Problem Starting SSHD Daemon

Resolving The Problem

Scenario One

The user is not able to start the SSHD Daemon with QSH CMD('/QOpenSys/usr/sbin/sshd') from the operating system command line. The user reported the following message:

qsh: 001-0014 Command QOpenSys/usr/sbin/sshd not found

The qsh: 001-0014 Command QOpenSys/usr/sbin/sshd not found message implies there was a typographical error in that command because there is no leading "/" in the pathname before QOpenSys in the error message.

Based on the error message, the user may have tried:

QSH CMD('QOpenSys/usr/sbin/sshd')

rather than the correct pathname that includes the leading "/":

QSH CMD('/QOpenSys/usr/sbin/sshd')

Scenario Two

The user uses the instructions in Section 2.3 Starting the sshd daemon in a dedicated subsystem environment of Redpaper Securing Communications with OpenSSH on IBM i5/OS. Step 4 creates a job description for the subystem autostart job entry using the following command:

CRTJOBD JOBD(SSHLIB/SSHJOBD) JOBQ(SSHLIB/SSHJOBQ) TEXT('Job description for SSH autostart') USER(SSHDUSR) RQSDTA('CALL PGM(QP2SHELl) + PARM(''/QOpenSys/usr/sbin/sshd")')

The user included the above CRTJOBD in a CL program. SSHD job ended with the following messages:

CALL pgm(QP2SHELL) parm("/QOpenSys/Usr/sbin/ssh")
CPDB9F1 OS/400 PASE program not found or in use. Path name is "/QOpenSys/Usr/sbin/sshd".
CPFB9C0 Error loading OS/400 PASE program "QOpenSys/Usr/sbin/sshd".

SSHD failed because the user uses double quotation marks to delimit the string in the CL command. The string constants in the CL CALL command must be delimited by single quotation marks. The correct syntax is:

CALL PGM(QP2SHELL) PARM('/QOpenSys/usr/sbin/sshd')

Note: The preferred way to start SSHD is using Qshell as in Rochester Support Center knowledgebase document New , Starting the OpenSSH Server (SSHD): .

QSH CMD('/QOpenSys/usr/sbin/sshd')

This is because the QSH command sets up file descriptors 0,1, and 2 correctly for the forked job processing that can occur within the sshd server. CALL PGM(QP2SHELL) does not set up descriptors 0,1, and 2 in this way and, therefore, can occasionally lead to strange or unpredictable results for commands run within ssh sessions (especially Java commands). An alternative to QSH is to use CALL PGM(QP2TERM) rather than CALL PGM(QP2SHELL). However, QP2TERM can be used only within an interactive job (rather than batch).

Note: Trying to start the OpenSSH server (SSHD) in System/36 environment will produce the following QSH error:

"qsh: 001-0014 Command /QOPENSYS/USR/SBIN/SSHD not found".

Executing CL commands to start the OpenSSH server should be run from the System i command line. Parts of the IFS path are case sensitive. Make sure the correct case is used when invoking the command.