General Page
Flash System firmware 8.7.0.0 disabled old TLS ciphers and algorithms, and Jsch does not support the new ones.
The Toolkit uses the Jsch implementation of SSH to programmatically communicate with Flash Systems and HMCs. However, as Jsch is no longer maintained, it does not support new ciphers and algorithms. Starting with firmware 8.7.0.0, Flash System requires the use of TLS v1.3, resulting in the Toolkit's inability to communicate with the Flash Systems newer firmware.
In version 5.2 the Toolkit has switched to use REST API's to bypass this issue, with the exception of RUNSVCCMD. Thus, controlling LPARs on 4.6 or users of RUNSVCCMD at 5.2, must install a fork of Jsch which supports TLS v1.3.
Note the following:
- The Jsch fork is open-source software
- It is not created, owned or reviewed by IBM
- You must do your own due diligence when using this software
The Jsch fork is here: https://github.com/mwiede/jsch
The bytecode (.jar) file is here: https://repo1.maven.org/maven2/com/github/mwiede/jsch/
To use the jar file:
- Upload the file to /QIBM/Qzrdhasm/ssh on the controllers
- Remove the link to the old jar file:
QSH CMD('rm /QIBM/Qzrdhasm/ssh/jsch.jar')
- Add a link to the new jar file:
QSH CMD('ln -s /QIBM/Qzrdhasm/ssh/jsch-0.2.18.jar /QIBM/Qzrdhasm/ssh/jsch.jar')
- Run CHKCSE or CHKFSFLASH.
[{"Type":"MASTER","Line of Business":{"code":"LOB68","label":"Power HW"},"Business Unit":{"code":"BU070","label":"IBM Infrastructure"},"Product":{"code":"SWG60","label":"IBM i"},"ARM Category":[{"code":"a8m0z000000cxy9AAA","label":"High Availability-\u003EFull System Flash Copy"}],"ARM Case Number":"","Platform":[{"code":"PF012","label":"IBM i"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
04 October 2024
UID
ibm17165103