Overcome 8-character user profile limit in SSH for IBM i
[UPDATE April 2021: The 8-character limitation was removed by default in IBM i 7.4. Earlier releases require the PASE_USRGRP_LIMITED setting. We’ve updated this post to reflect these changes]
In IBM i releases before 7.4, IBM i’s Secure Shell (SSH) rejected connection attempts from user profiles longer than eight (8) characters. When long user profiles are rejected, error messages will vary, but Eclipse-based editors, for example, will show “Failed to connect sshd on “<some ip address>.”
In that case, to permit user profiles longer than 8 characters, you can adjust PASE_USRGRP_LIMITED like so:
- IBM i 7.2, 7.3:
- Edit the file /QOpenSys/QIBM/UserData/SC1/OpenSSH/etc/sshd_config
- Add a new line containing
ibmpaseforienv PASE_USRGRP_LIMITED=N
- IBM i 7.4: supports long user profiles in SSH by default.
To apply your changes, end and then start the SSH server, like so:
|
1 2 |
ENDTCPSVR SERVER(*SSHD) STRTCPSVR SERVER(*SSHD) |
For more details about configuring SSH, see How to Configure and Use SSH on IBM i.
Hello Alan
I also did a test and it didn’t work, finally add an environment variable and this worked.
Glad you eventually got it working.
Hi Alan I am trying to test this configuration on my box with IBM i 7.3 and it is not working, does this new line have to go in a specific place in the configuration file?
Hi, Leonardo, there’s no specfic place, but the new line can be added to the end of the file. I did this successfully just last week. Did you remember to end and restart the *SSHD server afterward?