HPE Community
Operating System - OpenVMS
1752780 Members
6316 Online
108789 Solutions
New Discussion юеВ

Re: SFTP from OpenVMS Alpha V8.3 to Windows 2003 Server r2

 
Ronald Russik
Occasional Advisor

тАО03-04-2010 08:15 AM

тАО03-04-2010 08:15 AM

SFTP from OpenVMS Alpha V8.3 to Windows 2003 Server r2

Good Morning,

I'm attempting to setup SFTP to a new customer. We will be the client (OpenVMS V8.3) and our customer is a; Windows 2003 Server R2 Standard Edition SP2 (32 bit), and the SFTP service itself is Van Dyke Technologies, VShell Version 3.0.1.

We are running the following;

$ tcpip show ver

HP TCP/IP Services for OpenVMS Alpha Version V5.6 - ECO 3
on an AlphaServer ES45 Model 2 running OpenVMS V8.3

$ ssh2 -v
debug( 4-MAR-2010 11:00:58.70): Ssh2/SSH2.C:1896: CRTL version (SYS$SHARE:DECC$S
HR.EXE ident) is V8.3-01
debug( 4-MAR-2010 11:00:58.75): SshAppCommon/SSHAPPCOMMON.C:313: Allocating glob
al SshRegex context.
warning: You didn't specify a host name.
Type dsa736:[sys2.syscommon.][sysexe]tcpip$ssh_ssh2.exe;1 -h for help.

$ sftp -v
Sftp2/SFTP2.C:5183: CRTL version (SYS$SHARE:DECC$SHARE ident) is: V8.3-01

SshFileCopy/SSHFILECOPY.C:1354: Making local connection.
Ssh2SftpServer/SSHFILEXFERS.C:2120: Received SSH_FXP_INIT
Ssh2SftpServer/SSHFILEXFERS.C:2165: version is 999
Ssh2SftpServer/SSHFILEXFERS.C:2227: Sending SSH_FXP_VERSION with sftp-version@op
envms.hp.com as 3
SshFileXferClient/SSHFILEXFERC.C:1432: ssh_file_client_receive_proc: coming in w
ith extension data, OpenVMS host
SshFileXferClient/SSHFILEXFERC.C:1478: vms_plus_sftp_version = 3
SshFileCopy/SSHFILECOPY.C:1293: Connection to local, ready to serve requests.
Sftp2/SFTP2.C:822: Connection ready.
SshReadLine/SSHREADLINE.C:3662: Initializing ReadLine...
sftp> exit
SshReadLine/SSHREADLINE.C:3728: Uninitializing ReadLine...

When I attempt to SFTP to our customer I get the below warning (Could not read private key):

$ sftp HOLLAND@SFTP1.NEUCG.NET
warning: Could not read private key /DSA999/smtools/ssh2/HOLLAND-SFTP1_NEUCG_NET
holland@sftp1.neucg.net's password:
sftp> ls -l
0 Dec 18, 2009 13:43 test/
sftp> exit

$ dir/prot AUTHORIZATION.;1

Directory DSA999:[SMTOOLS.SSH2]

AUTHORIZATION.;1 (RWED,RWED,RWED,RWED)

Total of 1 file.
$ type AUTHORIZATION.;1

KEY STE3031-FTSQA_JPMCHASE_COM.PUB
KEY STE3031-FTS_JPMCHASE_COM.PUB
KEY EBCA5745-STM_EXPERIAN_COM.PUB
KEY HOLLAND-SFTP1_NEUCG_NET.PUB

$ dir/prot HOLLAND-SFTP1_NEUCG_NET.PUB

Directory DSA999:[SMTOOLS.SSH2]

HOLLAND-SFTP1_NEUCG_NET.PUB;1
(RWED,RWED,RWED,RWED)

Total of 1 file.

$ dir/prot IDENTIFICATION.;1

Directory DSA999:[SMTOOLS.SSH2]

IDENTIFICATION.;1 (RWED,RWED,RWED,RWED)

Total of 1 file.

$type IDENTIFICATION.;1




IdKey STE3031-FTSQA_JPMCHASE_COM
IdKey STE3031-FTS_JPMCHASE_COM
IdKey EBCA5745-STM_EXPERIAN_COM
IdKey HOLLAND-SFTP1_NEUCG_NET

I'm not certain what is causing this. Any help would be greatly appreciated.

