HPE Community
Operating System - HP-UX
1752579 Members
3570 Online
108788 Solutions
New Discussion юеВ

Re: ssh question

 
navin
Super Advisor

тАО11-05-2009 04:54 PM

тАО11-05-2009 04:54 PM

ssh question

trying to setup passwd less ssh from hp to sun.
copied dsa key to sun servers authorized key - still it's prompting for the passwd.
1) checked the permissions of .ssh and authorized keys on target servers
2) this is for root user...

any idea .

target servers ssh version
OpenSSH_3.7, SSH protocols 1.5/2.0, OpenSSL 0.9.7c 30 Sep 2003
HP-UX_Secure_Shell-A.03.71.006.%ic71N, HP_UX Secure Shell version

source server

ssh: F-Secure SSH 3.3.0 (build 14) on sparc-sun-solaris2.8

Much appreciated
Learning ...
0 Kudos
Reply
6 REPLIES 6
Steven Schweda
Honored Contributor

тАО11-05-2009 05:16 PM

тАО11-05-2009 05:16 PM

Re: ssh question

> copied dsa key to sun servers authorized
> key - still it's prompting for the passwd.

Add "-v" to an ssh command, and show us the
output.

> 1) checked the permissions [...]

I'm glad that you're happy, but actual
evidence ("ls -l", say) might be more
persuasive.

A Forum search for "ssh" would find many old
threads with similar questions/problems (and
solutions). Did you look?
0 Kudos
Reply
Steven Schweda
Honored Contributor

тАО11-05-2009 08:34 PM

тАО11-05-2009 08:34 PM

Re: ssh question

> ssh: F-Secure SSH 3.3.0 (build 14) on sparc-sun-solaris2.8

So, not Sun's SSH. (Also, pretty old.) If
this SSH product follows the SSH2 pattern
instead of the OpenSSH pattern, then OpenSSH
key files (like what you would have on your
HP-UX system) and other set-up details may
not work on the Solaris system.

Again, many old Forum threads discuss SSH key
file conversion. If you have any
documentation on this SSH product, it may
reveal something. Worst case, generate a set
of key files on the Solaris system, and see
if they look anything like the key files on
the HP-UX system. If not, then they may need
conversion.
0 Kudos
Reply
Tingli
Esteemed Contributor

тАО11-06-2009 09:14 AM

тАО11-06-2009 09:14 AM

Re: ssh question

Since it says checking the permission, then you need to check them. They are $HOME/.ssh, $HOME/.ssh/authorized_keys, and $HOME.

I believe none of them should be group writable, not to mention all.
0 Kudos
Reply
Vishu
Trusted Contributor

тАО11-06-2009 09:30 AM

тАО11-06-2009 09:30 AM

Re: ssh question

Hi navin,

pretty old SSH versions.

anyways, permissions of $HOME/.ssh should not be group writable.

to make password less SSH.

1) generate keys on the HP (client) server.
2) copy the dsa.pub keys to $HOME/.ssh/authorized_keys on the SUN (source) server.
3) Now, do ssh and let it add the add to the known_hosts file.

if it does not work out. then please paste the output of 'ssh -v' here.
0 Kudos
Reply
OldSchool
Honored Contributor

тАО11-06-2009 09:47 AM

тАО11-06-2009 09:47 AM

Re: ssh question

Tingli:

"Since it says checking the permission, then you need to check them. They are $HOME/.ssh, $HOME/.ssh/authorized_keys, and $HOME."

ssh never said anything....the OP *said* that *he* checked them. No proof of that, or list of what they are.



Vishu:

"anyways, permissions of $HOME/.ssh should not be group writable.

to make password less SSH.

1) generate keys on the HP (client) server.
2) copy the dsa.pub keys to $HOME/.ssh/authorized_keys on the SUN (source) server.
3) Now, do ssh and let it add the add to the known_hosts file."


Permissions on $HOME/.ssh (and the files within), as well as $HOME all play a part. This can be bypassed if necessary by setting "StrictModes no" in sshd_config file.

also, the OP seems to indicate that he's already done the bits you've suggested, but the connection doesn't work.

I'd *start* with debugging output, as Steven noted, otherwise everything is just guessing....and my crystal ball is out of service at the moment.


Also, google seems to turn up a lot of hits regarding F-Secure and OpenSSH connection issues. I suspect Steven is correct in that at least some of the details regarding keys between the two differ.....
0 Kudos
Reply
Steven Schweda
Honored Contributor

тАО11-06-2009 11:19 AM

тАО11-06-2009 11:19 AM

Re: ssh question

> Also, google seems to turn up [...]

Yup. From what I can see, all signs point to
F-Secure SSH using SSH2 key files.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.