Re: SFTP setup on openVMS question

SAMI AHMAD · ‎11-19-2008

hi I am trying to setup sftp connection between openVMS alpha 7.3-2 and windows 2003. I am freeSSHD on windows.
The sftp works fine in interactive mode but I cant get it to work as batch.
The thing i am missing is how to copy the key from vms client to the windows machine!

SUNNY2$ sftp dotstosunpassdb
oracle@dotstosunpassdb's password:
sftp> put wc.com
wc.com | 18B | 0.0 kB/s | TOC: 00:00:01 | 100%
sftp>

SUNNY2$ sftp "-B" "BF.FTP" oracle@dotstosunpassdb
warning: Authentication failed.
Disconnected; no more authentication methods available (No further authentication methods available.).
FATAL: ssh2 client failed to authenticate. (or you have too old ssh2 installed, check with ssh2 "-V")

Steven Schweda · ‎11-19-2008

> The sftp works fine in interactive mode but
> I cant get it to work as batch.

> oracle@dotstosunpassdb's password:

It appears to me that you're using password
authentication when you run it interactively.
Did you really expect that to work in batch
mode?

> The thing i am missing is how to copy the
> key from vms client to the windows machine!

Where did you make the key files? I assume
that anything named "freeSSHD" would expect
key files in OpenSSH format, which differs
from the format used by the VMS TCPIP
software. There must be very many old Forum
discussions involving the required format
conversion. Many non-TCPIP ssh-keygen
programs offer more key conversion options
than the TCPIP. I don't know what freeSSH
can do,

SAMI AHMAD · ‎11-19-2008

are you saying that public key generated on openVMS needs to be converted to be used on windows ? if thats the case then can someone tell me that utility n how to use it?

SAMI AHMAD · ‎11-19-2008

also i get this msg when i try to connect saying its creating a file key_22_dotstosunpassdb.pub but in reality this file does not exist ..

SUNNY2$ sftp "-B" "-BF.FTP" dotstosunpassdb
Host key saved to ssh2/hostkeys/key_22_dotstosunpassdb.pub
host key for dotstosunpassdb, accepted by oracle Thu Nov 20 2008 03:28:53
warning: Authentication failed.

Thomas Ritter · ‎11-19-2008

Sami, spend some time reading these threads and you'll get the general idea. Yes the key format needs to be converted.

http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1281433

http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1270551

http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1259701

SAMI AHMAD · ‎11-19-2008

ok while i read these can you please tell me why I am getting this msg , and why is it showing the directory structure as unix style..is it normal ? where is he saving the key?

Host key saved to ssh2/hostkeys/key_22_dotstosunpassdb.pub

SAMI AHMAD · ‎11-19-2008

I think my ssh configuration is not good ..I dont have any IDENTIFICATION file and also ssh cant find the ssh2_config file.

SUNNY2$ ssh -v
debug(20-NOV-2008 00:13:35.09): Ssh2/SSH2.C:1894: CRTL version (SYS$SHARE:DECC$SHR.EXE ident) is V7.3-2-03
debug(20-NOV-2008 00:13:35.09): SshAppCommon/SSHAPPCOMMON.C:313: Allocating global SshRegex context.
debug(20-NOV-2008 00:13:35.10): SshConfig/SSHCONFIG.C:3338: Metaconfig parsing stopped at line 4.
debug(20-NOV-2008 00:13:35.10): SshConfig/SSHCONFIG.C:855: Setting variable 'VerboseMode' to 'TRUE'.
debug(20-NOV-2008 00:13:35.11): SshConfig/SSHCONFIG.C:3246: Unable to open ssh2/ssh2_config
Type $1$dga1001:[sys0.syscommon.][sysexe]tcpip$ssh_ssh2.exe -h for help.

