HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

sftp authentication using private key passphrase prompt

 
SOLVED
Go to solution
Paul Maglinger
Regular Advisor

sftp authentication using private key passphrase prompt

Running HP-UX 11.23

 

This vendor that we are dealing with is wanting us to use sftp authentication from a HP-UX client based on a private key generated by PuttyGen on a Windows workstation.  I was able to get this to work after converting that key to OpenSSH and by using:

 

# sftp -o IdentityFile=~/.ssh/filename username@sftp-site.website.com 22

 

but after running this command I then get prompted for the passphrase each time.  After entering the passphrase I am then allowed in.  Does anyone have any suggestions on why it continues to ask for the passphrase?  If there is not a way around it, is there a way to automate the entering of the passphrase?  Google searches came up with suggestions of using a 3rd-party solution like keychain.  I didn't see any other options.  A -v in the command line gives me:

 

(systemname:user)[/user01/user] sftp -o IdentityFile=~/.ssh/filename username@sftp-site.website.com 22

Connecting to sftp-site.website.com...

OpenSSH_4.5p1+sftpfilecontrol-v1.1-hpn12v14, OpenSSL 0.9.7l 28 Sep 2006

HP-UX Secure Shell-A.04.50.021, HP-UX Secure Shell version

debug1: Reading configuration data /opt/ssh/etc/ssh_config

debug1: Connecting to sftp-site.website.com [###.###.###.###] port 22.

debug1: Connection established.

debug1: identity file /user01/user/.ssh/filename type -1

debug1: Remote protocol version 2.0, remote software version OpenSSH_5.4p1+sftpfilecontrol-v1.3

debug1: match: OpenSSH_5.4p1+sftpfilecontrol-v1.3 pat OpenSSH*

debug1: Remote is NON-HPN aware

debug1: Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_4.5p1+sftpfilecontrol-v1.1-hpn12v14

debug1: SSH2_MSG_KEXINIT sent

debug1: SSH2_MSG_KEXINIT received

debug1: kex: server->client aes128-cbc hmac-md5 none

debug1: kex: client->server aes128-cbc hmac-md5 none

debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP

debug1: SSH2_MSG_KEX_DH_GEX_INIT sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY

debug1: Host 'sftp-site.website.com' is known and matches the RSA host key.

debug1: Found key in /user01/user/.ssh/known_hosts:33

debug1: ssh_rsa_verify: signature correct

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug1: SSH2_MSG_NEWKEYS received

debug1: SSH2_MSG_SERVICE_REQUEST sent

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug1: Authentications that can continue: publickey,password

debug1: Next authentication method: publickey

debug1: Trying private key: /user01/user/.ssh/filename

debug1: PEM_read_PrivateKey failed

debug1: read PEM private key done: type <unknown>

Enter passphrase for key '/user01/user/.ssh/filename':

debug1: read PEM private key done: type RSA

debug1: Authentication succeeded (publickey).

debug1: Final hpn_buffer_size = 131072

debug1: channel 0: new [client-session]

debug1: Entering interactive session.

debug1: Sending subsystem: sftp

sftp>

4 REPLIES
Steven Schweda
Honored Contributor

Re: sftp authentication using private key passphrase prompt

 
Paul Maglinger
Regular Advisor

Re: sftp authentication using private key passphrase prompt

This method wasn't my idea at all.  The vendor came up with it.  I'm just trying to make it work with the least user intervention.

Solution

Re: sftp authentication using private key passphrase prompt

>Does anyone have any suggestions on why it continues to ask for the passphrase?

 

Because you are missing some documentation about how ssh passphrases work.

 

You have to cache the passphrase with ssh-agent and ssh-add:

http://h30499.www3.hp.com/t5/System-Administration/ssh-without-password/m-p/4318471

http://h30499.www3.hp.com/t5/System-Administration/Help-me-with-passwordless-login/m-p/4188573

 

So if the agent terminates, you'll have to start the agent all over.

Paul Maglinger
Regular Advisor

Re: sftp authentication using private key passphrase prompt

After posting the issue I was having with the vendor's tracking system, they decided to go ahead with using the public key generated by the originating server.   As you might well guess, it is working now without password or passphrase prompts.  Thank you all for your time.  i appreciate the feedback.