Showing results for 
Search instead for 
Did you mean: 

Compatibilty between SSH Tectia Server 4.4.2 and OpenSSH_3.8.1p1

Occasional Visitor

Compatibilty between SSH Tectia Server 4.4.2 and OpenSSH_3.8.1p1

Hi All
I have SSH Tectia Server 4.4.2 installed and working on one HPUX server .
Secondly, I'm havinf a WIn2K3 server having OpenSSH_3.8.1p1 installed working fine.
I want to transfer file from HPUX(ssh-tectia) to win2K3 (openSSH) thru scp thru public key without prompting for any password.

1. I generated a 1024 bit dsa key without
passphrase on HPUX(ssh-tectia)
# ssh-keygen -b 1024 -t dsa
and copied the file to windows server.

2. then on windows server I did
# ssh-keygen -i -f >

# cat >>

But even after this while doing
# ssh user@win2K3

it asks password to login.

while doing scp -B it returns following error

[ warning: Authentication failed.
Disconnected (remote); protocol error (Too many authentication failures for neth).
Disconnect reason 2, exit code = 66scp: warning: ssh2 client failed to authenticate. (or yo u have too old ssh2 installed, check with ssh2 -V)]

while doing debugging from HPUX(ssh-tectia)it gives following error:

debug: server offers auth methods 'publickey,password,keyboard-interactive'.
debug: Ssh2AuthPubKeyClient/authc-pubkey.c:1851: Starting pubkey auth...
debug: Ssh2AuthPubKeyClient/authc-pubkey.c:1807: Agent is not running.
debug: Ssh2AuthPubKeyClient/authc-pubkey.c:1598: Got 0 keys from the agent.
debug: Ssh2AuthPubKeyClient/authc-pubkey.c:1375: Trying to add external certificate, key count = 0.
debug: SshUserFiles/sshuserfiles.c:584: Using '/home/neth/.ssh2/identification' as identity file.
debug: SshConfigParse/sshconfig_parse.c:158: Unable to open /home/neth/.ssh2/identification
debug: Ssh2AuthPubKeyClient/authc-pubkey.c:1575: Trying 0 key candidates.
debug: Ssh2AuthPubKeyClient/authc-pubkey.c:896: All keys declined by server, disabling method.
debug: SshProtoAuthClient/sshauthc.c:317: Method 'publickey' disabled.

while doing debugging from win2K3 side this error comes :

OpenSSH_3.8.1p1, OpenSSL 0.9.7d 17 Mar 2004
debug1: Reading configuration data /etc/ssh_config
debug1: Connecting to sngcon01 [] port 22.
debug1: Connection established.
debug1: identity file /home/neth/.ssh/identity type -1
debug1: identity file /home/neth/.ssh/id_rsa type -1
debug1: identity file /home/neth/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version SSH Secure Shell
debug1: no match: SSH Secure Shell
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.8.1p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
The authenticity of host 'sngcon01 (' can't be established.
DSA key fingerprint is 22:26:b3:05:d9:2d:58:42:a6:c2:98:be:fe:49:5f:15.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'sngcon01,' (DSA) to the list of known hosts.
debug1: ssh_dss_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
Read from socket failed: Connection aborted

Could any one help in this matter.

Doug O'Leary
Honored Contributor

Re: Compatibilty between SSH Tectia Server 4.4.2 and OpenSSH_3.8.1p1


I'm not familiar with the ssh s/w you installed on the hp server. It *may* be an official ssh version 2 implementation. If it is, the keys are incompatible between the two w/o some preprocessing.

On the HP system, "cat". If the key looks something like:

Comment: "1024-bit DSA, converted from OpenSSH by"

you'll need to convert the tectia public keys from ssh v2 format to openssh so they can be used on the windows box and then convert the openssh public keys to ssh v2 format. Use the openssh version of ssh-keygen to do this conversion:

### ssh v2 -> openssh format - import:
ssh-keygen -i -f ${ssh_v2_key} > ${openssh_format_key}

### openssh -> ssh v2 format - export:
ssh-keygen -e -f ${openssh_format} > ${ssh_v2_key}

Assuming, this is the issue, if you're planning on going from the windows box to the HP box, realize the set up of ssh v2 keys is very different than it is on openssh. You'll have to read the documentation that came with the tectia s/w as it's been *years* since I played w/ssh v2 compliant keys. I can probably find the procedures I wrote, if necessary though. Let me know if you want to try.

So, long winded reply. Summary: First thing verify the format of the tectia keys by cat'ing them out. If they're ssh v2, they need to be converted to openssh format. If they're not ssh v2 format, then I'm on the wrong track.



Senior UNIX Admin
O'Leary Computers Inc