3des-cbc,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour]

debug3: cipher ok: arcfour [aes256-cbc,aes192-cbc,aes128-cbc,aes128-ctr,aes192-ctr,aes256-ctr,rijndael-cbc@lysator.liu.s
e,3des-cbc,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour]

debug3: ciphers ok: [aes256-cbc,aes192-cbc,aes128-cbc,aes128-ctr,aes192-ctr,aes256-ctr,rijndael-cbc@lysator.liu.se,3des-
cbc,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour]

debug2: mac_setup: found hmac-sha2-256

debug3: mac ok: hmac-sha2-256 [hmac-sha2-256,hmac-sha2-512]

debug2: mac_setup: found hmac-sha2-512

debug3: mac ok: hmac-sha2-512 [hmac-sha2-256,hmac-sha2-512]

debug3: macs ok: [hmac-sha2-256,hmac-sha2-512]

debug1: Reading configuration data /etc/ssh/zos_ssh_config

debug3: setUseZEDC: 0

debug1: zsshSmfSetConnSmfStatus: SMF status is 0

debug2: ssh_connect: needpriv 0

debug1: Connecting to 10.13.98.98 [10.13.98.98] port 22.

debug2: fd 3 setting O_NONBLOCK

debug1: fd 3 clearing O_NONBLOCK

debug1: Connection established.

debug1: cipher_init: none from source OpenSSL, used in non-FIPS mode

debug1: cipher_init: none from source OpenSSL, used in non-FIPS mode

debug3: timeout: 59999 ms remain after connect

debug1: permanently_set_uid: 0/1

debug3: zsshGetpw: passwd name=TSOSPCC, uid=0, gid=1, dir=/, shell=/bin/sh

debug3: Incorrect RSA1 identifier

debug3: Could not load "/etc/ssh/id_rsa.pub" as a RSA1 public key

debug1: identity file /etc/ssh/id_rsa.pub type 1

debug1: identity file /etc/ssh/id_rsa.pub-cert type -1

debug3: Incorrect RSA1 identifier

debug3: Could not load "/etc/ssh/id_dsa.pub" as a RSA1 public key

debug1: identity file /etc/ssh/id_dsa.pub type 2

debug1: identity file /etc/ssh/id_dsa.pub-cert type -1

debug1: Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_6.4

debug1: Remote protocol version 2.0, remote software version Sun_SSH_1.1.9

debug1: no match: Sun_SSH_1.1.9

debug2: fd 3 setting O_NONBLOCK

debug3: load_hostkeys: loading entries for host "10.13.98.98" from file "/.ssh/known_hosts"

debug3: load_hostkeys: found key type RSA in file /.ssh/known_hosts:11

debug3: load_hostkeys: loaded 1 keys

debug3: load_hostkeys: loading entries for host "10.13.98.98" from file "/etc/ssh/ssh_known_hosts"

debug3: load_hostkeys: loaded 0 keys

debug3: order_hostkeyalgs: prefer hostkeyalgs: ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-rsa

debug1: SSH2_MSG_KEXINIT sent

debug1: SSH2_MSG_KEXINIT received

debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,diffie-hellman-group-exchange-sha256
,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

debug2: kex_parse_kexinit: ssh-rsa-cert-v01@openssh.com,ssh-rsa-cert-v00@openssh.com,ssh-rsa,ecdsa-sha2-nistp256-cert-v0
1@openssh.com,ecdsa-sha2-nistp384-cert-v01@openssh.com,ecdsa-sha2-nistp521-cert-v01@openssh.com,ssh-dss-cert-v01@openssh
.com,ssh-dss-ce
rt-v00@openssh.com,ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,ssh-dss

debug2: kex_parse_kexinit: aes256-cbc,aes192-cbc,aes128-cbc,aes128-ctr,aes192-ctr,aes256-ctr,rijndael-cbc@lysator.liu.se
,3des-cbc,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour

debug2: kex_parse_kexinit: aes256-cbc,aes192-cbc,aes128-cbc,aes128-ctr,aes192-ctr,aes256-ctr,rijndael-cbc@lysator.liu.se
,3des-cbc,arcfour128,arcfour256,blowfish-cbc,cast128-cbc,arcfour

debug2: kex_parse_kexinit: hmac-sha2-256,hmac-sha2-512

debug2: kex_parse_kexinit: hmac-sha2-256,hmac-sha2-512

debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib

debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit:

