HPE Community
Operating System - OpenVMS
1752861 Members
4557 Online
108790 Solutions
New Discussion юеВ

Re: Connecting an OpenVMS to a LINUX machine

 
SOLVED
Go to solution
almanzam
Occasional Advisor

тАО07-27-2006 03:45 AM

тАО07-27-2006 03:45 AM

Connecting an OpenVMS to a LINUX machine

Greetings.

I have been trying to connect unsuccessfully to a Linux machine from a Linux machine in order to drop files via secure FTP. The command "sftp -V" shows "Sftp2/SFTP2.C:3880: CRTL version (SYS$SHARE:DECC$SHARE ident) is: V7.3-2-02" on the VMS side. The SSH-KEYGEN program outputs the following version: "ssh-keygen -h
$1$dga1:[sys0.syscommon.][sysexe]tcpip$ssh_ssh2.exe: SSH Secure Shell OpenVMS (V5.5) 3.2.0 on AlphaServer ES45 Model 2B - VMS V7.3-2

The purpose for this is to copy files from the OpenVMS to the Linux machine via a batch file without supplying a password, a process which already can happen with Linux-to-Linux.

I have done the following:
1. Created the client (VMS) key with no password, 1024-bit encryption, the command
"ssh_keygen -P -b 1024 key_for_remote_host"

The files the generator created (*.pub;1 and *.;1 files) contain both Subject and Comments as part of the public key, something which I am not familiar with. With Linux keys, there are no comments and/or subjects, just the encryption.

How do I add that key into the .ssh/authorized_keys file of the remote LINUX system?

I have read plenty of VMS to VMS instructions, and have done that successfully, but VMS to Linux is puzzling me. Please help.
0 Kudos
Reply
15 REPLIES 15
Steven Schweda
Honored Contributor

тАО07-27-2006 03:58 AM

тАО07-27-2006 03:58 AM

Re: Connecting an OpenVMS to a LINUX machine

If Linux is like Solaris, you could copy the
key files to the Linux system, and use
"ssh-keygen -X" to convert them to the
OpenSSH format(s).

For a few more details, try searching this
forum for "ssh-keygen".

If you can figure out the format differences,
you can convert the files using a text
editor, but using the program is easier.
0 Kudos
Reply
almanzam
Occasional Advisor

тАО07-27-2006 04:43 AM

тАО07-27-2006 04:43 AM

Re: Connecting an OpenVMS to a LINUX machine

Thanks Steven. I tried looking at my Linux machine's keygen program and it doesn't have the flag you suggested. The only flags for conversion are -e (Convert OpenSSH to IETF SECSH key file) and -i (Convert IETF SECSH to OpenSSH key file). Either way, when I run the flag -e, I output to a file which doesn't seem like the natural KEY files that I get from a Linux Key-Generator (there's no host at the end of the key, which does exist on DSA keys I create on Linux). I add this output file to the .ssh/authorized_keys file of the Linux machine, and still can't connect without supplying the password from the VMS machine using the following:

ssh -o IdentityFile=keyforremotehost.pub user@remotehost

Any other suggestions? The goal here, again, is to NOT have to enter a password on the local VMS machine and transfer files via SFTP.
0 Kudos
Reply
Richard Whalen
Honored Contributor

тАО07-27-2006 05:03 AM

тАО07-27-2006 05:03 AM

Re: Connecting an OpenVMS to a LINUX machine

You probably want to do -i on the Linux system because VMS uses IETF SECSH format keys and I suspect that Linux uses OpenSSH format keys.
0 Kudos
Reply
Steven Schweda
Honored Contributor

тАО07-27-2006 06:16 AM

тАО07-27-2006 06:16 AM

Re: Connecting an OpenVMS to a LINUX machine

As of SunOS 5.10:

sol> man ssh-keygen
[...]
-X Obsolete. Replaced by the -i option.
[...]
-i This option reads an unencrypted
private (or public) key file in
SSH2-compatible format and prints an
OpenSSH compatible private (or pub-
lic) key to stdout. ssh-keygen also
reads the "SECSH" Public Key File
Format. This option allows import-
ing keys from several other SSH
implementations.


I gather that "-i" is the thing to do
nowadays instead of "-X".
0 Kudos
Reply
almanzam
Occasional Advisor

тАО07-27-2006 06:38 AM

тАО07-27-2006 06:38 AM

Re: Connecting an OpenVMS to a LINUX machine

I used the -i option and that didn't work.
0 Kudos
Reply
almanzam
Occasional Advisor

тАО07-27-2006 06:45 AM

тАО07-27-2006 06:45 AM

Re: Connecting an OpenVMS to a LINUX machine

Here is the resulting .ssh/authorized_keys file:

ssh-dss AAAAB3NzaC1kc3MAAACBAL*** KEY CONTENTS HERE***hcjPYQK/T9E1ytg== user_example@client_machine
ssh-dss AAAAB3NzaC1kc3MAAACB*** KEY CONTENTS HERE***oSXDR/c=

Note that the first entry for "client_machine" contains the user_example and client_machine identification, while the second entry, which is from the VMS-generated key, does not contain the user and machine identification for authorization.

