Re: Executing ssh or sftp using openssh

V. V. Ravi Kumar_1 · ‎03-29-2002

Hi All,

I have installed openssh (using swinstall) on my hp-ux 11.0 machine. Details as follows
openssh 2.5.1.p1
openssl 0.9.6
zlib 1.1.3

first i installed zlib then openssh after that openssl.
when i use "swlist -l fileset -a state" it is showing openssh and openssl are configured.
i have generated keys using ssh-keygen logged in as root and are stored in /opt/openssh2/etc.
i started sshd daemon successfully.

the same thing i did on the oter machine with same configuration. i have a user with the same name on both machines. i generated keys for that user in his home directory and copied public keys on to other machine authorized_keys file. but still iam unable to do ssh or sftp. is there any thing iam missing or wrongly configured.

on more thing i wish to know is system wide client and server configuration files are enough for all users to do ssh or sftp.

pl help me

rgds
ravi

Never Say No

Steve Steel · ‎03-29-2002

Hi

What errors do uou get.

Note.make sure that /usr/local/bin is in your PATH variable so that it knows where to search for the other required SSH binaries.

Steve Steel

If you want truly to understand something, try to change it. (Kurt Lewin)

Rusty Sapper · ‎03-29-2002

do you get an error message? did you create rsa keys too?

-Rusty

Darrell Allen · ‎03-29-2002

Hi ravi,

Did you create host key pairs on each system? They are required.

Use "ssh -v" for more detailed info to help identify your problem.

Darrell

"What, Me Worry?" - Alfred E. Neuman (Mad Magazine)

Craig Rants · ‎03-29-2002

What kind of key did you generate? RSA, DSA, those things matter. Also what protocol are you using? 1, 2, sftp only works with protocol 2. The key in your /opt/openssh2/etc file should say what type of key it is in the name of the file. Also, you need to edit the sshd_config and ssh_config files to get your desired result. Do a man on sshd to get all the options and see what fits your desires the best.

P.S., the versions of zlib and openssh you are using are versions that need to be upgraded because of recent vulnerability findings.

GL,
C

"In theory, there is no difference between theory and practice. But, in practice, there is. " Jan L.A. van de Snepscheut

V. V. Ravi Kumar_1 · ‎03-29-2002

Hi All,

Now the problem is solved to some extent.
The message iwas getting is as follows.

The authenticity of host 'hprk (96.0.12.5)' can't be established.
RSA1 key fingerprint is de:4a:95:7a:9e:a5:16:6b:ad:ae:d8:b1:b8:09:b0:f4.
Are you sure you want to continue connecting (yes/no)?

(i was saying no here earlier)
but, when i say yes it is displaying

Warning: Permanently added 'hprk,96.0.12.5' (RSA1) to the list of known hosts.

Then it is prompting for the password.
It should not ask password when the identity.pub is copied to the other machine as authorized_keys, but why it is asking?

but from next onwards it is asking directly password.
I have generated both RSA and DSA keys.

rgds
Ravi

Never Say No

Darrell Allen · ‎03-30-2002

Hi again,

Try the following to use ssh without a password:

-Start sshd on the remote system

-Generate key pair on local system:
ssh-keygen -t rsa
use default file name (id_rsa)
enter a passphrase

-Copy id_rsa.pub from local system to remote system's $HOME/.ssh/authorized_keys

-Run ssh-agent (no options) on the local system

-Verify SSH_AUTH_SOCK and SSH_AGENT_PID are set in your current shell (env | grep SSH). If not, set them as shown from the ssh-agent output.

-Add a passphrase into the ssh-agent's memory:
ssh-add id_rsa
enter the passphrase (the one you created the keys with) when prompted

-ssh to the remote system

Darrell

"What, Me Worry?" - Alfred E. Neuman (Mad Magazine)

V. V. Ravi Kumar_1 · ‎03-30-2002

Hi Darrel,

i tried whatever u suggested, but still iam unable to login with out password.

iam sending the ssh -v output
----
OpenSSH_2.5.1p1, SSH protocols 1.5/2.0, OpenSSL 0x0090600f
debug: Reading configuration data /opt/openssh2/etc/ssh_config
debug: ssh_connect: getuid 103 geteuid 0 anon 0
debug: Connecting to hptst [96.0.0.5] port 22.
debug: Seeded RNG with 39 bytes from programs
debug: Seeded RNG with 3 bytes from system calls
debug: Allocated local port 891.
debug: Connection established.
debug: identity file /tc4sys/cord/.ssh/identity type 3
debug: identity file /tc4sys/cord/.ssh/id_dsa type 3
debug: Remote protocol version 1.99, remote software version OpenSSH_2.5.1p1
debug: match: OpenSSH_2.5.1p1 pat ^OpenSSH
debug: Local version string SSH-1.5-OpenSSH_2.5.1p1
debug: Waiting for server public key.
debug: Received server public key (768 bits) and host key (1024 bits).
The authenticity of host 'hptst (96.0.0.5)' can't be established.
RSA1 key fingerprint is 91:4c:3e:ca:60:c6:60:63:21:7b:ee:77:9d:ba:10:ee.
Are you sure you want to continue connecting (yes/no)?

