If you receive a "EDC8127I Connection timed out" trying to ssh to your Target system, ensure that the ssh daemon (sshd) is started on the target machine. Confirm that you can connect by starting a local ssh session: ssh -p <port> userid@localhost. If you can connect locally, ensure that your firewall is not blocking access to your designated ssh port.

Make sure that the Co:Z target toolkit has been downloaded and installed on the target system as described in the installation instructions. By default, the executables, including cozagent are installed in the directory /opt/dovetail/coz/bin. If the executables are installed in a different directory, set the agent-path property in your JCL to point explicitly to that alternate path.

This is likely due to not properly having the execute bit set on the Co:Z target executables. Locate the directory where they are installed and execute the following: chmod +x cozagent cozclient fromdsn todsn

Ensure that you have added the target system's host key to known_hosts of the userid running the Co:Z Launcher. This is discussed in the installation instructions, but a simple way to do this is to establish an ssh session with the target system from a USS command line and answer "yes" when prompted to add the host:

ZOS$ ssh user@68.255.253.94
The authenticity of host '68.255.253.94 (68.255.253.94)' can't be established.
RSA key fingerprint is 09:2c:46:23:56:4e:8f:15:ee:26:5a:12:ec:8d:3a:99.
Are you sure you want to continue connecting (yes/no)? yes
          

Usually due to an attempt to connect to a target server with a userid that doesn't have a keypair set up with the calling z/OS system. See the "Configure and test sshd" section in the Co:Z Target System Toolkits installation steps.

The z/OS Co:Z Launcher uses ssh to first launch the CoZAgent executable at the default path: /opt/dovetail/coz/bin/cozagent. CoZAgent then adds its own directory to the PATH before invoking the target program or shell.

This is sufficient on most Unix/Linux distributions, but some distributions such as SUSE have default login profiles that reconstruct the PATH variable from scratch, and lose this information when a new login shell is started. In these cases, you will need to update the login profile to include the /opt/dovetail/coz/bin directory

Assuming that your default shell is bash, here is an example that verifies that an existing PATH variable is not lost by a new login shell:

linux$ export PATH=foo:$PATH
linux$ bash --login
(a new shell)
linux$ echo $PATH
(check for the presence of "foo")
linux$ exit
          

If you find that your target distribution has this problem, you will need to update the /etc/profile file (or equivalent) to explicitly add the Co:Z binaries directory to the PATH.

This is likely due to /bin/ssh on z/OS not having the proper file attributes.

Verify that the setuid attribute ("s" bit) is not set for either the user or group and that the executable it is not APF authorized. Finally, the executable should be allowed to execute in the same address space as the caller. The following output shows the expected settings. If your settings are different, they will need to be corrected.

$ ls -al /bin/ssh
-rwxr-xr-x 2 XXXXXX YYYYYY 1531904 Mar 8 2007 /bin/ssh

$ extattr /bin/ssh
/bin/ssh
APF authorized = NO
Program controlled = NO
Shared address space = YES
Shared library = NO