SAMI AHMAD · ‎11-19-2008

here is the versbose output of the ssh attempt :

SUNNY2$ ssh oracle@dotstosunpassdb ls
debug(20-NOV-2008 00:19:10.05): Connecting to dotstosunpassdb, port 22... (SOCKS not used)
debug(20-NOV-2008 00:19:10.05): Ssh2/SSH2.C:2860: Entering event loop.
debug(20-NOV-2008 00:19:10.07): Ssh2Client/SSHCLIENT.C:1609: Creating transport protocol.
debug(20-NOV-2008 00:19:10.07): SshAuthMethodClient/SSHAUTHMETHODC.C:95: Added "publickey" to usable methods.
debug(20-NOV-2008 00:19:10.07): SshAuthMethodClient/SSHAUTHMETHODC.C:95: Added "keyboard-interactive" to usable methods.
debug(20-NOV-2008 00:19:10.07): SshAuthMethodClient/SSHAUTHMETHODC.C:95: Added "password" to usable methods.
debug(20-NOV-2008 00:19:10.07): Ssh2Client/SSHCLIENT.C:1650: Creating userauth protocol.
debug(20-NOV-2008 00:19:10.07): client supports 3 auth methods: 'publickey,keyboard-interactive,password'
debug(20-NOV-2008 00:19:10.07): SshUnixTcp/SSHUNIXTCP.C:1683: using local hostname SUNNY2.to.dot.state.fl.us
debug(20-NOV-2008 00:19:10.07): Ssh2Common/SSHCOMMON.C:541: local ip = 156.75.155.40, local port = 62106
debug(20-NOV-2008 00:19:10.07): Ssh2Common/SSHCOMMON.C:543: remote ip = 10.100.34.190, remote port = 22
debug(20-NOV-2008 00:19:10.08): SshConnection/SSHCONN.C:2311: Wrapping...
debug(20-NOV-2008 00:19:10.08): SshReadLine/SSHREADLINE.C:3662: Initializing ReadLine...
debug(20-NOV-2008 00:19:10.08): Remote version: SSH-2.0-WeOnlyDo 2.0.6
debug(20-NOV-2008 00:19:10.09): Ssh2Transport/TRCOMMON.C:1105: Sending packet with type 2 to connection
debug(20-NOV-2008 00:19:10.09): Ssh2Transport/TRCOMMON.C:1105: Sending packet with type 20 to connection
debug(20-NOV-2008 00:19:10.09): Ssh2Transport/TRCOMMON.C:1105: Sending packet with type 2 to connection
debug(20-NOV-2008 00:19:10.09): Ssh2Transport/TRCOMMON.C:1105: Sending packet with type 30 to connection
debug(20-NOV-2008 00:19:10.09): Ssh2Transport/TRCOMMON.C:2306: lang s to c: `', lang c to s: `'
debug(20-NOV-2008 00:19:10.09): Ssh2Transport/TRCOMMON.C:2371: c_to_s: cipher aes128-cbc, mac hmac-sha1, compression none
debug(20-NOV-2008 00:19:10.09): Ssh2Transport/TRCOMMON.C:2374: s_to_c: cipher aes128-cbc, mac hmac-sha1, compression none
debug(20-NOV-2008 00:19:10.10): Ssh2Transport/TRCOMMON.C:1105: Sending packet with type 2 to connection
debug(20-NOV-2008 00:19:10.10): Ssh2Transport/TRCOMMON.C:1105: Sending packet with type 30 to connection
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the host key has just been changed.
Please contact your system administrator.
Add correct host key to "ssh2/hostkeys/key_22_dotstosunpassdb.pub"
(or remove the keyfile, and connect again.)
Received server key's fingerprint:
xofob-fogam-kebip-hiruz-cikiz-nepoc-mytoh-sotuh-labov-zygev-lixax
You can get a public key's fingerprint by running
$ ssh_keygen "-F" publickey.pub
on the keyfile.
Agent forwarding is disabled to avoid attacks by corrupted servers.
X11 forwarding is disabled to avoid attacks by corrupted servers.
debug(20-NOV-2008 00:19:10.24): Ssh2Transport/TRCOMMON.C:1105: Sending packet with type 2 to connection
debug(20-NOV-2008 00:19:10.24): Ssh2Transport/TRCOMMON.C:1105: Sending packet with type 21 to connection
debug(20-NOV-2008 00:19:10.24): Ssh2Transport/TRCOMMON.C:1105: Sending packet with type 2 to connection
debug(20-NOV-2008 00:19:10.24): Ssh2Transport/TRCOMMON.C:1105: Sending packet with type 5 to connection
debug(20-NOV-2008 00:19:10.25): Ssh2Transport/TRCOMMON.C:1105: Sending packet with type 2 to connection
debug(20-NOV-2008 00:19:10.25): Ssh2Transport/TRCOMMON.C:1105: Sending packet with type 50 to connection
debug(20-NOV-2008 00:19:10.25): Ssh2Common/SSHCOMMON.C:342: Received SSH_CROSS_STARTUP packet from connection protocol.
debug(20-NOV-2008 00:19:10.25): Ssh2Common/SSHCOMMON.C:392: Received SSH_CROSS_ALGORITHMS packet from connection protocol.
debug(20-NOV-2008 00:19:10.25): server offers auth methods 'password,publickey'.
debug(20-NOV-2008 00:19:10.26): SshConfig/SSHCONFIG.C:3246: Unable to open ssh2/identification
debug(20-NOV-2008 00:19:10.30): Ssh2AuthClient/SSHAUTHC.C:366: Method 'publickey' disabled.
debug(20-NOV-2008 00:19:10.30): Ssh2Transport/TRCOMMON.C:1105: Sending packet with type 2 to connection
debug(20-NOV-2008 00:19:10.30): Ssh2Transport/TRCOMMON.C:1105: Sending packet with type 50 to connection
debug(20-NOV-2008 00:19:10.30): server offers auth methods 'password,publickey'.
oracle's password: 0:19:10.30): Ssh2AuthPasswdClient/AUTHC-PASSWD.C:280: Starting password query...

