- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- OpenVMS SSH client and UNIX SSH server with public...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-30-2008 01:00 AM
тАО10-30-2008 01:00 AM
One month ago, I posted a note
http://forums13.itrc.hp.com/service/forums/questionanswer.do?threadId=1272093
where I asked about how to enable public key authorization when we have an UNIX SSH client and OpenVMS SSH server. I followed the suggestions you gave me and I thought that just in the opposite sense I wouldn't have any problem. But it was not so.
My pair of public-private keys are generated with passphrase at the Unix side. I have converted the private key to SSH2 format recognized by OpenVMS with 'ssh-keygen' command and '-e' option and it's ok.
I have followed the steps to enable OpenVMS ssh client and when I connect to an Unix ssh server (with only publick key authentication enabled), all the process seems ok (I use the '-vvv' option with the 'ssh' command) but when it asks for the passphrase, I enter it correctly, press return and it asks for it again, until three times, when it disconnects the conection.
Do you know if there is a problem using passphrases generated in Unix environment at OpenVMS client side?.
Have I missed something in the configuration process?
Thanks in advance.
Ana
Solved! Go to Solution.
- Tags:
- ssh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-30-2008 02:11 AM
тАО10-30-2008 02:11 AM
Re: OpenVMS SSH client and UNIX SSH server with public key auth and passphrase
Are you getting the case correctly for the pass phrase?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-30-2008 02:55 AM
тАО10-30-2008 02:55 AM
Re: OpenVMS SSH client and UNIX SSH server with public key auth and passphrase
The version is:
HP TCP/IP Services for OpenVMS Alpha Version V5.6 - ECO 2
on a COMPAQ AlphaServer DS20E 666 MHz running OpenVMS V8.3
And I am sure I am entering the right passphrase.
Thanks.
Ana
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-30-2008 05:02 AM
тАО10-30-2008 05:02 AM
Re: OpenVMS SSH client and UNIX SSH server with public key auth and passphrase
I thought doing the conversion with the 'ssh-keygen' from OpenVMS but according to the last TCP/IP release notes, the option '-e' doesn't work.
In order to discard an error in the keystrokes on my behalf, another mate has tested with his own keys (with passphrase and with no passphrase) and the results are exactly the same.
Has anybody had this behavour?
Thanks.
Ana
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-30-2008 05:06 AM
тАО10-30-2008 05:06 AM
Re: OpenVMS SSH client and UNIX SSH server with public key auth and passphrase
key filename.extension
These files containing the public keys should also be in the user's [.SSH2] directory.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-30-2008 05:14 AM
тАО10-30-2008 05:14 AM
Re: OpenVMS SSH client and UNIX SSH server with public key auth and passphrase
I have both files, identification. and authorization. in the SSH2 directory (I have followed the steps from the SSH manual). In fact, with the same keys, the ssh works in the opposite direction (OpenVMS SSH server and Linux SSH client).
Ana
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-30-2008 05:55 AM
тАО10-30-2008 05:55 AM
Re: OpenVMS SSH client and UNIX SSH server with public key auth and passphrase
Maybe the problem is with the SSH2 client on the Unix side. Can you do a test between two Unix systems where a key format conversion is not needed?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-30-2008 01:06 PM
тАО10-30-2008 01:06 PM
SolutionNot a well-defined quantity.
> I have converted the private key to SSH2
> format recognized by OpenVMS with
> 'ssh-keygen' command and '-e' option and
> it's ok.
Define "ok". What's in the files? On my
HP-UX system, "ssh-keygen -e" seems always
to produce an "SSH2 PUBLIC KEY", not an
"SSH2 ENCRYPTED PRIVATE KEY".
How, exactly, did you convert what into what?
Actual commands with (at least some of the)
actual output may be more helpful than vague
descriptions.
> [...] (I use the '-vvv' option with the
> 'ssh' command) [...]
That's nice, but I can't see the results.
