Operating System - OpenVMS
Showing results for 
Search instead for 
Did you mean: 

Re: SFTP setup summary

Mark Battle

SFTP setup summary

I have spent some time recently trying to understand how to create private/public keys. This is a summary of my understanding which may be of use to others.

Configuration for password-less communication between user a1 on VMS host v1 to user a2 on VMS host v2 using private/public key pairs.

1. sftp to both a1@v1 and a2@v2. This will create the [.ssh2] directory correctly.
2. in user a1 directory ssh2
$ ssh_keygen "-P"
This produces private key ID_DSA_2048_A. and public key ID_DSA_2048_A.PUB
$ rename ID_DSA_2048_A. a1_v1.
$ rename ID_DSA_2048_A.PUB a1_v1.pub
$ set prot=w:r A.PUB a1_v1.pub ! Everybody can read public key
$ set prot=(g,w) A.PUB a1_v1. ! Private key remains private

Idkey ID_DSA_02048_A
$ copy/ftp a1_v1.pub v2"a2 password"::[.ssh2]

3. repeat correspondingly for user a2

4. Now sftp should work in both directions
from a1
$ sftp a2@v2
From a2
$ sftp a1@v1

NB IDENTIFICATION. Is users private key (no '.')
AUTHORIZATION. Is list of strangers public keys

Comunication between a1 on VMS host v1 to a3 on Unix host u1
1. in a3
~> cd .ssh
~/.ssh> ssh-keygen -t rsa
This produces private key id_rsa and public key id_rsa.pub

2. convert public key to vms format
ssh-keygen -e -f key id_rsa.pub > a3_u1.pub

3. ftp a3_u1.pub to a1 directory ssh2
4. ftp a1_v1.pub from user a1 to .ssh as a1_v1.pub_vms
5. convert to OpenSSH format
Ssh_keygen -i -f a1_v1.pub_vms > a1_v1.pub
6. Add to authorized keys
Cat a1_v1.pub authorized_keys
7. sftp should now work
Sftp a1@v1

8. Repeat for user a2 on v2, but do
Cat a1_v1.pub a2_v2.pub > authorized_keys

9. In user a1 on host v1 append the line 'KEY a3_u1.PUB' to AUTHORIZATION.
10 sftp should now work
Sftp a3@u1
Steven Schweda
Honored Contributor

Re: SFTP setup summary

> [...] Unix host [...]

> [...] OpenSSH [...]

The details may vary according to which
UNIX(-like) OS and SSH software are involved.
Tru64, for example, may use the same key
format as VMS.

> ~/.ssh> ssh-keygen -t rsa

Any reason to select RSA here, but DSA on the
VMS system?

> 6. Add to authorized keys
> Cat a1_v1.pub authorized_keys

"Add to" would look more like:
cat a1_v1.pub >> authorized_keys

And "Cat" and "cat" are not the same things
in a typical UNIX(-like) environment. Same
for "Ssh_keygen" and "ssh-keygen".

> 8. Repeat for user a2 on v2, but do
> Cat a1_v1.pub a2_v2.pub > authorized_keys

Again, ">>", unless you wish to lose any
existing content in "authorized_keys".

That new copy+paste technology I've read
about is supposed to be able to help reduce
transcription errors in situations like this.
Mark Battle

Re: SFTP setup summary

Just for general info