General Page
Flash System firmware 8.7.0.0 disconnects the toolkit after negotiating the ciphers.
Firmware level 8.7.0.0 removed a number of insecure ciphers but also introduced an error causing the toolkit ssh client to disconnect.
For clients who must be on 8.7.0.0, the current resolution is to upgrade to toolkit version 5.2 which uses REST API's rather than sss (RUNSVCCMD still uses ssh and is affected at all releases).
Run this command in QSH to verify the problem (replace ip, user and pwd as appropriate):
java -classpath /QIBM/Qzrdhasm/ssh/RunSshTunnel.jar:/QIBM/Qzrdhasm/ssh/jsch-0.1.55.jar com.ibm.ctc.ssh.RunSshTunnel ip user pwd /tmp/dummyfilename /tmp/debug
The output near the end will include the following:
05:43:29.529 INFO: kex: server->client aes128-ctr hmac-sha2-256 none
05:43:29.530 INFO: kex: client->server aes128-ctr hmac-sha2-256 none
05:43:29.531 INFO: SSH_MSG_KEX_ECDH_INIT sent
05:43:29.532 INFO: expecting SSH_MSG_KEX_ECDH_REPLY
05:43:29.534 INFO: Disconnecting from nnn.nnn.nnn.nnn port 22
After negotiating ciphers the Flash System disconnects the toolkit, a communications trace indicates the disconnect is initiated by Flash Systems.
[{"Type":"MASTER","Line of Business":{"code":"LOB68","label":"Power HW"},"Business Unit":{"code":"BU070","label":"IBM Infrastructure"},"Product":{"code":"SWG60","label":"IBM i"},"ARM Category":[{"code":"a8m0z000000cxy9AAA","label":"High Availability-\u003EFull System Flash Copy"}],"ARM Case Number":"","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
09 July 2024
UID
ibm17159845