HPE Community
Operating System - OpenVMS
1752773 Members
4929 Online
108789 Solutions
New Discussion юеВ

Re: SFTP Client (VMS) and RSA key

 
John T. Farmer
Regular Advisor

тАО03-30-2011 07:44 AM

тАО03-30-2011 07:44 AM

SFTP Client (VMS) and RSA key

I have been given a public RSA key (in text form BEGIN RSA PRIVATE KEY .... END RSA PRIVATE KEY). VMS SFTP is the client to connect to a server external to my company using this key to secure a file transmission (replace current FTP process).

Is there a one-time import of the key to my VMS system? If so, what SFTP/SSH syntax is used to import/configure?

Most documentation I have read, including http://h71000.www7.hp.com/openvms/products/ssh/ssh.pdf speak intensely about setting up SSH server and generating key pairs. In my case, I was given the public key and an address to transmit to.

A unix SFTP example was to me. I will try this same syntax when the RSA key has been delt with.

sftp -oPort=22 username@serveripaddress

Thanks,

John

- OpenVMS 8.3
- SSH Secure Shell OpenVMS (V5.5) 3.2.0
- HP TCP/IP Services for OpenVMS Alpha Version V5.6 - ECO 5
0 Kudos
Reply
3 REPLIES 3
Jim_McKinney
Honored Contributor

тАО03-30-2011 08:10 AM

тАО03-30-2011 08:10 AM

Re: SFTP Client (VMS) and RSA key

> I have been given a public RSA key

Have them check again... looks like they gave you the private half of the key-pair.

Given an SECSH format public key, you'll want to copy that text to a file located in your [.SSH2] directory. The file should be owned by the parent and have a protection mask (RWED,RWED,RE,). The file should also be STMLF format with CR carriage control. You'll also want to create a file named AUTHORIZATION. in the same [.SSH2] directory with the same ownership/protection attributes as the public key file. In that file you'll want to have a directive authorizing this public key by filename. F. ex. a file name whatever.pub would require the following directive

key WHATEVER.pub

I suspect that not only have you been given a private key, but that the format is OpenSSH rather than the SECSH format the VMS needs. So, in addition to requesting the public key, ask that they generate it in SECSH format. If they're not familiar with SECSH format keys have them use google to search for "ssh secsh key format" or somesuch and they'll get numerous hits - this one might help - http://www.grok.org.uk/docs/ssh.html .

0 Kudos
Reply
Duncan Morris
Honored Contributor

тАО03-30-2011 08:22 AM

тАО03-30-2011 08:22 AM

Re: SFTP Client (VMS) and RSA key

John,

if you are going to connect to the remote server, then it looks as though they want you to use this private key as your identification.

Allowing for the format issues mentioned above by Jim, you will want to place the private key in your [.ssh2] directory and add the following entry to [.ssh2]identification.

IdKey filename

where filename is the filename you have stored the private key in.

When your VMS system attempts to connect to the remote server, it will present this key as your credentials. They will then authenticate you against the public key which they already have.


Duncan
0 Kudos
Reply
John Gillings
Honored Contributor

тАО03-30-2011 01:09 PM

тАО03-30-2011 01:09 PM

Re: SFTP Client (VMS) and RSA key

John,

Sounds like they've given you the wrong half! The first and last lines of the file should look like:

BEGIN RSA PUBLIC KEY
END RSA PUBLIC KEY

Once you have the public half (and hopefully they will regenerate the pair and NOT disclose the private half to you), you may need to fiddle with the file format.

Make sure the physical record terminators match the record format. For example, if the file comes from a PC with terminators, the RMS record attribute must be STREAM (not STREAM_LF). I think I've also had to CONVERT files from VAR to STREAM_LF. Otherwise, the key file format should be compatible.
A crucible of informative mistakes
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.