OpenSSH on IBM i (AS400) – some hints

Estimated reading time: 2 mins

Table of contents

1
RSTLICPGM LICPGM(5733SC1) DEV(OPTxx) OPTION(33) RSTOBJ(*PGM)
1
2
RSTLICPGM LICPGM(5733SC1) DEV(OPTxx) OPTION(*BASE) RSTOBJ(*ALL) LNG(2924)
RSTLICPGM LICPGM(5733SC1) DEV(OPTxx) OPTION(1) RSTOBJ(*PGM)
1
2
STRQSH or 
CALL QP2TERM 
1
2
3
For V5.4: WRKLNK OBJ('/QOpenSys/QIBM/UserData/SC1/OpenSSH/openssh-3.5p1/etc/*') DETAIL(*EXTENDED) DSPOPT(*ALL) 
For V6.1: WRKLNK OBJ('/QOpenSys/QIBM/UserData/SC1/OpenSSH/openssh-3.8.1p1/etc/*') 
For V7.1: WRKLNK OBJ('/QOpenSys/QIBM/UserData/SC1/OpenSSH/openssh-4.7p1/etc/*')

After the first call of WRKLNK the DETAIL and DSPOPT parameter doesn't have to be specified anymore. If you are more familiar with vi use this commands…

1
2
EDTF '/QOpenSys/QIBM/UserData/SC1/OpenSSH/openssh-3.5p1/etc/* or
CALL QP2TERM <Enter> and vi 
1
STRTCPSVR SERVER(*SSHD)

At V5.4 there is some more work, with QSECOFR or a user with following prerequisites, is to be done…

1
2
3
ssh-keygen -t rsa1 -f /QOpenSys/QIBM/UserData/SC1/OpenSSH/openssh-3.5p1/etc/ssh_host_key -N ""
ssh-keygen -t dsa -f /QOpenSys/QIBM/UserData/SC1/OpenSSH/openssh-3.5p1/etc/ssh_host_dsa_key -N ""
ssh-keygen -t rsa -f /QOpenSys/QIBM/UserData/SC1/OpenSSH/openssh-3.5p1/etc/ssh_host_rsa_key -N ""

Start the sshd daemon within the same job…

1
QSH CMD ('/QOpenSys/usr/sbin/sshd')

or in a new job using PASE shell

1
/usr/sbin/sshd &
or in a new job useing CL

1
SBMJOB CMD(CALL PGM(QP2SHELL) PARM('/QOpenSys/usr/sbin/sshd'))

For Autostart contact you AS400 SysAdmin to plan a Scheduler Entry (WRKJOBSCDE) with QSECOFR Profile in order to be sure that all thinks will run.

1
ENDTCPSVR SERVER(*SSHD)

In V5.4 you may find the running job and ‘kill’ it…

1
WRKUSRJOB USER(QSECOFR) STATUS(*ACTIVE)

and stop the job using selection 4 ending for the Job with the function PGM-sshd. If more than one job is listed, then there are active connections to you system.

1
2
3
RSAAuthentication yes                   
PubkeyAuthentication yes                
AuthorizedKeysFile .ssh/authorized_keys 

Generate keys and exchange them on user basis as on any other linux/unix based system. Be aware that public key authentication will not work if public (write) authority is set to some directories or files … just read on.

Posted on: Fri, 21 Apr 2017 22:02:12 +0200 by Markus Neuhold
  • IBM
  • PASE
  • IBM i (AS/400) SysAdmin since 1997, Linux fanboy and loving open source, docker and all about tech and science.