| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
| MS0P Administered Servers Certificate Store |
« View previous topic :: View next topic » |
| Author |
Message
|
| LouML |
 Posted: Thu Dec 04, 2014 5:49 am Post subject: |
 |
|
Partisan
Joined: 10 Nov 2005
Posts: 305
Location: Jersey City, NJ / Bethpage, NY
|
Finally getting time to try to use the Administered Servers feature of MS0P with SSH certificates again. Still no progress.
To recap with updated info:
Running MQ Explorer 8.0.0.0 with MS0P 7.2 from a Windows 7 Pro desktop. Trying to connect to a Linux RedHat server running MQ Server 8.0.0.1.
I created a certificate on my Windows 7 desktop which is stored locally in a file called Windows7Desktop.ppk.
I’ve copied the certificate to the authorized_keys file on the Linux MQ server.
I’ve tested that it works by doing an SFTP from my Windows desktop command line and I’m able to connect to the MQ Server as the mqm userid.
I've also tested it using WinSCP (which uses the Windows7Desktop.ppk file) with a passphrase and it works successfully. I see the following in the /var/log/secure file on the Linux server:
| Code: |
Dec 4 08:36:33 mqm3d sshd[8276]: pam_vas: Authentication <succeeded passwordless> for <Active Directory> user: <mqm> account: <mqm3d_mqm_svc@AD.MYCOMPANY.COM> service: <sshd> reason: <N/A> Access Control Identifier(NT Name):<MYCOMPANY\mqm3d_mqm_svc>
Dec 4 08:36:33 mqm3d sshd[8276]: Accepted publickey for mqm from 10.123.149.129 port 63358 ssh2
Dec 4 08:36:33 mqm3d sshd[8276]: pam_unix(sshd:session): session opened for user mqm by (uid=0) |
When I try it with MS0P, I do not see anything in this log. I see the following in the MS0P.txt log:
| Code: |
08:41:51 [main] admin ServerActions (startSession) ra is null
08:41:56 [main] admin Server (constructor)
08:41:56 [main] admin ServerExtObject (constructor 1) null
08:41:56 [main] admin ServerExtObject (constructor 2)
08:41:56 [main] admin AccessMethod (prepareToStartSession)
08:41:56 [main] admin ServerActions (startSession) Protocol Length = 1
08:41:56 [main] admin AccessMethod (tryToStartSession)
java.net.ConnectException: CTGRI0001E The application could not establish a connection to mqm3d.
using SSH
08:41:56 [main] admin StatusReport (constructor)
08:41:56 [main] admin StatusReport (issueReport) sev=0
08:41:56 [main] admin StatusReport (issueReport) have a parent
08:41:58 [main] admin ServerActions (startSession) ra is null |
The following is what I use to add an administered server and it fails with ‘Cannot establish session with server mqm3d using SSH’
| Code: |
Server: mqm3d
User Name: mqm
Password/Passphrase: ************************
Preferred Protocol: SSH
SSH Certificate Store: C:\Program Files (x86)\IBM\WebSphere MQ Explorer\ssl\Windows7Desktop.ppk |
Has ANYONE got this to work?
_________________
Yeah, well, you know, that's just, like, your opinion, man. - The Dude |
|
| Back to top |
|
 |
| mqjeff |
| Posted: Thu Dec 04, 2014 6:46 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| LouML wrote: |
| Has ANYONE got this to work? |
I'm *reasonably* sure that the author of MS0P has gotten this to work...
It sounds like one of two things: either MQExplorer can't find the ssh keyring, or MQExplorer doesn't support the cipherspec that your ssh server is using.
You might double-check the documentation for MS0P and see if there's further information about enabling debug or trace or etc.
MQExplorer itself can be traced usign strmqtrc. And the eclipse backend can be traced using the eclipse debug options. How much of either tracing mechanism MS0P uses for it's own functions is an unknown, to me at least. |
|
| Back to top |
|
|
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
