HPE Community
Operating System - Tru64 Unix
1752693 Members
5824 Online
108789 Solutions
New Discussion юеВ

sftp from Tru64 to HP-UX 11.23

 
SOLVED
Go to solution
Cindy Ding
Occasional Contributor

тАО01-07-2009 04:23 PM

тАО01-07-2009 04:23 PM

sftp from Tru64 to HP-UX 11.23

Hi,

I'm having problem to sftp files from Tru64 to HP-UX 11.23 server without any password.

Where is what I did:

Tru64> ssh-keygen -t rsa -P

and id_rsa_1024_a and id_rsa_1024_a.pub are generated in ~/.ssh2/ directory.

I copied the public key file to HP-UX 11.23, and exported this key to the authorized_keys file in .ssh/

HP-UX 11.23> cd .ssh
HP-UX 11.23> ssh-keygen -e -f id_rsa_1024_a.pub >> authorized_keys

Then from the Tru64, it still asking for the password.

PS: I genereted the keys on HP-UX 11.23 and put the public in authrized_keys on Tru64, and had no problem to sftp/ssh from HP-UX 11.23 to Tru64.

Any hints are highly appreciated.

Cindy
0 Kudos
7 REPLIES 7
Steven Schweda
Honored Contributor

тАО01-07-2009 04:41 PM

тАО01-07-2009 04:41 PM

Solution

Re: sftp from Tru64 to HP-UX 11.23

Without actually thinking about the key
formats and other details which tend to
differ between different SSH implementations,
I'd start with a simple SSH instead of SFTP,
and I'd throw a "-v" into the "ssh" command.
If the messages don't tell you anything, post
the mess. Often it's pretty clear when it's
not finding the right key file, or some such
thing.

There may also be an informative message in
the log files on the server side.
0 Kudos
Victor Semaska_3
Esteemed Contributor

тАО01-07-2009 05:57 PM

тАО01-07-2009 05:57 PM

Re: sftp from Tru64 to HP-UX 11.23

Cindy,

I think you used the wrong option when converting the key. The '-e' option converts from OpenSSH format to SSH2 format. You want the '-i' option which goes from SSH2 to OpenSSH.

Vic
There are 10 kinds of people, one that understands binary and one that doesn't.
0 Kudos
Cindy Ding
Occasional Contributor

тАО01-08-2009 07:59 AM

тАО01-08-2009 07:59 AM

Re: sftp from Tru64 to HP-UX 11.23

Thanks to Victor for point out the error. I was actually usin -i option.

Steven, I tried to use ssh -v as you suggested, and found out that it was looking for the .ssh2/identification file.

So I genereted this file:

Tru64> cat identification
IdKey id_rsa_1024_a

However, it was still prompt with the password. Is the contents of this identification file not right? Here is the ssh -v output:

Tru64$ ssh -v docu1@hp-ux-11-23 ls
debug: hostname is "".
debug: Unable to open /data//.ssh2/ssh2_config
debug: connecting to tstcg4docu1.oss.tst, port 22...
debug: entering event loop
debug: ssh_client_wrap: creating transport protocol
debug: SshAuthMethodClient/sshauthmethodc.c:141: Added "publickey" to usable methods.
debug: SshAuthMethodClient/sshauthmethodc.c:141: Added "password" to usable methods.
debug: Ssh2Client/sshclient.c:1217: creating userauth protocol
debug: Ssh2Common/sshcommon.c:513: local ip = 10.0.90.81, local port = 4512
debug: Ssh2Common/sshcommon.c:515: remote ip = 10.0.108.138, remote port = 22
debug: SshConnection/sshconn.c:1878: Wrapping...
debug: Ssh2Transport/trcommon.c:613: Remote version: SSH-2.0-OpenSSH_4.7p1+sftpfilecontrol-v1.2-hpn12v17
debug: Ssh2Transport/trcommon.c:803: Remote version has rekey incompatibility bug.
debug: Ssh2Transport/trcommon.c:1132: c_to_s: cipher 3des-cbc, mac hmac-sha1, compression none
debug: Ssh2Transport/trcommon.c:1135: s_to_c: cipher 3des-cbc, mac hmac-sha1, compression none
debug: Ssh2Client/sshclient.c:461: Host key found from database.
debug: Ssh2Common/sshcommon.c:317: Received SSH_CROSS_STARTUP packet from connection protocol.
debug: Ssh2Common/sshcommon.c:367: Received SSH_CROSS_ALGORITHMS packet from connection protocol.
debug: Ssh2AuthPubKeyClient/authc-pubkey.c:842: adding keyfile "/data/shawbill/.ssh2/id_rsa_1024_a" to candidates
debug: Ssh2AuthClient/sshauthc.c:320: Method 'publickey' disabled.
debug: Ssh2AuthPasswdClient/authc-passwd.c:107: Starting password query...
docu1's password:

