topic Re: SFTP Client (VMS) and RSA key in Operating System - OpenVMS

SFTP Client (VMS) and RSA key

John T. Farmer — Wed, 30 Mar 2011 14:44:38 GMT

I have been given a public RSA key (in text form BEGIN RSA PRIVATE KEY .... END RSA PRIVATE KEY). VMS SFTP is the client to connect to a server external to my company using this key to secure a file transmission (replace current FTP process).

Is there a one-time import of the key to my VMS system? If so, what SFTP/SSH syntax is used to import/configure?

Most documentation I have read, including http://h71000.www7.hp.com/openvms/products/ssh/ssh.pdf speak intensely about setting up SSH server and generating key pairs. In my case, I was given the public key and an address to transmit to.

A unix SFTP example was to me. I will try this same syntax when the RSA key has been delt with.

sftp -oPort=22 username@serveripaddress

Thanks,

John

- OpenVMS 8.3
- SSH Secure Shell OpenVMS (V5.5) 3.2.0
- HP TCP/IP Services for OpenVMS Alpha Version V5.6 - ECO 5

Re: SFTP Client (VMS) and RSA key

Jim_McKinney — Wed, 30 Mar 2011 15:10:06 GMT

> I have been given a public RSA key

Have them check again... looks like they gave you the private half of the key-pair.

Given an SECSH format public key, you'll want to copy that text to a file located in your [.SSH2] directory. The file should be owned by the parent and have a protection mask (RWED,RWED,RE,). The file should also be STMLF format with CR carriage control. You'll also want to create a file named AUTHORIZATION. in the same [.SSH2] directory with the same ownership/protection attributes as the public key file. In that file you'll want to have a directive authorizing this public key by filename. F. ex. a file name whatever.pub would require the following directive

key WHATEVER.pub

I suspect that not only have you been given a private key, but that the format is OpenSSH rather than the SECSH format the VMS needs. So, in addition to requesting the public key, ask that they generate it in SECSH format. If they're not familiar with SECSH format keys have them use google to search for "ssh secsh key format" or somesuch and they'll get numerous hits - this one might help - http://www.grok.org.uk/docs/ssh.html .

Re: SFTP Client (VMS) and RSA key

Duncan Morris — Wed, 30 Mar 2011 15:22:19 GMT

John,

if you are going to connect to the remote server, then it looks as though they want you to use this private key as your identification.

Allowing for the format issues mentioned above by Jim, you will want to place the private key in your [.ssh2] directory and add the following entry to [.ssh2]identification.

IdKey filename

where filename is the filename you have stored the private key in.

When your VMS system attempts to connect to the remote server, it will present this key as your credentials. They will then authenticate you against the public key which they already have.

Duncan

Re: SFTP Client (VMS) and RSA key

John Gillings — Wed, 30 Mar 2011 20:09:07 GMT

John,

Sounds like they've given you the wrong half! The first and last lines of the file should look like:

BEGIN RSA PUBLIC KEY
END RSA PUBLIC KEY

Once you have the public half (and hopefully they will regenerate the pair and NOT disclose the private half to you), you may need to fiddle with the file format.

Make sure the physical record terminators match the record format. For example, if the file comes from a PC with terminators, the RMS record attribute must be STREAM (not STREAM_LF). I think I've also had to CONVERT files from VAR to STREAM_LF. Otherwise, the key file format should be compatible.