HPE Community
Operating System - OpenVMS
1827452 Members
4667 Online
109965 Solutions
New Discussion

Re: SFTP setup summary

 
Mark Battle
Advisor

‎05-13-2011 04:50 AM

‎05-13-2011 04:50 AM

SFTP setup summary

I have spent some time recently trying to understand how to create private/public keys. This is a summary of my understanding which may be of use to others.

Configuration for password-less communication between user a1 on VMS host v1 to user a2 on VMS host v2 using private/public key pairs.

1. sftp to both a1@v1 and a2@v2. This will create the [.ssh2] directory correctly.
2. in user a1 directory ssh2
$ @SYS$MANAGER:TCPIP$DEFINE_COMMANDS.COM
$ ssh_keygen "-P"
This produces private key ID_DSA_2048_A. and public key ID_DSA_2048_A.PUB
$ rename ID_DSA_2048_A. a1_v1.
$ rename ID_DSA_2048_A.PUB a1_v1.pub
$ set prot=w:r A.PUB a1_v1.pub ! Everybody can read public key
$ set prot=(g,w) A.PUB a1_v1. ! Private key remains private

$ create IDENTIFICATION.
Idkey ID_DSA_02048_A
$ create AUTHORIZATION.
KEY A2_V2.PUB
$ copy/ftp a1_v1.pub v2"a2 password"::[.ssh2]

3. repeat correspondingly for user a2

4. Now sftp should work in both directions
from a1
$ sftp a2@v2
From a2
$ sftp a1@v1

NB IDENTIFICATION. Is users private key (no '.')
AUTHORIZATION. Is list of strangers public keys



Comunication between a1 on VMS host v1 to a3 on Unix host u1
1. in a3
~> cd .ssh
~/.ssh> ssh-keygen -t rsa
This produces private key id_rsa and public key id_rsa.pub

2. convert public key to vms format
ssh-keygen -e -f key id_rsa.pub > a3_u1.pub

3. ftp a3_u1.pub to a1 directory ssh2
4. ftp a1_v1.pub from user a1 to .ssh as a1_v1.pub_vms
5. convert to OpenSSH format
Ssh_keygen -i -f a1_v1.pub_vms > a1_v1.pub
6. Add to authorized keys
Cat a1_v1.pub authorized_keys
7. sftp should now work
Sftp a1@v1

8. Repeat for user a2 on v2, but do
Cat a1_v1.pub a2_v2.pub > authorized_keys

9. In user a1 on host v1 append the line 'KEY a3_u1.PUB' to AUTHORIZATION.
10 sftp should now work
Sftp a3@u1
0 Kudos
2 REPLIES 2
Steven Schweda
Honored Contributor

‎05-13-2011 08:16 AM

‎05-13-2011 08:16 AM

Re: SFTP setup summary

> [...] Unix host [...]

> [...] OpenSSH [...]

The details may vary according to which
UNIX(-like) OS and SSH software are involved.
Tru64, for example, may use the same key
format as VMS.

> ~/.ssh> ssh-keygen -t rsa

Any reason to select RSA here, but DSA on the
VMS system?

> 6. Add to authorized keys
> Cat a1_v1.pub authorized_keys

"Add to" would look more like:
cat a1_v1.pub >> authorized_keys

And "Cat" and "cat" are not the same things
in a typical UNIX(-like) environment. Same
for "Ssh_keygen" and "ssh-keygen".

> 8. Repeat for user a2 on v2, but do
> Cat a1_v1.pub a2_v2.pub > authorized_keys

Again, ">>", unless you wish to lose any
existing content in "authorized_keys".

That new copy+paste technology I've read
about is supposed to be able to help reduce
transcription errors in situations like this.
Mark Battle
Advisor

‎05-16-2011 05:07 AM

‎05-16-2011 05:07 AM

Re: SFTP setup summary

Just for general info
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.