Operating System - OpenVMS
cancel
Showing results for 
Search instead for 
Did you mean: 

Putty and SSH of Multinet

Wim Van den Wyngaert
Honored Contributor

Putty and SSH of Multinet

I'm using SSH 5.0.1 of multinet combined with putty 0.57. I generated a key on the PC and transfered the public part to VMS (binary and then set file/at=rfm=stmlf).

When I run putty towards the multinet ssh server, I get the messages

*** Authenticating with public key "dsa-key-20070201" ***
Then
*** Access denied ***
Then
*** WIM@node's password ***

On the server I got
*** WARNING: Public key operation failed for wim ***

Anyone an idea what to do next ?
I use 256 bits DSA key.

Wim
Wim
12 REPLIES
Wim Van den Wyngaert
Honored Contributor

Re: Putty and SSH of Multinet

Here is the server trace when debug level is 50 (user wim is now sysmgr_wvw). It looks like the key is OK but something is still wrong with publickey. The key file is called ID_PC.

Wim
Wim
Jim_McKinney
Honored Contributor

Re: Putty and SSH of Multinet

MultiNet uses the F-Secure codebase. Does Putty produce an OpenSSH or SECSH (F-Secure) style key? If it's an OpenSSH key then you'll either need to convert it or re-generate it in the SECSH format.
Wim Van den Wyngaert
Honored Contributor

Re: Putty and SSH of Multinet

I generated a dsa key in putty. Then I asked "export to openssh". Then I did save private key.

I ftp'd the private key to vms. Converted it with success to SSH2 and then extracted the public key.

Still the same problem.

Wim (gone till monday)
Wim
Martin Vorlaender
Honored Contributor

Re: Putty and SSH of Multinet

Wim,

>>>
I generated a dsa key in putty. Then I asked "export to openssh". Then I did save private key.
<<<

Skip that "export to openssh" step. Like Jim_McKinney wrote, Process uses SECSH format, and PuTTY uses the same.

>>>
I ftp'd the private key to vms. Converted it with success to SSH2 and then extracted the public key.
<<<

The private key should *NEVER* be transferred anywhere. Transfer the public key. DON'T convert. Add a reference to the public key file to SYS$LOGIN:[.SSH2]AUTHORIZATION. (see http://www.process.com/tcpip/mndocs/MN%20v5.0%20Installation%20Administrator%20Guide/Ch30.htm#E55E302)

Of course, the MultiNet's SSHD2_CONFIG file has to list PublicKey in the AllowedAuthentications.

You can use http://www.process.com/tcpip/mndocs/MN%20v5.0%20User%20Guide/Ch07.htm#E55E35 as a guideline (substitute PuTTY for the MultiNet SSH client).

HTH,
Martin
Ian Miller.
Honored Contributor

Re: Putty and SSH of Multinet

Note also putty 0.59 is now available
____________________
Purely Personal Opinion
Wim Van den Wyngaert
Honored Contributor

Re: Putty and SSH of Multinet

Martin,

If you check my enclosure trace file, you find "the key matched". Thus it's not the setup of SSH but the file/contents that's causing the problem.

Wim
Wim
Wim Van den Wyngaert
Honored Contributor

Re: Putty and SSH of Multinet

Started alover again. This time using rs1 1024 bits, this time with passphrase (before I used none). Same problem. The public key file is accepted, a passphrase is prompted for and end.

In sshd log file :
Pubkey for server is of type 'if-modn'
Scheme for RSA public key was set to rsa-pkcs1-sha1

and then again WARNING... failed

Wim
Wim
Wim Van den Wyngaert
Honored Contributor

Re: Putty and SSH of Multinet

Here is a debug level 7 trace for those who now what to look for. Search for 2nd occurence of WARNING to get to the problem point.

Wim
Wim
Wim Van den Wyngaert
Honored Contributor

Re: Putty and SSH of Multinet

Retried with development putty 0.59 plus some changes(with newly generated rsa key). Same problem.

Wim
Wim
Wim Van den Wyngaert
Honored Contributor

Re: Putty and SSH of Multinet

Tried to do set watch file/class=all in sys$manager:login.com. Result : doesn't work at all (get "packet garbled"). Tried the same for SSH1 and here it works (I get all file accesses). SO :

Enabled SSH1 on VMS and generated SSH1 host key.

Closed group and world access to home directory and ssh directory. Also the authozed_keys file.

Then generated a SSH1 key with puttygen.
Copied public key with ftp to vms and wrote the contents of the file to authorized_keys in the SSH directory.

Said in putty "SSH1 only", and YES IT WORKS.

But still SSH2 to do ...

Wim
(for those not able to download exe's : there is also a zip file with the exe in it)
Wim
Wim Van den Wyngaert
Honored Contributor

Re: Putty and SSH of Multinet

I enabled access=all in audit to see all the file accesses. After the read of the public key no file is accessed in SSH2.

My guess is that there is some public key incompatiblity between Putty and multinet SSH2.

Wim
Wim
Wim Van den Wyngaert
Honored Contributor

Re: Putty and SSH of Multinet

IT WORKS !

In 'connection' of putty I had my username in uppercase. You need to enter it in lowercase and it works.

In sshd.log you'll see "completed publickey" insterad of "public key operation failed".

In the log of sshd you will only see the username in lowercase in BOTH cases !

Wim
(I do hate the open stuff quality)
Wim