Tag Archives: SSHD

Setting up SSH for IBMi #Gotchas

Tired of using CALL QP2TERM and STRQSH and trying to run SSH?  Here’s some tips that may help:

Connect to your IBMi via ssh client

ssh -X username@ibminame

After entering the password to your SSH connection to the IBMi if you get this error:
Permission denied, please try again.

You need to add the following to the end of sshd_config file because there’s an 8 character limit on username and password until this is in the sshd_config file

ibmpaseforienv PASE_USRGRP_LIMITED=N

Note: that if your username is longer than 8 characters it won’t display and instead “I have no name! ” will display

If you have bash installed you can set it as your default shell by adding this to sshd_config (How to setup bash)


ibmpaseforishell=/QOpenSys/opt/freeware/bin/bash
#or uncomment the line below if you want zshell
#ibmpaseforishell=/opt/freeware/bin/zsh

Note: The change above will globally effect all ssh connections. If your using chroot, the chrooted environment will need (/QOpenSys/opt/freeware/bin/bash) in its rooted directory or ssh will fail

Alternatively you can add this to your .profile in the home directory so that bash will automatically be started

if [ $? != 0 -a "$SHELL" != "/QOpenSys/usr/bin/bash" ]
then
exec /usr/bin/bash -login
fi

Setting up SSHD host on IBMi

1. Edit your ssh config and enable “ForwardX11 yes“. You can either edit via FTP, WRKLNK etc..  yes is case sensitive
/QOpenSys/QIBM/UserData/SC1/OpenSSH/openssh-4.7p1/etc/sshd_config

2. End and Start SSH on the IBMi run this command on the 5250. Note: the sshd_config is only loaded once when you start the server, so changes won’t get applied until a restart

ENDTCPSVR SERVER(*SSHD)
STRTCPSVR SERVER(*SSHD)

Ok, i’ve SSH’d into the IBMi  NOW What?  View what you can do w/ SSH on IBMi here!

Add this line to enable SFTP

Subsystem sftp /QOpenSys/QIBM/ProdData/SC1/OpenSSH/openssh-4.7p1/libexec/sftp-server

If you ever get the messages below it’s probably because SSH is not running

Connecting to USERNAME@MYIBMI…
Loading NaCl plugin… done.
ssh: connect to host MYIBMI port 22: Connection refused
NaCl plugin exited with status code 255.

References:

Man Page for SSHD with various settings you can use – https://www.freebsd.org/cgi/man.cgi?query=sshd_config&sektion=5

http://ibmsystemsmag.com/Blogs/i-Can/Archive/pase-twilight-zone-removing-more-myths-about-ibm-i/

https://support.zend.com/hc/en-us/articles/203738046-Studio-failed-to-connect-sshd-on-IBM-i-long-user-ID-or-password

http://yips.idevcloud.com/wiki/index.php/PASE/SSHSetup