SSH - Run Remote Commands on iSeries

Does anyone know if it is  possible  to submit a remote command on an iSeries server using SSH (sftp) using a different user than what is configured for SSH?

For example, if I wanted to make a change to a user profile, I would run this command:

CHGUSRPRF USRPRF(USERPROFILE) LMTCPB(*YES)

If I wanted to run that command as another user (called SUPERUSER) - I would run:

SBMJOB CMD(CHGUSRPRF USRPRF(USERPROFILE) LMTCPB(*YES)) JOB(SFTPCMD) USER(SUPERUSER)

Wondering if there is a way to submit the above command (using the SUPERUSER user profile) via SSH (with the cavaet that the SUPERUSER user profile is not the user configured for SFTP. The following code "should" work - but when it does it tells me I don't have access to the CHGUSRPRF command (which the SFTPUSER doesn't - but the SUPERUSER does)

SBMJOB CMD(QSH CMD('ssh -T sftpuser@servername ''system "SBMJOB CMD(CHGUSRPRF USRPRF(USERPROFILE) LMTCPB(*YES)) JOB(SFTPCMD) USER(SUPERUSER)" ''')) JOB(SFTPJOB) USER(SFTPUSER)

Hopefully that makes sense

I was just hoping to get around having to configure SFTP for the SUPERUSER if I didn't have to...

Any help would be appreciated.
LVL 1
Matthew RoessnerSenior Systems ProgrammerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Gary PattersonVP Technology / Senior Consultant Commented:
Basic process:

1) Create a CL program containing command (s) you want to execute with alternate authority.
2) Compile to run under *OWNER authority.  CRTCLPGM USER(*OWNER) or use CHGCLPGM USER(*OWNER) with existing program.
3) Change program owner (CHGOBJOWN) to a user with adequate authority to run the commands.

Then CALL or SBMJOB the CL through SSH.  COmmadn should run under authority of program owner, not current user.
Gary PattersonVP Technology / Senior Consultant Commented:
Also, note that for the mechanism that you demonstrated above to work, USER must have *USE rights to SUPERUSER's profile.  Which means that they can indirectly run anything that SUPERUSER can run.

Using adopted authority is safer, since the user can only run specific programs, and not any random command.
Matthew RoessnerSenior Systems ProgrammerAuthor Commented:
Yeah Gary - that would definitely work.  I was hoping to create a more dynamic process where I didn't have to create a CL. I was hoping to be able to create a script that I could call and just be able to change the command out - without needing to create and compile a program...
Matthew RoessnerSenior Systems ProgrammerAuthor Commented:
I will  likely have to do some sort of solution like Gary Patterson recommended...but ultimately isn't what I wanted to do. I was hoping to just run something like

SBMJOB CMD(QSH CMD('ssh -T sftpuser@servername ''system "SBMJOB CMD(CHGUSRPRF USRPRF(MYUSER) LMTCPB(*YES)) JOB(SFTPCMD) USER(SUPERUSER)" ''')) JOB(SFTPJOB) USER(SFTPUSER)

SFTPUSER is the user who has ssh keys assigned to it
But SFTPUSER doesn't have access to the CHGUSRPRF command - so I was hoping to submit a job (as SUPERUSER) using an elevated authority...

Not ideal but wasn't sure how else to do it.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
System Programming

From novice to tech pro — start learning today.