Security
cancel
Showing results for 
Search instead for 
Did you mean: 

SFTP bewteen Tru64 and Tru64 (no password)

SFTP bewteen Tru64 and Tru64 (no password)

I am having difficulty in setting up an automated SFTP session between tru64 and another tru64 node. Keys have been generated and copied but is still does not work..I am new to this and the forum only shows threads for tru64 to non tru64 versions. See output of error below....any help or how-to will be appreciated please.

localhost> sftp "-B" batchfile [remotehost]

debug: Connecting to [remotehost], port 22... (SOCKS not used)

debug: Ssh2/ssh2.c:2332: Entering event loop.

debug: Ssh2Client/sshclient.c:1452: Creating transport protocol.

debug: SshAuthMethodClient/sshauthmethodc.c:95: Added "hostbased" to usable methods.

debug: SshAuthMethodClient/sshauthmethodc.c:95: Added "publickey" to usable methods.

debug: SshAuthMethodClient/sshauthmethodc.c:95: Added "password" to usable methods.

debug: Ssh2Client/sshclient.c:1493: Creating userauth protocol.

debug: client supports 3 auth methods: 'hostbased,publickey,password'

debug: SshUnixTcp/sshunixtcp.c:1227: using local hostname zzz.zzz.zz.zz

debug: Ssh2Common/sshcommon.c:541: local ip = xx.xxx.xxx.x, local port = 28426

debug: Ssh2Common/sshcommon.c:543: remote ip = xx.xxx.xxx.x, remote port = 22

debug: SshConnection/sshconn.c:1957: Wrapping...

debug: Remote version: SSH-2.0-3.2.0 SSH Secure Shell Tru64 UNIX

debug: Major: 3 Minor: 2 Revision: 0

debug: Ssh2Transport/trcommon.c:1913: lang s to c: `', lang c to s: `'

debug: Ssh2Transport/trcommon.c:1978: c_to_s: cipher aes128-cbc, mac hmac-sha1, compression none

debug: Ssh2Transport/trcommon.c:1981: s_to_c: cipher aes128-cbc, mac hmac-sha1, compression none

debug: Remote host key found from database.

debug: Ssh2Common/sshcommon.c:342: Received SSH_CROSS_STARTUP packet from connection protocol.

debug: Ssh2Common/sshcommon.c:392: Received SSH_CROSS_ALGORITHMS packet from connection protocol.

debug: server offers auth methods 'hostbased,publickey,password'.

debug: SshConfig/sshconfig.c:2795: Version not found on first line, assuming configuration to be old style.

debug: SshConfig/sshconfig.c:646: Setting variable 'VerboseMode' to 'FALSE'.

debug: SshHostKeyIO/sshhostkeyio.c:203: Reading public host key from /etc/ssh2/hostkey.pub

debug: SshHostKeyIO/sshhostkeyio.c:288: Host key algorithms (from disk): ssh-dss

debug: SshUnixTcp/sshunixtcp.c:1227: using local hostname zzzz.zzz.zz.zz

debug: Ssh2AuthHostBasedClient/authc-hostbased.c:143: Trying "hostbased" authentication with `ssh-dss' key.

debug: Ssh2AuthHostBasedClient/authc-hostbased.c:800: Child: Execing ssh-signer...(path: /usr/bin/ssh-signer2)

debug: Ssh2AuthHostBasedClient/authc-hostbased.c:449: ssh-signer returned SSH_AUTH_HOSTBASED_SIGNATURE

debug: server offers auth methods 'hostbased,publickey,password'.

debug: Ssh2AuthHostBasedClient/authc-hostbased.c:663: Server rejected the signature.

debug: Ssh2AuthClient/sshauthc.c:330: Method 'hostbased' disabled.

debug: Ssh2AuthHostBasedClient/authc-hostbased.c:121: No more keys to try.

debug: SshConfig/sshconfig.c:2339: Freeing pki. (host_pki != NULL, user_pki != NULL)

debug: ssh_pipe_stream_destroy

debug: server offers auth methods 'hostbased,publickey,password'.

debug: SshConfig/sshconfig.c:2737: Unable to open /usr/users/makha_ma/.ssh2/identification

debug: Ssh2AuthClient/sshauthc.c:330: Method 'publickey' disabled.

debug: ssh_sigchld_real_callback

debug: server offers auth methods 'hostbased,publickey,password'.

debug: Ssh2AuthPasswdClient/authc-passwd.c:128: In Batchmode, so we're not asking the user for password.

debug: Ssh2AuthClient/sshauthc.c:330: Method 'password' disabled.

debug: ssh_sigchld_real_callback

debug: ssh_sigchld_process_pid: no handler for pid 505572 code 0

debug: server offers auth methods 'hostbased,publickey,password'.

debug: Ssh2Common/sshcommon.c:180: DISCONNECT received: No further authentication methods available.

warning: Authentication failed.

debug: Ssh2/ssh2.c:184: locally_generated = TRUE

Disconnected; no more authentication methods available (No further authentication methods available.).

debug: Ssh2Client/sshclient.c:1528: Destroying client.

