March 1, 2021Rob McNelly
OpenSSH: Configuring Server / Client(IBM Software Knowledge Base) OpenSSH: How to Stop SSH from Creating Thousands of Job Logs: Securing Communications with OpenSSH on IBM i5/OS: IBM i5/OS Network Security Scenarios A Practical Approach: Using chroot on the System i to Restrict ssh, sftp, and scp to Specific Directories: Changing the Default. IBM i (AS/400) SysAdmin since 1997, Linux fanboy and loving open source, docker and all about tech and science. OpenSSH is a secure, reliable, and resilient implementation of SSH for secure data transfer that is backed by IBM and a worldwide community of users and developers. Our Alliance FTP Manager solution fully integrates with the IBM i OpenSSH application for secure, automated and managed file transfer.
I enjoy reading about IBM i Fresh Faces. Sure, it’s refreshing to see that it’s not just graybeards like me who are working on the platform, but what really matters is that young people are learning about, getting hands-on with, and coming to love IBM i. I appreciate that many of these stories revolve around system/application modernization and open source solutions. This gives newcomers to IBM i a degree of comfort by reducing their learning curve.
Learning any new technology is challenging. Specifically, how do you go from learning about the concepts to actually getting on a machine and discovering what it can do? Of course, this is compounded in the world of IBM Power Systems hardware, where system access is often tough to come by for students and hobbyists. But for now, I’d like to provide some guidance for those newcomers who have access but aren’t sure where to start.
Recently I took note of a Webex replay on IBM i Access Client Solutions (ACS). I assumed that interested readers would all have a basic understanding of ACS — but that wasn’t the case. Shortly after this article was posted, I was asked how to actually get started using the tool. So let’s back up a bit. If you’re new to IBM i, or ACS specifically, register at IBM.com. You’ll need an ID to be able to access certain educational and technical documents, like this download page for ACS.
Ibm I Ssh Log
Once you’re logged in, you’ll see this page:
Check “I agree,” then click “I confirm.” This brings you to the page where you can actually download the code.
I selected the IBM i Access Client Solutions file (the top of this list) and downloaded it. I unzipped the file and it installed on the Windows machine I was using.
I tried to run it, but I didn’t have Java installed. There are many ways to get Java; I followed this tutorial.
I installed the code and set up my Environment Variables as instructed.
I verified that Java was installed by running:
java –version
I got back:
openjdk version “11” 2018-09-25
OpenJDK Runtime Environment 18.9 (build 11+28)
OpenJDK 64-Bit Server VM 18.9 (build 11+28, mixed mode)
After that it was a simple matter of clicking on the ACS icon and starting the app.
Ibm I Ssh Key
Again, I’m assuming you have the IP address and userid/password information of a system you can log on to. Like this:
If you cannot read the screen shot above, it says:
“Welcome to IBM i Access Client Solutions
IBM i Access Client Solutions provides a platform independent interface which consolidates the most common tasks for using and managing your IBM i system. Additional information about each task is available by either moving the cursor over the task or by using the tab and arrow keys to navigate between groups and tasks. To select a task, click on the task or use the tab and arrow keys to navigate to a task and then press the enter key.”
To get started, add a system configuration for each IBM i system you want to use or manage. Do this by selecting System Configurations from the Management tasks.
As the instructions state, toward the bottom of the list there’s the “Management” section. The first item within that section is “System Configurations.”
Again, if you cannot read that text:
System Configurations provides an interface to create and manage system configurations for your IBM i systems. Use this task to create the system configuration for each IBM i system you plan to use or manage. System Configurations supports:
- creating new system configurations
- changing preferences (such as SSL or password prompting) for existing system configurations
- adding a console configuration to an existing system configuration or locating a console for a new system
Use this task to create system configurations prior to using some other tasks.
I clicked New, entered my system name, and clicked on the connection tab. I instructed it to always prompt for a username and password. I also specified an IP address rather than have it look one up.
I returned to the general tab and verified the connection. This is what I saw:
Ibm I Ssh Config File
Because I hadn’t installed ssh on the IBM i system, the ssh service failed to connect.
Back to ACS I went. In the top section, labeled “General,” I was able to click on 5250 emulator.
This brought up a green screen.
I entered my user ID and password.
This brought up another green screen where I could log into the system.
From here I went to Define or Change the System (number 7 in the screen shot above), then to Work with Licensed Programs (option 2, below).
I chose option 11 Install licensed programs. Install macos catalina on virtualbox.
Now I could search for the software I wanted. Again, more assumptions: at this point you need either to know how to install software, or have someone do it for you. You also need the appropriate install media. The ability to determine which software is on which DVD would also help. Googling “openssh IBM i” led me to this link.
I checked my system and found that I needed to install 5773SC1 (below).
To determine which DVD I needed, I searched for “ibm i media labels and contents 7.4,” which returned a doc labeled GI1199350.pdf. The “Media labels and their contents” document points you to the DVD with the software you need to install. Multiple tables in the doc help you determine which of the five DVDs you’ll need to load the software from. The one I wanted was B_groupx_04.
More assumptions: I’m assuming you know how to load a DVD on your system. Whether you need to physically load media into a DVD or you’re managing your system virtually, it’s important to know how you’ll install the code.
In my case I was using VIOS, so I needed to make sure the DVD was available in my virtual media repository. Then I needed to map it so that my IBM i client LPAR could use it. With the screen shots below, I’m assuming you’re familiar with HMC and the VIO interfaces. Install snow leopard from usb. Obviously your mileage may vary.
I selected my VIO servers.
Once I was able to see the VIO servers, I clicked on the media repository view.
I chose VIOS2, the server with the media repository.
After I selected it, then I selected “Manage Virtual Storage.”
This brought up the list of media. I chose the DVD I needed.
After selecting it, I modified the partition assignment, linking it to the LPAR I needed.
Then I logged into my 5250 terminal. I returned to the “Install Licensed Programs” option.
I added it to the list of products.
I selected opt01, Programs and language objects.
Once it was installed, I was able to start sshd.
At this point, ssh was running.
My ACS setup was complete. Now I could choose either to continue using my 5250 emulator or try to open an ssh terminal. This option is located in the General section, second from the end of the list.
My system already had putty loaded, so I was able to start my session with a simple click of “SSH Terminal.” Upgrade from lion to high sierra.
SSH Terminal launches an already installed SSH client (terminal emulator). With an SSH terminal, it’s easy to run IBM i commands, invoke things in the Portable Application Solutions Environment (PASE), and access open source tools and technologies (e.g. Python, Node.js, Git, etc.).
If you receive a connection error within the launched SSH client (e.g., ”connection refused”) or if a window pops up but immediately vanishes, you may need to start the SSH daemon by running this CL command:
I appreciate that ACS provides context-sensitive help. In this case it let me know which product I needed to install and how to start sshd once it was installed.
With this access, you can login and get started. In future articles I’ll share more how-to information for newcomers to IBM i.
Ibm I Sshd Server
Rob McNelly is a senior Power Systems solutions architect doing pre-sales and post-sales support for Meridian IT, headquartered in Deerfield, Illinois. McNelly was a technical editor for IBM Systems Magazine, and a former administrator within IBM’s Integrated Technology Delivery and Server Operations division. Prior to working for IBM, McNelly was an OS/400 and IBM i operator for many years for multiple companies. McNelly was named an IBM Champion for Power Systems in 2011, an IBM Champion Lifetime Achievement recipient in 2019, and can be reached at rob.mcnelly@gmail.com.