HPE Community
Operating System - HP-UX
1830945 Members
2120 Online
110017 Solutions
New Discussion

sftp help

 
Loree Grenz
Occasional Visitor

‎05-16-2005 06:03 AM

‎05-16-2005 06:03 AM

sftp help

We currently have OpenSSH version 3.71 installed on our Unix server. I am trying to use sftp with -o"PasswordAuthentication yes" in interactive mode and am not being prompted for password on the other Company's system. Works fine between our internal unix hosts.
The other Company's Support staff tell us that they require 128Bit SSL encryption. Not sure how to tell if this is supported with OpenSSH. I tried using stfp -vvv to look at debug and it appears that system wants to exchange keys. The other Company doesn't want to exchange keys.

Can anyone help with the secure sftp setup between systems using PasswordAuthentication and how do I tell if this version supports 128Bit SSL?
0 Kudos
Reply
8 REPLIES 8
Denver Osborn
Honored Contributor

‎05-16-2005 06:28 AM

‎05-16-2005 06:28 AM

Re: sftp help

Im not sure what they mean by that they accept "128bit ssl" only... anyhow, did you ask them if they allow password authentication? If they don't allow password authentication then you'll need to use the methods they do allow... (public-key)

Hope this helps,
-denver
0 Kudos
Reply
Mark Grossman
Regular Advisor

‎05-18-2005 03:25 AM

‎05-18-2005 03:25 AM

Re: sftp help

Loree,
did u get anything other info from the other Company ?
We had two banks that wanted SSL ftp clients not SSH. This kind of sounds like the same thing. One bank supplied us with an ssl client ftp and for the other we purchased a very cheap but nice ftp client with ssl built in. In both cases the banks supply you with a certificatte to use for authentication. I can give you more info on the products if you want.

Mark
0 Kudos
Reply
Loree Grenz
Occasional Visitor

‎05-18-2005 11:09 AM

‎05-18-2005 11:09 AM

Re: sftp help

Hi,

The only information that I'm getting from them is that we need to use an ftp that supports 128 Bit Encryption with ssl support. So in checking it looked like I could use sftp to connect to their site, but then they stated that I needed to connect with openssl. So I tried to test an openssl connection with them using 'openssl s_client -connect host:port' and it still doesn't work.

Do you know if sftp that is supplied with openssh provide the 128 Bit Encryption with ssl support?

All help is much appreciated since I am at a loss?
0 Kudos
Reply
Denver Osborn
Honored Contributor

‎05-18-2005 03:52 PM

‎05-18-2005 03:52 PM

Re: sftp help

wow, it doesn't seem like they're too much help at all.

Possibly they only support FTP over SSL, and SFTP uses the SSH2 protocol. Try downloading a "free" secure ftp program for either windoze or Unix and and test it out to see if you get better results. Chances are an FTPS client will work for you.

Here's one link...
http://www.glub.com/products/secureftp/

good luck!
-denver
0 Kudos
Reply
Mark Grossman
Regular Advisor

‎05-19-2005 03:50 AM

‎05-19-2005 03:50 AM

Re: sftp help

Loree,
I believe you have to get an ftp client with ssl, you cant use sftp which uses ssh.

See this old thread I had - it has info on a low cost ftp/ssl client from Sterling Software which we use and is easy to set up.
http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=667043

You can also try compiling your own ftp with ssl (lftp)- but I never got it to work, although others have.

Mark


0 Kudos
Reply
Loree Grenz
Occasional Visitor

‎05-19-2005 06:37 AM

‎05-19-2005 06:37 AM

Re: sftp help

Denver,

Tried to installed secure ftp from www.glub and getting the following error.

Do you agree to the above license terms? [yes or no]
yes
Unpacking...
Checksumming...

Enter the installation prefix [/usr/local]:


Where is the Java 1.4 executable located? [/bin/java]
/opt/java1.4/jre/bin
Installing...
tar: B: unknown option
tar: usage tar [-]{txruc}[eONvVwAfblhm{op}][0-7[lmh]] [tapefile] [blocksize] [[
-C directory] file] ...
sed: Cannot find or open file /usr/local/secureftp2_5/secureftp2_5.sh.tmpl.
sed: Cannot find or open file /usr/local/secureftp2_5/ftps2_5.sh.tmpl.
Secure FTP 2.5 was successfully installed in /usr/local/secureftp2_5.

Have you tried to install this app on an HP-UX 11i system? tar -B doesn't work, tried editing out the -B option from tar, but when saving the file it writes it do a different size. I think this is because of the compile code inside the script file. The script name is secureftp2_5.bin.

Install instructions tell you to run sh secureftp2_5.bin. Also, tried wu_ftp with no luck.

Got any other suggestions to run an ftp client from a HP-UX 11i system that supports 128 Bit Encryption with SSL---I'm at a total loss

Thank You, Loree
0 Kudos
Reply
Denver Osborn
Honored Contributor

‎05-19-2005 07:04 AM

‎05-19-2005 07:04 AM

Re: sftp help

don't give up yet :)

I hadn't used one of these clients before, I just googled and found that one as an example... the point was to have you find an 'easy' to use ftps client so you could simply test out the connection to the remote server and verify that it's ftp over ssl and not ftp over ssh.

Earlier you said you tried 'openssl s_client -connect host:port', what port did you specify? I think ftp-ssl listens on port 990 by default.


-denver
0 Kudos
Reply
Loree Grenz
Occasional Visitor

‎05-19-2005 07:47 AM

‎05-19-2005 07:47 AM

Re: sftp help

Denver,

They are requiring me to use port 20021.

Thanks for your Help. Loree
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.