HPE Community
Operating System - HP-UX
1833896 Members
1897 Online
110063 Solutions
New Discussion

Executing ssh or sftp using openssh

 
SOLVED
Go to solution
V. V. Ravi Kumar_1
Respected Contributor

‎03-29-2002 04:36 AM

‎03-29-2002 04:36 AM

Executing ssh or sftp using openssh

Hi All,

I have installed openssh (using swinstall) on my hp-ux 11.0 machine. Details as follows
openssh 2.5.1.p1
openssl 0.9.6
zlib 1.1.3

first i installed zlib then openssh after that openssl.
when i use "swlist -l fileset -a state" it is showing openssh and openssl are configured.
i have generated keys using ssh-keygen logged in as root and are stored in /opt/openssh2/etc.
i started sshd daemon successfully.

the same thing i did on the oter machine with same configuration. i have a user with the same name on both machines. i generated keys for that user in his home directory and copied public keys on to other machine authorized_keys file. but still iam unable to do ssh or sftp. is there any thing iam missing or wrongly configured.

on more thing i wish to know is system wide client and server configuration files are enough for all users to do ssh or sftp.

pl help me

rgds
ravi
Never Say No
0 Kudos
Reply
15 REPLIES 15
Steve Steel
Honored Contributor

‎03-29-2002 05:36 AM

‎03-29-2002 05:36 AM

Re: Executing ssh or sftp using openssh

Hi


What errors do uou get.


Note.make sure that /usr/local/bin is in your PATH variable so that it knows where to search for the other required SSH binaries.


Steve Steel
If you want truly to understand something, try to change it. (Kurt Lewin)
0 Kudos
Reply
Rusty Sapper
Frequent Advisor

‎03-29-2002 05:39 AM

‎03-29-2002 05:39 AM

Re: Executing ssh or sftp using openssh

do you get an error message? did you create rsa keys too?



-Rusty
0 Kudos
Reply
Darrell Allen
Honored Contributor

‎03-29-2002 05:49 AM

‎03-29-2002 05:49 AM

Re: Executing ssh or sftp using openssh

Hi ravi,

Did you create host key pairs on each system? They are required.

Use "ssh -v" for more detailed info to help identify your problem.

Darrell
"What, Me Worry?" - Alfred E. Neuman (Mad Magazine)
0 Kudos
Reply
Craig Rants
Honored Contributor

‎03-29-2002 05:57 AM

‎03-29-2002 05:57 AM

Re: Executing ssh or sftp using openssh

What kind of key did you generate? RSA, DSA, those things matter. Also what protocol are you using? 1, 2, sftp only works with protocol 2. The key in your /opt/openssh2/etc file should say what type of key it is in the name of the file. Also, you need to edit the sshd_config and ssh_config files to get your desired result. Do a man on sshd to get all the options and see what fits your desires the best.

P.S., the versions of zlib and openssh you are using are versions that need to be upgraded because of recent vulnerability findings.

GL,
C
"In theory, there is no difference between theory and practice. But, in practice, there is. " Jan L.A. van de Snepscheut
0 Kudos
Reply
V. V. Ravi Kumar_1
Respected Contributor

‎03-29-2002 10:39 PM

‎03-29-2002 10:39 PM

Re: Executing ssh or sftp using openssh

Hi All,

Now the problem is solved to some extent.
The message iwas getting is as follows.

The authenticity of host 'hprk (96.0.12.5)' can't be established.
RSA1 key fingerprint is de:4a:95:7a:9e:a5:16:6b:ad:ae:d8:b1:b8:09:b0:f4.
Are you sure you want to continue connecting (yes/no)?

(i was saying no here earlier)
but, when i say yes it is displaying

Warning: Permanently added 'hprk,96.0.12.5' (RSA1) to the list of known hosts.

Then it is prompting for the password.
It should not ask password when the identity.pub is copied to the other machine as authorized_keys, but why it is asking?

but from next onwards it is asking directly password.
I have generated both RSA and DSA keys.

rgds
Ravi
Never Say No
0 Kudos
Reply
Darrell Allen
Honored Contributor

‎03-30-2002 07:22 AM

‎03-30-2002 07:22 AM

Re: Executing ssh or sftp using openssh

Hi again,

Try the following to use ssh without a password:

-Start sshd on the remote system

-Generate key pair on local system:
ssh-keygen -t rsa
use default file name (id_rsa)
enter a passphrase

-Copy id_rsa.pub from local system to remote system's $HOME/.ssh/authorized_keys

-Run ssh-agent (no options) on the local system

-Verify SSH_AUTH_SOCK and SSH_AGENT_PID are set in your current shell (env | grep SSH). If not, set them as shown from the ssh-agent output.

-Add a passphrase into the ssh-agent's memory:
ssh-add id_rsa
enter the passphrase (the one you created the keys with) when prompted

-ssh to the remote system

Darrell
"What, Me Worry?" - Alfred E. Neuman (Mad Magazine)
0 Kudos
Reply
V. V. Ravi Kumar_1
Respected Contributor

‎03-30-2002 07:51 PM

‎03-30-2002 07:51 PM

Re: Executing ssh or sftp using openssh

Hi Darrel,

i tried whatever u suggested, but still iam unable to login with out password.

iam sending the ssh -v output
----
OpenSSH_2.5.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090600f
debug: Reading configuration data /opt/openssh2/etc/ssh_config
debug: ssh_connect: getuid 103 geteuid 0 anon 0
debug: Connecting to hptst [96.0.0.5] port 22.
debug: Seeded RNG with 39 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: Allocated local port 891.
debug: Connection established.
debug: identity file /tc4sys/cord/.ssh/identity type 3
debug: identity file /tc4sys/cord/.ssh/id_dsa type 3
debug: Remote protocol version 1.99, remote software version OpenSSH_2.5.1p1
debug: match: OpenSSH_2.5.1p1 pat ^OpenSSH
debug: Local version string SSH-1.5-OpenSSH_2.5.1p1
debug: Waiting for server public key.
debug: Received server public key (768 bits) and host key (1024 bits).
The authenticity of host 'hptst (96.0.0.5)' can't be established.
RSA1 key fingerprint is 91:4c:3e:ca:60:c6:60:63:21:7b:ee:77:9d:ba:10:ee.
Are you sure you want to continue connecting (yes/no)?