Thanks a lot,

Cindy
0 Kudos
Victor Semaska_3
Esteemed Contributor

тАО01-08-2009 08:52 AM

тАО01-08-2009 08:52 AM

Re: sftp from Tru64 to HP-UX 11.23

Cindy,

I don't see anything in the output but SSH debug mode doesn't always help. I've had problems getting public keys to work due to permissions problems.

Make sure authorized_keys is owned by the user and has permissions 600.

Vic
There are 10 kinds of people, one that understands binary and one that doesn't.
0 Kudos
Cindy Ding
Occasional Contributor

тАО01-08-2009 09:30 AM

тАО01-08-2009 09:30 AM

Re: sftp from Tru64 to HP-UX 11.23

Thanks for the suggestion, Victor. It is working now!

Cindy
0 Kudos
Cindy Ding
Occasional Contributor

тАО01-08-2009 09:40 AM

тАО01-08-2009 09:40 AM

Re: sftp from Tru64 to HP-UX 11.23

Thanks to everyone who has been very helpful.

Cindy
0 Kudos
Steven Schweda
Honored Contributor

тАО01-08-2009 09:41 AM

тАО01-08-2009 09:41 AM

Re: sftp from Tru64 to HP-UX 11.23

> [...]
> debug: Ssh2AuthPubKeyClient/authc-pubkey.c:842: adding keyfile "/data/shawbill/.ssh2/id_rsa_1024_a" to candidates
> debug: Ssh2AuthClient/sshauthc.c:320: Method 'publickey' disabled.
[...]

That looks to me like a key failure.

Around here (apparently newer):

[...]
debug: Ssh2AuthPubKeyClient/authc-pubkey.c:1602: adding keyfile "/usr/users/sms/
.ssh2/sms_npp_id_dsa_1024_a" to candidates
debug: Constructing and sending signature in publickey authentication.
debug: Ssh2AuthPubKeyClient/authc-pubkey.c:794: ssh_client_auth_pubkey_send_signature: reading /usr/users/sms/.ssh2/sms_npp_id_dsa_1024_a
debug: Ssh2AuthPubKeyClient/authc-pubkey.c:1823: Public key authentication was successful.
[...]


dy $ uname -a
HP-UX dy B.11.11 U 9000/785 2012616114 unlimited-user license

I don't have 11.23 anywhere, and I can't
easily run 11.31 at the moment (zx2000 is
running VMS right now).

urtx> ssh -V
ssh: SSH Secure Shell Tru64 UNIX 3.2.0

urtx> sizer -v
HP Tru64 UNIX V5.1B (Rev. 2650); Mon Feb 19 11:57:07 CST 2007

(That's with T64V51BB27AS0006-20061208.)

If it's easy, I'd see if there's a clue in
the HP-UX system logs.

urtx> cat .ssh2/identification
IdKey sms_npp_id_dsa_1024_a

urtx> ls -l .ssh2/sms_npp_id_dsa_1024_a*
-rw------- 1 sms users 867 Jul 23 2003 .ssh2/sms_npp_id_dsa_1024_a
-rw-r--r-- 1 sms users 736 Jul 23 2003 .ssh2/sms_npp_id_dsa_1024_a.pub

urtx> cat .ssh2/sms_npp_id_dsa_1024_a
---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----
Subject: sms
Comment: "1024-bit dsa, sms@alp.antinode.org, Thu Jul 24 2003 03:43:07"
P2[...]
[...]
[...]Ow==
---- END SSH2 ENCRYPTED PRIVATE KEY ----

urtx> cat .ssh2/sms_npp_id_dsa_1024_a.pub
---- BEGIN SSH2 PUBLIC KEY ----
Subject: sms
Comment: "1024-bit dsa, sms@alp.antinode.org, Thu Jul 24 2003 03:43:07"
AA[...]
[...]
[...]WQ==
---- END SSH2 PUBLIC KEY ----

Do your key files look ok? You seem to be
short by a message ("debug: Constructing and
sending signature in publickey
authentication."), which could be due to ssh
version differences or your key(s) being
useless junk (on the Tru64 system).

One way to check the key files on the HP-UX
system would be to ssh to itself. Should
work Tru64-to-Tru64, too, of course.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.