debug: SshConfig/sshconfig.c:2339: Freeing pki. (host_pki != NULL, user_pki = NULL)

FATAL: ssh2 client failed to authenticate. (or you have too old ssh2 installed, check with ssh2 -V)

debug: SshConnection/sshconn.c:2009: Destroying SshConn object.

debug: Ssh2Client/sshclient.c:1596: Destroying client completed.

debug: SshAuthMethodClient/sshauthmethodc.c:100: Destroying authentication method array.

localhost> debug: SshEventLoop/sshunixeloop.c:813: Reissuing signal for which callback was not yet delivered.

debug: SshAppCommon/sshappcommon.c:198: Freeing global SshRegex context.

debug: SshConfig/sshconfig.c:2339: Freeing pki. (host_pki = NULL, user_pki = NULL)

8 REPLIES
Steven Schweda
Honored Contributor

Re: SFTP bewteen Tru64 and Tru64 (no password)

I'd probably start with a plain "ssh" (or
"ssh -v") instead of "sftp", but the first
question would be: Which method were you
expecting to work, hostbased or publickey?

Hostbased fails with this message:

debug: Ssh2AuthHostBasedClient/authc-hostbased.c:663: Server rejected the signature.

Publickey fails with this message:

debug: SshConfig/sshconfig.c:2737: Unable to open /usr/users/makha_ma/.ssh2/identification

Assuming that you were expecting publickey
to work (which is what I use), what's in
your ~/ssh2/identification file? If you
don't have one, it should contain something
like:

IdKey basename_of_your_key_files

Re: SFTP bewteen Tru64 and Tru64 (no password)

This what I have done:

ssh-keygen2 â t dsa
cat id_dsa_2048_a.pub >> authorization and authorized_keys
cat id_dsa_2048_a >> identification
sfttp *pub and auth* files to mtnt11 in /usr/users/mtnsa/.ssh2
even deleletd the *pub file in /hostkeys
try to scp a test file like

scp test mtnsa@mtnt11:/usr/users/mtnsa and it still ask for a password????
Ivan Ferreira
Honored Contributor

Re: SFTP bewteen Tru64 and Tru64 (no password)

To simplify the proess, use the ssh-pubkeymgr command to generate and transfer the files to the right location.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Steven Schweda
Honored Contributor

Re: SFTP bewteen Tru64 and Tru64 (no password)

> cat id_dsa_2048_a.pub >> authorization and authorized_keys

~/.ssh2/authorization should contain the
_names_ of the keys, not the key data. For
example:

urtx> pwd
/usr/users/sms/.ssh2

urtx> cat authorization
Key sms_id_dsa_1024_a.pub
Key sms_npp_id_dsa_1024_a.pub


> cat id_dsa_2048_a >> identification

~/.ssh2/identification should contain the
_name_ of the key, not the key data. For
example:

urtx> cat identification
IdKey sms_npp_id_dsa_1024_a


According to "man ssh":

The filenames of private keys
that are used in authentication are stored in $HOME/.ssh2/identification.
When the user tries to authenticate himself, the server checks
$HOME/.ssh2/authorization for filenames of matching public keys [...]

Note: "filenames", not key data.

I don't have an "authorized_keys" file.

> try to scp a test file like [...]

> I'd probably start with a plain "ssh" (or
> "ssh -v") instead of "sftp", but the first
> question would be: Which method were you
> expecting to work, hostbased or publickey?

All still true.
Steven Schweda
Honored Contributor

Re: SFTP bewteen Tru64 and Tru64 (no password)

I believe that "authorized_keys" (actually
"${HOME}/.ssh/authorized_keys") is a file
used by OpenSSH (not the Tru64 SSH), and it
_does_ contain actual key data. Or, it
would, if anyone were using it, but in the
Tru64 SSH implementation, the corresponding
file is "$HOME/.ssh2/authorization", and it
contains key file names, not key data.

Similarly, "${HOME}/.ssh/identity" is the
OpenSSH analogue to
"$HOME/.ssh2/identification", and it also
contains key data, while the Tru64 SSH file
contains a key file name, not key data.

I suspect that, if you're doing anything with
an "authorized_keys" file, you're reading
OpenSSH documentation instead of the
documentation for the Tru64 SSH software
(which, as must be obvious by now, is _not_
OpenSSH).
Ann Majeske
Honored Contributor

Re: SFTP bewteen Tru64 and Tru64 (no password)

The documentation on how to set up Tru64 UNIX ssh/sftp is in the Security Adminstration manual, appendix B.

Re: SFTP bewteen Tru64 and Tru64 (no password)

Hi Guys

I am having no luck with this and have been battling for over week now. I have done what the document says but i still cannot connect without a password.

Please can somebody that has done this before, please, please, please send me the procedure in detail..I am really struggling with this one....

All I want to do is ssh {hostname} without being asked for a password...rlogin does not ask a password.

Many thanks
Steven Schweda
Honored Contributor

Re: SFTP bewteen Tru64 and Tru64 (no password)

What is the output from "ssh -v"?

What is in your "$HOME/.ssh2/authorization"
and "$HOME/.ssh2/identification" files?