System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

SFTP issue need for solution

suresh04
Advisor

SFTP issue need for solution

hi

i need to enable sftp on hpux 11.23 server and let me know which file need to edit for without promting password.

Regards,
B.Suresh
5 REPLIES
Steven Schweda
Honored Contributor

Re: SFTP issue need for solution

Install the software?

https://h20392.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=T1471AA

Read the documentation?

http://bizsupport1.austin.hp.com/bc/docs/support/SupportManual/c02031523/c02031523.pdf

Forum search for keywords like, say,

sftp password
or
ssh passwordless

(or almost anything similar)?
Steven E. Protter
Exalted Contributor

Re: SFTP issue need for solution

Shalom,

Two relevant articles.

Restricting to public key authentication (disallowing interactive)
http://www.hpux.ws/?p=19

Password free ssh/scp/sftp
http://www.hpux.ws/?p=10

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Tingli
Esteemed Contributor

Re: SFTP issue need for solution

Use ssh-keygen to create private and public keys first.
suresh04
Advisor

Re: SFTP issue need for solution

Hi,

$ /opt/ssh/bin/sftp -v mdbuild@10.132.1.167
Connecting to 10.132.1.167...
OpenSSH_4.5p1+sftpfilecontrol-v1.1-hpn12v14, OpenSSL 0.9.7l 28 Sep 2006
HP-UX Secure Shell-A.04.50.021, HP-UX Secure Shell version
debug1: Reading configuration data /opt/ssh/etc/ssh_config
debug1: Connecting to 10.132.1.167 [10.132.1.167] port 22.
debug1: Connection established.
debug1: identity file /export/vol01/mdbuild/.ssh/identity type -1
debug1: identity file /export/vol01/mdbuild/.ssh/id_rsa type 1
debug1: identity file /export/vol01/mdbuild/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_4.5p1+sftpfilecontrol-v1.1-hpn12v14
debug1: match: OpenSSH_4.5p1+sftpfilecontrol-v1.1-hpn12v14 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.5p1+sftpfilecontrol-v1.1-hpn12v14
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host '10.132.1.167' is known and matches the RSA host key.
debug1: Found key in /export/vol01/mdbuild/.ssh/known_hosts:7
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /export/vol01/mdbuild/.ssh/identity
debug1: Offering public key: /export/vol01/mdbuild/.ssh/id_rsa
debug1: Authentications that can continue: publickey,password
debug1: Trying private key: /export/vol01/mdbuild/.ssh/id_dsa
debug1: Next authentication method: password
mdbuild@10.132.1.167's password:

Here its prompting password my quesiton is without prompting password how we will enter and which file need to be edited.

Please help me reagarding this.

Regards,
B.suresh
Raj Briden
Frequent Advisor

Re: SFTP issue need for solution

When using a batchfile with the sftp command (sftp -b ), first create the user to authenticate using keys instead of passwords.

Setting up the ssh user to login without a password

This section describes how to set up ssh without prompting for passwords (it authenticates with the key).

In this example, gozo is the ssh client, lei is the ssh server.

What you type is in double quotation "" .

Make sure you have the same user account on both the client and server machines. In this example, the user is wilford .

On the client machine, make sure there is an entry for the server machine in the .ssh/known_hosts file.

This can be done quickly by simply ssh to the server:

gozo> "ssh lei"

If the entry is not in your known_hosts file, you will get prompted for adding this host to the list of known hosts. Answer YES .

On the Client machine , click Generate the key :


gozo> "cd ~wilford"
gozo> "ssh-keygen -t rsa"


Just click Return for the passphrase , this will generate two files:


.ssh/id_rsa (private key)
.ssh/id_rsa.pub (public key)



On the client, copy the public key to the server:

gozo> "scp .ssh/id_rsa.pub lei:gozo.rsa.pub"

You will be prompted for the password for this user; go ahead and type it.

On the client, make sure there is an .ssh directory on the server for this user.


gozo> "ssh lei"
password: Input your password



Make sure this .ssh directory exist and has 744 permissions -rwxr--râ , otherwise create it:


lei> "mkdir .ssh"
lei> "chmod 744 .ssh"



On the server, copy the key on the server to the correct location and correct permissions.

First, check for an authorized_keys file:

lei> "ll .ssh"

if the authorized_keys file does not exist, then follow step a. If the authorized_keys file exists, follow step b.:


lei> "cp gozo.rsa.pub .ssh/authorized_keys"
lei> "chmod 700 .ssh/authorized_keys"



lei> "cat gozo.rsa.pub >> .ssh/authorized_keys"

On the client, test as follows:

gozo> "ssh lei"

This should login without prompting for a password.

Check the /var/adm/syslog/syslog.log on both the client and server for errors from ssh or sshd .

Setting up the batch file for use with sftp

Sample batch file:


# cat /batchcmds
!echo BEGIN
cd /tmp/test
mput file*.txt
!echo END
#



Executing the sftp command with the batch file:


# sftp -b /sftpcmds wilford@lei

sftp> !echo BEGIN BEGIN
sftp> cd /tmp/test
sftp> mget file*.txt
Fetching /tmp/test/file001.txt to file001.txt
Fetching /tmp/test/file002.txt to file002.txt
sftp> !echo END
END