I must note that the remote host is a RedHat Enterprise Linux 4 machine.
0 Kudos
Reply
Steven Schweda
Honored Contributor

тАО07-28-2006 12:35 AM

тАО07-28-2006 12:35 AM

Re: Connecting an OpenVMS to a LINUX machine

> I used the -i option and that didn't work.

As usual, it might help to see exactly what
you did, and what happened when you did it.
"Didn't work" is not very informative.

It (ssh-keygen -X/-i) seemes to work properly
on Solaris. Have you tried using an editor
to add the missing item to the new line
("user_example@client_machine")?

As I said, using a text editor is one way to
do the conversion. On Solaris (and, I
assume, on Linux or any other OpenSSH
system), the ".ssh/authorized_keys" file
seems to contain one line per key, with the
key type, the key data, and the user id, as
you've shown, while the format used on VMS
has different fields and multiple, shorter
lines. With an example of each type to look
at, it's pretty easy to see how to convert
one to the other. (Well, _I_ could do it, so
I thought that it must be pretty easy.)
0 Kudos
Reply
almanzam
Occasional Advisor

тАО07-28-2006 01:02 AM

тАО07-28-2006 01:02 AM

Re: Connecting an OpenVMS to a LINUX machine

>As usual, it might help to see exactly what
>you did, and what happened when you did it.
>"Didn't work" is not very informative.
Sorry. I meant "Same results." I realized what you said after I typed it and couldn't change it.

>It (ssh-keygen -X/-i) seemes to work properly
>on Solaris. Have you tried using an editor
>to add the missing item to the new line
>("user_example@client_machine")?
Yes, I tried that. NO avail. The results are the same. It keeps asking me for password.

>With an example of each type to look
>at, it's pretty easy to see how to convert
>one to the other. (Well, _I_ could do it, so
>I thought that it must be pretty easy.)
Here's the VMS public key file keyfromclient.pub:
---- BEGIN SSH2 PUBLIC KEY ----
Subject: user
Comment: "1024-bit dsa, user@clientmachine.edu, Thu Jul 27 2006 1\
4:19:56"
AAAAB3NzaC1kc3MAAACBAOsVrMJAbjYavRf6wjLC89Q6jOmQ6SHYXjompqzxQe75BebSfj
*more lines like above and below here*
HQW92OSlW9yY4DBl0XUDQVUUjOnAOUgqETNkUFvAQ7B7uChJnnSrcMNFzZSFZqSIhNSpyP3n9FQL0t9NmZj+1QDQ==
---- END SSH2 PUBLIC KEY ----

Here is my command on the LINUX side to convert the file to append to the .ssh/authorized_keys file (asks for keyfromclient.pub and outputs to convertedkeyfromclientmachine.pub):
ssh-keygen -i > convertedkeyfromclientmachine.pub


Here is the authorized_keys file on LINUX again:

ssh-dss AAAAB3NzaC1kc3MAAACBALenI1l1TVZphhoM93CNOfBXd7A+9Hwe8YRSgNIig**CODEANDSTUFF*M9d4a8iEPFzH4fG/7bCjkIB5PJn3yhcjPYQK/T9E1ytg== user@a.linux.machine.that.works
ssh-dss AAAAB3NzaC1kc3MAAACBAJCYMlc8shQrwtKLr3CUhDtnZFemV8icf6Nh1ZG0MTUpjKmimkwe*****CODEANDSTUFFHERE******XDR/c7a4fbPNPPb/HQhBjzb0SrnG9lVM4FDAh30VWJEqP2wHcQumJKbS8Z5Mg== user@clientmachine.edu

I added the user@clientmachine.edu above manually even after the concatenation of the converted file didn't add it. Again, it is still asking for a password on the VMS side:

VMS_PROMPT> ssh -o IdentityFile=keyfromclient.;1 user@remotehost.edu
user's password: cursor movement capability, using vt100
Authentication successful.
Last login: Fri Jul 28 07:42:58 2006 from 1**.**.32.***

The "cursor movement capability" is left over STDOUT message from OPENVMS... it's not the password. I had to type in the password on the SSH command to get in.
0 Kudos
Reply
Steven Schweda
Honored Contributor

тАО07-28-2006 01:33 AM

тАО07-28-2006 01:33 AM

Re: Connecting an OpenVMS to a LINUX machine

At this point, output from "ssh -v" may be
helpful. For some examples, you might look
at:

http://forums1.itrc.hp.com/service/forums/bizsupport/questionanswer.do?threadId=1012120

but that may be going in the other direction.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.