------
when i say yes again the same old procedure follows. pl suggest me what to do?

bye
Ravi
Never Say No
0 Kudos
Reply
Wilfred Chau_1
Respected Contributor

‎03-30-2002 08:00 PM

‎03-30-2002 08:00 PM

Re: Executing ssh or sftp using openssh

Make sure your .ssh directory is not writable by others.

Have you tried to use password athenication?
0 Kudos
Reply
Darrell Allen
Honored Contributor

‎03-31-2002 03:02 PM

‎03-31-2002 03:02 PM

Solution

Re: Executing ssh or sftp using openssh

Hi ravi,

Does your sshd_config say "PubkeyAuthentication yes"?

I've attached a sample sshd_config.

Darrell
"What, Me Worry?" - Alfred E. Neuman (Mad Magazine)
Reply
V. V. Ravi Kumar_1
Respected Contributor

‎04-01-2002 06:46 AM

‎04-01-2002 06:46 AM

Re: Executing ssh or sftp using openssh

 
Never Say No
0 Kudos
Reply
Darrell Allen
Honored Contributor

‎04-01-2002 07:20 AM

‎04-01-2002 07:20 AM

Re: Executing ssh or sftp using openssh

You might try adding:
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys

I'm not sure if you have to stop and restart sshd after changing sshd_config so I would restart it.

Darrell
"What, Me Worry?" - Alfred E. Neuman (Mad Magazine)
0 Kudos
Reply
V. V. Ravi Kumar_1
Respected Contributor

‎04-02-2002 06:30 AM

‎04-02-2002 06:30 AM

Re: Executing ssh or sftp using openssh

hi Darrell,

i tried that but no use, any further suggestion please, otherwise leave it.

thanks
ravi
Never Say No
0 Kudos
Reply
Craig Rants
Honored Contributor

‎04-02-2002 06:34 AM

‎04-02-2002 06:34 AM

Re: Executing ssh or sftp using openssh

These are my install notes and config of my sshd_config, I use this config with key authentication.

# $OpenBSD: sshd_config,v 1.48 2002/02/19 02:50:59 deraadt Exp $

# This is the sshd server system-wide configuration file. See sshd(8)
# for more information.

# This sshd was compiled with PATH=/bin:/usr/bin:/opt/openssh2/bin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.

Port 22
#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
HostKey /opt/openssh2/etc/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/openssh2/etc/ssh_host_rsa_key
#HostKey /etc/openssh2/etc/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
#ServerKeyBits 768

# Logging
#obsoletes QuietMode and FascistLogging
SyslogFacility AUTH
LogLevel INFO

# Authentication:

#LoginGraceTime 600
PermitRootLogin yes
#StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

# rhosts authentication should not be used
RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/openssh2/etc/ssh_known_h
osts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
IgnoreUserKnownHosts no

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Kerberos options
# KerberosAuthentication automatically enabled if keyfile exists
#KerberosAuthentication yes
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

# AFSTokenPassing automatically enabled if k_hasafs() is true
#AFSTokenPassing yes

# Kerberos TGT Passing only works with the AFS kaserver
#KerberosTgtPassing no

# Set this to 'yes' to enable PAM keyboard-interactive authentication
# Warning: enabling this may bypass the setting of 'PasswordAuthentication'
#PAMAuthenticationViaKbdInt yes

X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost yes
PrintMotd yes
PrintLastLog yes
#KeepAlive yes
#UseLogin no

#MaxStartups 10
# no default banner path
#Banner /some/path
#VerifyReverseMapping no

# override default of no subsystems
Subsystem sftp /opt/openssh2/libexec/sftp-server
"In theory, there is no difference between theory and practice. But, in practice, there is. " Jan L.A. van de Snepscheut
0 Kudos
Reply
Deshpande Prashant
Honored Contributor

‎04-02-2002 07:31 AM

‎04-02-2002 07:31 AM

Re: Executing ssh or sftp using openssh

HI
This is how I did it
On both machines generate keys.

/opt/openssh2/bin/ssh-keygen -b 1024 -t rsa1 -n ""
/opt/openssh2/bin/ssh-keygen -b 1024 -t sa1 -n ""
/opt/openssh2/bin/ssh-keygen -b 1024 -t dsa -n ""

Accept the default names.
Cat all *.pub keys from both machines in to a files authorized_keys.
All these keys and the authorized_keys file should be in .ssh directory of users home directory.

Thanks.
Prashant.

Take it as it comes.
0 Kudos
Reply
Unxi
New Member

‎09-27-2002 03:12 AM

‎09-27-2002 03:12 AM

Re: Executing ssh or sftp using openssh

Methinks the client needs to be told not to use passwordauthentication, ie edit your /etc/ssh/ssh_config and change the PasswordAuthentication no

Robert hangingaround at nerdbar com
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.