debug2: kex_parse_kexinit: first_kex_follows 0

debug2: kex_parse_kexinit: reserved 0

debug2: kex_parse_kexinit: gss-group1-sha1-toWM5Slw5Ew8Mqkay+al2g==,diffie-hellman-group-exchange-sha256,diffie-hellman-
group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1

debug2: kex_parse_kexinit: ssh-rsa,ssh-dss

debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour

debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour

debug2: kex_parse_kexinit: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5
,hmac-md5-96

debug2: kex_parse_kexinit: hmac-sha2-256,hmac-sha2-512,hmac-sha1,hmac-sha2-256-96,hmac-sha2-512-96,hmac-sha1-96,hmac-md5
,hmac-md5-96

debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib

debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib

debug2: kex_parse_kexinit: af-ZA,ar-EG,ar-SA,bg-BG,bn-IN,ca-ES,cs-CZ,da-DK,de,de-AT,de-CH,de-DE,de-LU,el-CY,el-GR,en-AU,
en-CA,en-GB,en-IE,en-IN,en-MT,en-NZ,en-SG,en-US,es,es-AR,es-BO,es-CL,es-CO,es-CR,es-EC,es-ES,es-GT,es-MX,es-NI,es-PA,es-
PE,es-PY,es-SV,
es-UY,es-VE,et-EE,fi-FI,fr,fr-BE,fr-CA,fr-CH,fr-FR,fr-LU,gu-IN,he-IL,hi-IN,hr-HR,hu-HU,id-ID,is-IS,it,it-IT,ja-JP,kk-KZ,
kn-IN,ko,ko-KR,lt-LT,lv-LV,mk-MK,mr-IN,ms-MY,mt-MT,nb-NO,nl-BE,nl-NL,nn-NO,pl,pl-PL,pt-BR,pt-PT,ro-RO,ru,ru-RU,sh-BA,sk-
SK,sl-SI,sq-AL,
sr-CS,sv,sv-SE,ta-IN,te-IN,th-TH,tr-TR,uk-UA,zh,zh-CN,zh-HK,zh-SG,zh-TW,ar,ca,cz,da,el,et,fi,he,hu,ja,lt,lv,nl,no,no-NO,
no-NY,nr,pt,sr-SP,sr-YU,th,tr,i-default

debug2: kex_parse_kexinit: af-ZA,ar-EG,ar-SA,bg-BG,bn-IN,ca-ES,cs-CZ,da-DK,de,de-AT,de-CH,de-DE,de-LU,el-CY,el-GR,en-AU,
en-CA,en-GB,en-IE,en-IN,en-MT,en-NZ,en-SG,en-US,es,es-AR,es-BO,es-CL,es-CO,es-CR,es-EC,es-ES,es-GT,es-MX,es-NI,es-PA,es-
PE,es-PY,es-SV,
es-UY,es-VE,et-EE,fi-FI,fr,fr-BE,fr-CA,fr-CH,fr-FR,fr-LU,gu-IN,he-IL,hi-IN,hr-HR,hu-HU,id-ID,is-IS,it,it-IT,ja-JP,kk-KZ,
kn-IN,ko,ko-KR,lt-LT,lv-LV,mk-MK,mr-IN,ms-MY,mt-MT,nb-NO,nl-BE,nl-NL,nn-NO,pl,pl-PL,pt-BR,pt-PT,ro-RO,ru,ru-RU,sh-BA,sk-
SK,sl-SI,sq-AL,
sr-CS,sv,sv-SE,ta-IN,te-IN,th-TH,tr-TR,uk-UA,zh,zh-CN,zh-HK,zh-SG,zh-TW,ar,ca,cz,da,el,et,fi,he,hu,ja,lt,lv,nl,no,no-NO,
no-NY,nr,pt,sr-SP,sr-YU,th,tr,i-default

debug2: kex_parse_kexinit: first_kex_follows 0

debug2: kex_parse_kexinit: reserved 0

debug1: mac_setup_by_alg: hmac-sha2-256 from source OpenSSL, used in non-FIPS mode

debug2: mac_setup: found hmac-sha2-256

debug1: kex: server->client aes128-ctr hmac-sha2-256 none

debug1: mac_setup_by_alg: hmac-sha2-256 from source OpenSSL, used in non-FIPS mode

debug2: mac_setup: found hmac-sha2-256

debug1: kex: client->server aes128-ctr hmac-sha2-256 none

debug1: choose_kex: diffie-hellman-group-exchange-sha256 from source OpenSSL, used in non-FIPS mode

debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<4096<8192) sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP

debug2: dh_gen_key: priv key bits set: 265/512

debug2: bits set: 2061/4095

debug1: SSH2_MSG_KEX_DH_GEX_INIT sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY

