HPE Community
Operating System - HP-UX
1830226 Members
1592 Online
109999 Solutions
New Discussion

Secure Shell and client configuration Questions

 
James Ellis_1
Super Advisor

‎09-25-2002 05:48 AM

‎09-25-2002 05:48 AM

Secure Shell and client configuration Questions

Hi ya'all. I have a question I'd like to ask about HP-UX Secure Shell. HP-UX Secure Shell was installed on my HP Server. Another SA installed the OpenSSH on his pc. (Eventually OpenSSH will be installed on a Win NT server.)

Now, we are able to get secure FTP working, the sample text file was successfully encrypted and ftp via this secure tunnel.

The problem: when this other SA opens a secure connection (from his pc with OpenSSH) to my HP-UX, he is prompted for his account password on my HP Server.

The documentation says its possible to configure Secure Shell in a way so that password prompting is not performed. Does anyone know how I can configure my Secure Shell or OpenSSH to not prompt a user for their password?

Thanks!
"In the middle of difficulty lies opportunity" -Einstein
0 Kudos
Reply
11 REPLIES 11
Tom Maloy
Respected Contributor

‎09-25-2002 06:04 AM

‎09-25-2002 06:04 AM

Re: Secure Shell and client configuration Questions

Each user generates their own unique keys and installs them in their directory. Then the user can choose to use Public Key authentication instead of Password authentication.

HTH

Tom
Carpe diem!
0 Kudos
Reply
James Ellis_1
Super Advisor

‎09-25-2002 06:07 AM

‎09-25-2002 06:07 AM

Re: Secure Shell and client configuration Questions

This does not apparently work with us. The user has their piblic key in my system, and when they sftp to my HP server, they are still prompted with their account password on my system. I would like to make it so that the preauthorized is already done and the user would not be prompted for their password. Thanks.
"In the middle of difficulty lies opportunity" -Einstein
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎09-25-2002 06:11 AM

‎09-25-2002 06:11 AM

Re: Secure Shell and client configuration Questions

Hi James,

Let's say you are trying to ssh from system A to system B. You can make it automated via public key authentication.

on system A.

1. Generate public/private key pair using ssh-keygen for the type of key you want to create. For ex., the following will create one for dsa.

/opt/openssh/bin/ssh-keygen -t dsa -N ""

This will generate public/private key pair with public key as your_home/.ssh/id_dsa.pub

on system B.

2. Ftp id_dsa.pub from system A and append it to your_home/.ssh/authorized_keys file. Depending on the sshd's version, it may be authorized_keys2 file.

System A.

3. Try ssh 'ing to system A. It should not prompt for the password.

However above is still an unsecured way but better when compared to remsh. You will need to vomit -N while generating the keys and it will ask you to type in a passphrase. When you do ssh, it will prompt for the passphrase. To remedy this prompt, you will need to remember the passphrase into system's memory using ssh-agent and ssh-add commands.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Keith Johnson
Valued Contributor

‎09-25-2002 06:14 AM

‎09-25-2002 06:14 AM

Re: Secure Shell and client configuration Questions

James,

We use SSH Secure Shell from ssh.com, and I don't know how it differs from your implementation. However, in our environment, we can do host-based (no PW required) authentication between Unix servers, but the product doesn't provide the same functionality between NT clients and Unix hosts.

You might try SCP vice SFTP if your implementation supports it.

HTH

KJ
No matter where you go...there you are.
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

‎09-25-2002 06:15 AM

‎09-25-2002 06:15 AM

Re: Secure Shell and client configuration Questions

Hi (Again),

Try running sshd in debug mode on HP server and observe the output while ssh 'ing to the server.

#sshd -d

If you generated and copied the public key properly and if you still are getting password prompt, it is most likely that sshd does not seem to like the permissions of the home directory of the user that is trying to get in. You will get that information from the above debug output.

Or make "StrictModes No" in sshd_config file.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Tom Maloy
Respected Contributor

‎09-25-2002 07:53 AM

‎09-25-2002 07:53 AM

Re: Secure Shell and client configuration Questions

Does your configuration file include any specifications for authentications permitted? For example,

## Authentication configurations. Hostbased is not enabled by default.
# AllowedAuthentications hostbased,publickey,password

Can you attach a config file?

Tom
Carpe diem!
0 Kudos
Reply
Andrew Cowan
Honored Contributor

‎09-25-2002 09:28 PM

‎09-25-2002 09:28 PM

Re: Secure Shell and client configuration Questions

I have had this exact problem when trying to use RSA keys. The Unix system just seems not to accept them, yet DSA works fine.
The only other problem would be caused if you are using DHCP addressing. The key probably has the IP Address that you had when you generated the key.

Good luck.
0 Kudos
Reply
Andrew Cowan
Honored Contributor

‎09-25-2002 09:31 PM

‎09-25-2002 09:31 PM

Re: Secure Shell and client configuration Questions

I have had this exact problem when trying to use RSA keys. The Unix system just seems not to accept them, yet DSA works fine.
The only other problem would be caused if you are using DHCP addressing. The key probably has the IP Address that you had when you generated the key.

Good luck.
0 Kudos
Reply
Andrew Cowan
Honored Contributor

‎09-25-2002 09:33 PM

‎09-25-2002 09:33 PM

Re: Secure Shell and client configuration Questions

I have had this exact problem when trying to use RSA keys. The Unix system just seems not to accept them, yet DSA works fine.
The only other problem could be caused if you are using DHCP addressing. The key probably has the IP Address that you had when you generated it.
Good luck.
0 Kudos
Reply
Jordan Bean
Honored Contributor

‎09-25-2002 10:25 PM

‎09-25-2002 10:25 PM

Re: Secure Shell and client configuration Questions


Other's have already addressed the server side, but it would be prudent to also verify that the ssh client is set to use public key authentication before password. For the windows client from ssh.com, check the auth method order in Settings->Profile->Authentication.

0 Kudos
Reply
Magic_Wand
Advisor

‎09-25-2002 10:28 PM

‎09-25-2002 10:28 PM

Re: Secure Shell and client configuration Questions

James,

try these steps, I've done it on about 50 servers and it works:

1) on your client type "ssh-keygen -t dsa".

2) press enter twice.

3) copy the .ssh/id_dsa.pub key to the server:~user/.ssh/authorized_keys2 file

4) you should be able to ssh without password
================================
SELECT * FROM users WHERE clue > 0
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.