SQL/MP and -Wsqlconnect=secure-err

[Randall]

Hi All,

I wonder whether anyone has experience running the SQL/MP preprocessor from NSDEE/Cygwin over an SSH connection. If you are using a straight Makefile build (not managed), what is required to make this happen. I've been trolling the C SQL/MP Programming Manual looking for information on this, but no luck. Does this still use the portmapper, but tunnels to it or is there some other magic involved. I can't anywhere that a keypair is defined (outside of ECLIPSE) that might be usable from Cygwin. Any wisdom/experience out there?

(Note: Using SQL/MP is not my choice in this situation).

Regards,
Randall

[red floyd]

I created a managed makefile to see what it was doing, and then
cut&pasted for my regular makefile.

[Pierre]

Hi Randall,

Hope you are doing well!

I tested this for HPE a few years ago using SSH and I'm sure it used to work at that time. I think it was NSDEE 6 or so going to a H/J series. No, it does not use portmapper any more. There is a module you would need running on the NonStop though.

HPE is using their own SSH module inside NSDEE for some unknown reason. There you can only specify the IP and port (no cipher/mac) as options. I tested with usr/pwd and maybe PKI too, can't remember.

Also I'm sure that the lasted NSDEE allowed you to turn on some form of tracing and then you can actually see the flow of the SSH connection protocol and the same from the SSH daemon log file on the NonStop. Just look for the errors.

You should really build a relationship with a support NSDEE person at HPE to assist, because to contrary popular belief, they have actually became very helpful and knowledgeable lately.

Best,
Pierre

[Randall]

Thanks Pierre. The Makefile trick was interesting and at least tried to establish a connection. Sadly, I'm trying to do this through Jenkins pipelines, and the mechanism appears to require a GUI to input the passphrase. I used to have contacts within the NSDEE group, but they all retired.

Jenkins pipelines use ssh-agent to pass in credentials rather than getting them through ECLIPSE. It's pretty slick but not compatible, from what I can tell, with the nsdee-auth.exe program. I guess no one counted on that as a use case.

Cheers,
Randall

[dave....@gmail.com]

For what it's worth... running NSDEE 5.0, using the SSH/SFTP connection, SQL/MP requires I start a portmapper, uses SSH/FTP Port 22, Use public key encryption is unchecked, Check for known hosts is checked and my hosts are listed in the known_hosts file with what looks like a key (although how they got there I haven't a clue ;-D ).

Dave

[Randall]

Jenkins uses ssh-agent to get the credentials through to the connection. It seems like the NSDEE infrastructure does not support that (although there is a possibility of MacGyvering it I suppose). Technically, I should already have a secure channel to the NonStop and might be able to get to the portmapper - the problem is the broker channel can't be tunneled if it's hiding.

[Bill Honaker]

Pierre,

I'm not sure that NSDEE (or the Eclipse Plugins) are part of this discussion. This feature is inside the c89.exe and nmcobol.exe programs run from the command line
(the 'Cross Compiler' products) and as such can be run without Eclipse running. I don't know if the NSDEE support team is the right resource, it would be the Compilers team, right?

Bill

[Randall]

The difficulty with using ssh-agent is that it logs you on to the NonStop and runs whatever command there. This rather defeats the point of running c89.exe. One possibility in Jenkins (which does not really work under Windows sadly) is to pass a userid/password pair to the build script. This might get past the issue, if I could get Jenkins to actually work that way. The only effective way in to a Windows build machine seems to be OpenSSH, and by then, it's a bit late.