debug1: Server host key: RSA MD5 fp b3:1e:ea:55:3a:2b:8e:a7:36:d1:9f:83:d0:7a:39:32

debug3: load_hostkeys: loading entries for host "10.13.98.98" from file "/.ssh/known_hosts"

debug3: load_hostkeys: found key type RSA in file /.ssh/known_hosts:11

debug3: load_hostkeys: loaded 1 keys

debug3: load_hostkeys: loading entries for host "10.13.98.98" from file "/etc/ssh/ssh_known_hosts"

debug3: load_hostkeys: loaded 0 keys

debug1: Host '10.13.98.98' is known and matches the RSA host key.

debug1: Found key in /.ssh/known_hosts:11

debug2: bits set: 2047/4095

debug1: ssh_rsa_verify: signature correct

debug2: kex_derive_keys

debug2: set_newkeys: mode 1

debug1: cipher_init: aes128-ctr from source OpenSSL, used in non-FIPS mode

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug2: set_newkeys: mode 0

debug1: cipher_init: aes128-ctr from source OpenSSL, used in non-FIPS mode

debug1: SSH2_MSG_NEWKEYS received

debug1: SSH2_MSG_SERVICE_REQUEST sent

debug2: service_accept: ssh-userauth

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug2: key: /etc/ssh/id_rsa.pub (1AEF8E10), explicit

debug2: key: /etc/ssh/id_dsa.pub (1AF05D68), explicit

debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive

debug3: start over, passed a different list gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive

debug3: preferred password

debug3: authmethod_lookup password

debug3: remaining preferred:

debug3: authmethod_is_enabled password

debug1: Next authentication method: password

debug1: read_passphrase: can't open /dev/tty: EDC5128I No such device. (errno2=0x056201A9)

debug1: permanently_drop_suid: 0

/usr/local/coz621/bin/read_passwd_dsn.sh prompt: "NJSFTPD@10.13.98.98's password: "
fromdsn(TSOSPCC.UTIL.JCL(NJSFTPD))[N]: 1 records/80 bytes read; 81 bytes written in 0.001 seconds (79.102 KBytes/sec).
debug3: packet_send2: adding 64 (len 60 padlen 4 extra_pad 64)

debug2: we sent a password packet, wait for reply

debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive

debug3: __catgets: NLS setup complete (1), using message catalog openssh.cat

FOTS1346 Permission denied, please try again.

debug1: read_passphrase: can't open /dev/tty: EDC5128I No such device. (errno2=0x056201A9)

debug1: permanently_drop_suid: 0

/usr/local/coz621/bin/read_passwd_dsn.sh prompt: "NJSFTPD@10.13.98.98's password: "
fromdsn(TSOSPCC.UTIL.JCL(NJSFTPD))[N]: 1 records/80 bytes read; 81 bytes written in 0.001 seconds (79.102 KBytes/sec).
debug3: packet_send2: adding 64 (len 60 padlen 4 extra_pad 64)

debug2: we sent a password packet, wait for reply

debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive

debug3: __catgets: NLS setup complete (1), using message catalog openssh.cat

FOTS1346 Permission denied, please try again.

debug1: read_passphrase: can't open /dev/tty: EDC5128I No such device. (errno2=0x056201A9)

debug1: permanently_drop_suid: 0

/usr/local/coz621/bin/read_passwd_dsn.sh prompt: "NJSFTPD@10.13.98.98's password: "
fromdsn(TSOSPCC.UTIL.JCL(NJSFTPD))[N]: 1 records/80 bytes read; 81 bytes written in 0.001 seconds (79.102 KBytes/sec).
debug3: packet_send2: adding 64 (len 60 padlen 4 extra_pad 64)

debug2: we sent a password packet, wait for reply

debug1: Authentications that can continue: gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive

debug2: we did not send a packet, disable method

debug1: No more authentication methods to try.

debug3: __catgets: NLS setup complete (1), using message catalog openssh.cat

FOTS1373 Permission denied (gssapi-keyex,gssapi-with-mic,publickey,password,keyboard-interactive).


Connection closed.
[04:49:03.606068] Connection closed

[04:49:03.606157] debug1: _zos_exit(255): SSH failed to start connection (12)

CoZBatch: returning rc=exitcode=12
ChuckCottrell
Posts: 4
Joined: Wed Oct 13, 2021 8:31 am

Re: Permission Denied

Post by ChuckCottrell »

Fixed
Post Reply