Using a key file which I generated on the VMS
side (and converted to OpenSSH on the UNIX
side), it works for me:
alp $ ssh "-V"
alp$dka0:[sys0.syscommon.][sysexe]tcpip$ssh_ssh2.exe: SSH Secure Shell OpenVMS (
V5.5) 3.2.0 on COMPAQ Professional Workstation - VMS V7.3-2
alp $ type [.ssh2]identification._pp
IdKey SMS_ID_DSA_1024_A
alp $ type [.ssh2]SMS_ID_DSA_1024_A.
---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----
Subject: sms
Comment: "1024-bit dsa, sms@alp.antinode.org, Fri Jun 27 2003 03:57:52"
P2/[...]
[...]
[...]Oym
---- END SSH2 ENCRYPTED PRIVATE KEY ----
alp $ ssh -i identification._pp dyi
Passphrase for key "/ALP$DKA0/sms/ssh2/SMS_ID_DSA_1024_A" with comment "1024-bit
dsa, sms@alp.antinode.org, Fri Jun 27 2003 03:57:52":
Authentication successful.
Last successful login: Thu Oct 30 05:50:55 CDT 2008 alp-l.antinode.info
Last login: Thu Oct 30 05:50:55 2008 from alp-l.antinode.
Value of TERM has been set to "vt100".
dyi $ uname -a
HP-UX dyi B.11.31 U ia64 4235313755 unlimited-user license
My psychic powers are too weak to let me see
your key files or your "ssh -v [...]" output,
so it's hard for me to guess what might be
wrong in your environment.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-30-2008 01:09 PM
тАО10-30-2008 01:09 PM
Re: OpenVMS SSH client and UNIX SSH server with public key auth and passphrase
> 'ssh-keygen' from OpenVMS but according to
> the last TCP/IP release notes, the option
> '-e' doesn't work.
What about "-i" on the UNIX side?
"man ssh-keygen".
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-31-2008 12:27 AM
тАО10-31-2008 12:27 AM
Re: OpenVMS SSH client and UNIX SSH server with public key auth and passphrase
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Maybe the problem is with the SSH2 client on the Unix side. Can you do a test between two Unix systems where a key format conversion is not needed?
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
The same Linux system that is behaving as a SSH server in the problematic environment is behaving correctly as a SSH client with other Linux servers.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
> [...] UNIX [...]
Not a well-defined quantity.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Different Linux systems.
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Define "ok". What's in the files? On my
HP-UX system, "ssh-keygen -e" seems always
to produce an "SSH2 PUBLIC KEY", not an
"SSH2 ENCRYPTED PRIVATE KEY".
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Oupps!. It seems silly but I didn't realize that the contents of the converted private key file has, as Steven said it happens with HP-UX, the PUBLIC key format not the PRIVATE one (I focused my attention at the comment string and didn't see the format key). With 'ok' I only mean that there wasn't an error message in the conversion.
Anyway, looking again the meaning of the 'ssh-keygen' man page:
....
-e This option will read a private or public OpenSSH key file and print the key in RFC 4716 SSH Public Key File Format to stdout. This option allows exporting keys for use by several commercial SSH implementations.
....
It seems that the output of this option is alway PUBLIC key format.
Another mate has converted his private key with 'puttygen' command and it works ok with OpenVMS ssh client and UNIX systems. In fact, I have found at other forums that the only way is to use this command.
Therefore, my conclusions are:
* The '-e' option of 'ssh-keygen' command doesn't do what I wanted: to convert a private key file with OpenSSH format to SSH2 compatible format.
* There is no other option for this command to do that (the '-i' option suggested by Steven just does the opposite operation).
* You have to intall 'putty' to have the 'puttygen' command.
* If somebody knows another tool, please let us know.
>>My psychic powers are too weak to let me >>seeyour key files or your "ssh -v [...]" >>output, so it's hard for me to guess what >>might be wrong in your environment.
You are right but, before attaching a lot of information, I wanted to ask anybody if there was a reported problem or a known issue. I think that now we know that I was using the incorrect option, it is useless to attach the output.
Thank you very much for all your help.
Regards.
Ana