HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

How I can sftp to localhost without password on hp-ux 11.23 ?

 
SOLVED
Go to solution
wuttipong
Occasional Visitor

How I can sftp to localhost without password on hp-ux 11.23 ?

Hi,
I'm having problem from sftp to localhost my develop server.


#ssh -vvv abaper@sesapdv1
OpenSSH_4.5p1+sftpfilecontrol-v1.1-hpn12v14, OpenSSL 0.9.7l 28 Sep 2006
HP-UX Secure Shell-A.04.50.021, HP-UX Secure Shell version
debug1: Reading configuration data /opt/ssh/etc/ssh_config
debug3: RNG is ready, skipping seeding
debug2: ssh_connect: needpriv 0
debug1: Connecting to sesapdv1 [10.151.26.77] port 22.
debug1: Connection established.
debug3: Not a RSA1 key file /usr/sap/DV1/DVEBMGS00/work/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /usr/sap/DV1/DVEBMGS00/work/.ssh/id_rsa type 1
debug3: Not a RSA1 key file /usr/sap/DV1/DVEBMGS00/work/.ssh/id_dsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: missing keytype
debug1: identity file /usr/sap/DV1/DVEBMGS00/work/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.5p1+sftpfilecontrol-v1.1-hpn12v14
debug1: match: OpenSSH_4.5p1+sftpfilecontrol-v1.1-hpn12v14 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.5p1+sftpfilecontrol-v1.1-hpn12v14
debug2: fd 4 setting O_NONBLOCK
debug3: RNG is ready, skipping seeding
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit: none,zlib@openssh.com,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diffie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour128,arcfour256,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se,aes128-ctr,aes192-ctr,aes256-ctr
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@openssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 134/256
debug2: bits set: 509/1024
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /usr/sap/DV1/DVEBMGS00/work/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 1
debug3: check_host_in_hostfile: filename /usr/sap/DV1/DVEBMGS00/work/.ssh/known_hosts
debug3: check_host_in_hostfile: match line 2
debug1: Host 'sesapdv1' is known and matches the RSA host key.
debug1: Found key in /usr/sap/DV1/DVEBMGS00/work/.ssh/known_hosts:1
debug2: bits set: 517/1024
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug2: key: /usr/sap/DV1/DVEBMGS00/work/.ssh/id_rsa (4004eee0)
debug2: key: /usr/sap/DV1/DVEBMGS00/work/.ssh/id_dsa (400366b0)
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug3: start over, passed a different list publickey,password,keyboard-interactive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Offering public key: /usr/sap/DV1/DVEBMGS00/work/.ssh/id_rsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Offering public key: /usr/sap/DV1/DVEBMGS00/work/.ssh/id_dsa
debug3: send_pubkey_test
debug2: we sent a publickey packet, wait for reply
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:

PS:I genereted the keys with user abaper and put the public in authrized_keys.

Any hints are highly appreciated.

Wuttipong.
5 REPLIES
Steven Schweda
Honored Contributor
Solution

Re: How I can sftp to localhost without password on hp-ux 11.23 ?

> [...] hp-ux 11.23 [...]

Actual output from "uname -a" would tell us
more.

Why ask an HP-UX question in a Tru64 forum?

http://forums.itrc.hp.com/service/forums/familyhome.do?familyId=117

> OpenSSH_4.5p1+sftpfilecontrol-v1.1-hpn12v14, OpenSSL 0.9.7l 28 Sep 2006
> HP-UX Secure Shell-A.04.50.021, HP-UX Secure Shell version

Not very close to the latest version, is it?

> I'm having problem from sftp to localhost
> my develop server.

Is that one system or two systems?

> debug3: Not a RSA1 key file /usr/sap/DV1/DVEBMGS00/work/.ssh/id_rsa.
> debug2: key_type_from_name: unknown key type '-----BEGIN'
> debug3: key_read: missing keytype
> debug3: key_read: missing whitespace
> [...]

Where did you get this key file? Is it an
OpenSSH-format key file? (Apparently not.)

> PS:I genereted the keys with user abaper
> and put the public in authrized_keys.

Generated them how? Where? Did what with
them?

As usual, showing actual commands with their
actual output can be more helpful than vague
descriptions and interpretations.

Also, a Forum search for keywords like, say,
ssh password
or:
ssh passwordless
should find dozens of old threads on this
topic. You might look at them.
Jim Walls
Trusted Contributor

Re: How I can sftp to localhost without password on hp-ux 11.23 ?

The key you are using appears to be corrupt!

You should generate the key-pair using ssh-keygen.

Refer to the man page for more details.

Also; make sure user's .ssh directory has permissions of 700 at most, the authorized_keys has 600, and that the user's home directory does not have group-write permissions.

Check the syslog for sshd messages if you have further problems.
Chandrahasa s
Valued Contributor

Re: How I can sftp to localhost without password on hp-ux 11.23 ?

Hi,

Go through attached document will help you.


Chandra
Steven Schweda
Honored Contributor

Re: How I can sftp to localhost without password on hp-ux 11.23 ?

> The key you are using appears to be corrupt!

It may a perfectly valid key, but in the
wrong format for OpenSSH. If it begins like
this:

---- BEGIN SSH2 PUBLIC KEY ----

or:

---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----

and ends like this:

---- END SSH2 PUBLIC KEY ---

or:

---- END SSH2 ENCRYPTED PRIVATE KEY ----

then I'd guess that you're looking at
SSH2-format key files, not OpenSSH-format
key files.

> Generated them how? Where? [...]

Still wondering...

You might try:

man ssh-keygen

and see if it has an option for converting an
SSH2-format key into an OpenSSH-format key.
wuttipong
Occasional Visitor

Re: How I can sftp to localhost without password on hp-ux 11.23 ?

Hi,all

I can solved this problem.The server can ssh&sftp itself.

First:
My OS Version is B.11.23 U ia64 and I updated OpenSSH&OpenSSL to latest version.

Next:
Then try again,It still a problem.

Next:
- I try ssh from root to root .It OK.
- Try ssh from root to XXX user in machine.Not Ok.

Next:
I try and try ....and try.It not work.

<>:
- I found something in /opt/ssh/etc/sshd_config.The parameter "AuthorizedKeysFile" point to /.ssh/authorized_keys.Try append public key from XXX user to /.ssh/authorized_keys and test again.It not OK.

#cat /home/XXX/.ssh/id_rsa.pub >> /.ssh/authorized_keys

- I found permission of /.ssh is 700 and /.ssh/authorized_keys is 600. Change to 755 and 644 ,then test ssh from XXX to itself again. It OK !!

#chmod 755 /.ssh
#chmod 644 /.ssh/authorized_keys

--------------------------------------------

PS:
- I want test update /opt/ssh/etc/sshd_config,change
Old = AuthorizedKeysFile /.ssh/authorized_keys
New = AuthorizedKeysFile ~/.ssh/authorized_keys

- stop/start ssh servive.

#/sbin/init.d/secsh stop
#/sbin/init.d/secsh start

- Test ssh again.It not work.

Thanks.