1748182 Members
3524 Online
108759 Solutions
New Discussion юеВ

Re: SFTP template.

 
umesh01
Occasional Advisor

SFTP template.

Hi All,
I want to creat one Ovms SFTP account for application team.(OVMS 8.2-1)
Requirement:
1.Need to Share the files with remote Ovms server.
2.NO password
3.Non-interactive login.

Is there any standard template available to create this type of account.

8 REPLIES 8
Hoff
Honored Contributor

Re: SFTP template.

Short answer: no. There's no template.

Long answer: There's no single way to do this as sftp clients and servers tend to have slightly different requirements, and sites have different requirements.

This is as much an OpenSSH question as anything else, and the OpenVMS-provided documentation of its ssh port (of OpenSSH) is, um, pretty limited.

Here, most any non-privileged username with some storage will likely work (add any dropbox username in its own unique UIC group) and set up the login directory. This is the dropbox username. (I haven't tried this combination on OpenVMS, but I'd first look to set the dropbox username as /NOINTERACTIVE given your requirements. This will prevent an interactive login, but -- based on some quick tests -- does allow an sftp login. My sftp dropboxes don't run on the OpenVMS servers, and for various reasons.)

Then create and copy over the certificates from the sftp clients over to the OpenVMS sftp server dropbox user; this exchange of public key certificates is how you get a no-password login with some reasonable security. The exact steps will vary slightly by client; see the OpenVMS and (probably better) the OpenSSL documentation on this step, and there are existing discussions of the key exchange here in the forums, over at the Deathrow cluster and over at Encompasserve. (If you're not at least passingly familiar with public key and certificates in very general, start there.)

The other no-password login -- a true and wide-open username -- is a Really Bad Idea. These seem to get filled with warz and ripped movies in short order, if the system is internet-accessible. Many sites frown on any sort of generic accounts, as they lack accountability, and they tend to build up cruft. Even if the cruft that builds up isn't warz. This is where a dropbox-style login appears, or where individual users get and use an individually assigned username. (Generic accounts save a little time up front, but tend to be hassles to operate and maintain.)

Here's a somewhat-related discussion, and which touches on an ftp dropbox concept:

http://64.223.189.234/node/989

Whether or not a dropbox solution works for you is another discussion, and dependent on your local requirements and your local clients. (Since the local laptops and servers all have integrated ftp and sftp client and server capabilities, ad-hoc file transfers are easy; we don't need a central file server.)



Steven Schweda
Honored Contributor

Re: SFTP template.

> 2.NO password

Do you really want an _account_ with no
password, or do you just want to do SFTP
without needing to specify a password? For
the latter, it's easy enough to create public
key sets with no pass phrase.

> 3.Non-interactive login.

You really need this? I haven't looked into
this but I suspect that getting SFTP access
without allowing SSH access may be tricky.

> I want to creat one Ovms SFTP account
> [...]

These users don't already have accounts on
this system?

For various reasons, I dislike this sort of
shared account.
Kumar_Sanjay
Regular Advisor

Re: SFTP template.

I do agree with above. I would suggest you to use public key authentication for Users.

Thomas Ritter
Respected Contributor

Re: SFTP template.

We also use Public Key Authentication to support SFTP connections without passwords.
umesh01
Occasional Advisor

Re: SFTP template.

Hi Steven/Thamos,
Thanks for your suggestion.

I never generated public/private key before.Can you please tell how can do this.Is there any document available.
Steven Schweda
Honored Contributor

Re: SFTP template.

> [...] Is there any document available.

http://h71000.www7.hp.com/doc/index.html

Assuming that you're using TCPIP:

http://h71000.www7.hp.com/doc/tcpip56.html

(Pick a version, and look for something like
"HP TCP/IP Services for OpenVMS Guide to
SSH".)

Oe do a Forum search for things like
"SSH_KEYGEN" (or "ssh-keygen"). There is
potential for key-file format differences
between different host types (and I don't
see anything about the client systems in your
question.)

Jan van den Ende
Honored Contributor

Re: SFTP template.

umesh01,

from your Forum Profile:


I have assigned points to 0 of 20 responses to my questions.


Maybe you can find some time to do some assigning?

http://forums1.itrc.hp.com/service/forums/helptips.do?#33

Mind, I do NOT say you necessarily need to give lots of points. It is fully up to _YOU_ to decide how many. If you consider an answer is not deserving any points, you can also assign 0 ( = zero ) points, and then that answer will no longer be counted as unassigned.
Consider, that every poster took at least the trouble of posting for you!

To easily find your streams with unassigned points, click your own name somewhere.
This will bring up your profile.
Near the bottom of that page, under the caption "My Question(s)" you will find "questions or topics with unassigned points " Clicking that will give all, and only, your questions that still have unassigned postings.
If you have closed some of those streams, you must "Reopen" them to "Submit points". (After which you can "Close" again)

Do not forget to explicitly activate "Submit points", or your effort gets lost again!!

Thanks on behalf of your Forum colleagues.

PS. - nothing personal in this. I try to post it to everyone with this kind of assignment ratio in this forum. If you have received a posting like this before - please do not take offence - none is intended!

PPS. - Zero points for this.

Proost.

Have one on me.

jpe
Don't rust yours pelled jacker to fine doll missed aches.
Thomas Ritter
Respected Contributor

Re: SFTP template.

A good starter kit would be to use your Windows PC as a client and the VMS host as the server.
Install WinSCP, which is the SFTP client, and PuttyGEN, which will generate your pair of keys. There is a public and private key, or just two files. The public key is uploaded to the server. WinSCP will do this for you. On the server side, a file called authorization lists the valid keys. Once you understand what is happening with WinSCP, moving to other SFTP clients is easier.

Give it a go.