------
when i say yes again the same old procedure follows. pl suggest me what to do?

bye
Ravi

Never Say No

Wilfred Chau_1 · ‎03-30-2002

Make sure your .ssh directory is not writable by others.

Have you tried to use password athenication?

Darrell Allen · ‎03-31-2002

Hi ravi,

Does your sshd_config say "PubkeyAuthentication yes"?

I've attached a sample sshd_config.

Darrell

"What, Me Worry?" - Alfred E. Neuman (Mad Magazine)

V. V. Ravi Kumar_1 · ‎04-01-2002

Never Say No

Darrell Allen · ‎04-01-2002

You might try adding:
PubkeyAuthentication yes
AuthorizedKeysFile %h/.ssh/authorized_keys

I'm not sure if you have to stop and restart sshd after changing sshd_config so I would restart it.

Darrell

"What, Me Worry?" - Alfred E. Neuman (Mad Magazine)

V. V. Ravi Kumar_1 · ‎04-02-2002

hi Darrell,

i tried that but no use, any further suggestion please, otherwise leave it.

thanks
ravi

Never Say No

Craig Rants · ‎04-02-2002

These are my install notes and config of my sshd_config, I use this config with key authentication.

# $OpenBSD: sshd_config,v 1.48 2002/02/19 02:50:59 deraadt Exp $

# This is the sshd server system-wide configuration file. See sshd(8)
# for more information.

# This sshd was compiled with PATH=/bin:/usr/bin:/opt/openssh2/bin

# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.

Port 22
#Protocol 2,1
#ListenAddress 0.0.0.0
#ListenAddress ::

# HostKey for protocol version 1
HostKey /opt/openssh2/etc/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/openssh2/etc/ssh_host_rsa_key
#HostKey /etc/openssh2/etc/ssh_host_dsa_key

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
#ServerKeyBits 768

# Logging
#obsoletes QuietMode and FascistLogging
SyslogFacility AUTH
LogLevel INFO

# Authentication:

#LoginGraceTime 600
PermitRootLogin yes
#StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
AuthorizedKeysFile .ssh/authorized_keys

# rhosts authentication should not be used
RhostsAuthentication no
# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/openssh2/etc/ssh_known_h
osts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
IgnoreUserKnownHosts no

# To disable tunneled clear text passwords, change to no here!
PasswordAuthentication yes
PermitEmptyPasswords no

# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes

# Kerberos options
# KerberosAuthentication automatically enabled if keyfile exists
#KerberosAuthentication yes
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

# AFSTokenPassing automatically enabled if k_hasafs() is true
#AFSTokenPassing yes

# Kerberos TGT Passing only works with the AFS kaserver
#KerberosTgtPassing no

# Set this to 'yes' to enable PAM keyboard-interactive authentication
# Warning: enabling this may bypass the setting of 'PasswordAuthentication'
#PAMAuthenticationViaKbdInt yes

X11Forwarding yes
X11DisplayOffset 10
X11UseLocalhost yes
PrintMotd yes
PrintLastLog yes
#KeepAlive yes
#UseLogin no

#MaxStartups 10
# no default banner path
#Banner /some/path
#VerifyReverseMapping no

# override default of no subsystems
Subsystem sftp /opt/openssh2/libexec/sftp-server

"In theory, there is no difference between theory and practice. But, in practice, there is. " Jan L.A. van de Snepscheut

Deshpande Prashant · ‎04-02-2002

HI
This is how I did it
On both machines generate keys.

/opt/openssh2/bin/ssh-keygen -b 1024 -t rsa1 -n ""
/opt/openssh2/bin/ssh-keygen -b 1024 -t sa1 -n ""
/opt/openssh2/bin/ssh-keygen -b 1024 -t dsa -n ""

Accept the default names.
Cat all *.pub keys from both machines in to a files authorized_keys.
All these keys and the authorized_keys file should be in .ssh directory of users home directory.

Thanks.
Prashant.

Take it as it comes.

Unxi · ‎09-27-2002

Methinks the client needs to be told not to use passwordauthentication, ie edit your /etc/ssh/ssh_config and change the PasswordAuthentication no

Robert hangingaround at nerdbar com

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: Executing ssh or sftp using openssh

Executing ssh or sftp using openssh