Thank you,
Ron
0 Kudos
Reply
5 REPLIES 5
RBrown_1
Trusted Contributor

тАО03-04-2010 08:41 AM

тАО03-04-2010 08:41 AM

Re: SFTP from OpenVMS Alpha V8.3 to Windows 2003 Server r2

>>>>>
$ dir/prot IDENTIFICATION.;1

Directory DSA999:[SMTOOLS.SSH2]

IDENTIFICATION.;1 (RWED,RWED,RWED,RWED)

Total of 1 file.
<<<<<

Nobody should confuse me with someone who knows anything about this, but I recall on our RedHat system that some of the ssh files had to be protected so that only the owner could read them. Having your private key world-readable seems inadvisable, and ssh et al might be protecting you from yourself.

On the other hand:

>>>>>
$ sftp HOLLAND@SFTP1.NEUCG.NET
warning: Could not read private key /DSA999/smtools/ssh2/HOLLAND-SFTP1_NEUCG_NET
<<<<<

This complains that it could not read the private key.

>>>>>
$ type AUTHORIZATION.;1
...
KEY HOLLAND-SFTP1_NEUCG_NET.PUB
<<<<<

One might think that the name implies that this is a public key.

0 Kudos
Reply
Steven Schweda
Honored Contributor

тАО03-04-2010 08:48 AM

тАО03-04-2010 08:48 AM

Re: SFTP from OpenVMS Alpha V8.3 to Windows 2003 Server r2

> $ ssh2 -v

You mean:
ssh2 "-V"
?

> $ sftp HOLLAND@SFTP1.NEUCG.NET
> warning: Could not read private key /DSA999/smtools/ssh2/HOLLAND-SFTP1_NEUCG_NET

It's apparently looking for
"[.SSH2]HOLLAND-SFTP1_NEUCG_NET.", so if all
you have is "HOLLAND-SFTP1_NEUCG_NET.PUB",
it'll be disappointed.

Generally, the client keeps the private key
("xxx."), and puts the public key ("xxx.pub")
on the (remote) server.

I've only ever seen one "IdKey" entry in
"[.SSH2]IDENTIFICATION". I gather that it's
using the last one in there. Possibly it's
clever, and it's using the host name to
guess the key file name, but I don't know
that it's that clever.

There's probably some nearly easy way to
specify a particular key from the SFTP2
command line. (Plain SSH2 has "-i". SFTP2
might need a "-o something".)

Which key were you expecting to use? (And
how would SFTP2 know that?)
0 Kudos
Reply
Hoff
Honored Contributor

тАО03-04-2010 08:48 AM

тАО03-04-2010 08:48 AM

Re: SFTP from OpenVMS Alpha V8.3 to Windows 2003 Server r2

For this ssh and sftp stuff to work, there is typically a private key on the local (client) box, and a public key stored on the (server) remote box.

The HOLLAND-SFTP1_NEUCG_NET.PUB file is a public key.

The ssh client diagnostic is pointing to:

DSA999:[smtools.ssh2]HOLLAND-SFTP1_NEUCG_NET.

The first line of a private key file is usually some variation of:

---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----

Does that file containing that private key exist, and is it protected appropriately and owned appropriately for a private key? (Usually (RWED,RWED,,) for that user's UIC.)

And in all seriousness and without intending snark: please read the ssh manual in the OpenVMS documentation set. Setting up stuff like ssh or various of the other recent packages and products is complex enough and involved enough that it's quite difficult to "wing it".
0 Kudos
Reply
Steven Schweda
Honored Contributor

тАО03-04-2010 08:59 AM

тАО03-04-2010 08:59 AM

Re: SFTP from OpenVMS Alpha V8.3 to Windows 2003 Server r2

> [...] "-o something".)

My guess:

-o IdentityFile id_xxx

(probably with some kind of quotation), where
"[.ssh2]id_xxx" looks like:

IdKey name_of_private_key_file

and there exists a private key file named
"[.ssh2]name_of_private_key_file.".

But I haven't tried it.

The documentation seems to be pretty poor,
but
TCPIP$SSH_DEVICE:[TCPIP$SSH.SSH2]SSH2_CONFIG.
seems to supply a decent list of client
option names.
0 Kudos
Reply
Ronald Russik
Occasional Advisor

тАО03-04-2010 12:05 PM

тАО03-04-2010 12:05 PM

Re: SFTP from OpenVMS Alpha V8.3 to Windows 2003 Server r2

Good Afternoon All,

Thank you all for your help in this matter. After reading more in depth the TCPIP manual and using the ("-D 1") for the SFTP command I was able to determine that the private key file contained the wrong key information. The key was created on the host system but they somehow did not have the server public key.

Again thank you,
Ron
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.