debug(20-NOV-2008 00:19:19.12): Ssh2Transport/TRCOMMON.C:1105: Sending packet with type 2 to connection
debug(20-NOV-2008 00:19:19.12): Ssh2Transport/TRCOMMON.C:1105: Sending packet with type 50 to connection
debug(20-NOV-2008 00:19:19.13): server offers auth methods 'password,publickey'.
oracle's password: 0:19:19.13): Ssh2AuthPasswdClient/AUTHC-PASSWD.C:280: Starting password query...

debug(20-NOV-2008 00:19:21.06): Ssh2Transport/TRCOMMON.C:1105: Sending packet with type 2 to connection
debug(20-NOV-2008 00:19:21.06): Ssh2Transport/TRCOMMON.C:1105: Sending packet with type 50 to connection
debug(20-NOV-2008 00:19:21.07): server offers auth methods 'password,publickey'.
oracle's password: 0:19:21.07): Ssh2AuthPasswdClient/AUTHC-PASSWD.C:280: Starting password query...

debug(20-NOV-2008 00:19:21.59): Ssh2Transport/TRCOMMON.C:1105: Sending packet with type 2 to connection
debug(20-NOV-2008 00:19:21.59): Ssh2Transport/TRCOMMON.C:1105: Sending packet with type 50 to connection
debug(20-NOV-2008 00:19:21.60): Ssh2Common/SSHCOMMON.C:180: DISCONNECT received: Too many attempts.
debug(20-NOV-2008 00:19:21.60): SshReadLine/SSHREADLINE.C:3728: Uninitializing ReadLine...
warning: Authentication failed.
debug(20-NOV-2008 00:19:21.60): Ssh2/SSH2.C:320: locally_generated = FALSE
Disconnected; protocol error (Too many attempts.).
debug(20-NOV-2008 00:19:21.60): Ssh2Client/SSHCLIENT.C:1685: Destroying client.
debug(20-NOV-2008 00:19:21.60): SshConfig/SSHCONFIG.C:2794: Freeing pki. (host_pki != NULL, user_pki = NULL)
debug(20-NOV-2008 00:19:21.60): SshConnection/SSHCONN.C:2363: Destroying SshConn object.
debug(20-NOV-2008 00:19:21.60): Ssh2Client/SSHCLIENT.C:1753: Destroying client completed.
debug(20-NOV-2008 00:19:21.60): SshAuthMethodClient/SSHAUTHMETHODC.C:100: Destroying authentication method array.
debug(20-NOV-2008 00:19:21.63): SshAppCommon/SSHAPPCOMMON.C:326: Freeing global SshRegex context.
debug(20-NOV-2008 00:19:21.63): SshConfig/SSHCONFIG.C:2794: Freeing pki. (host_pki = NULL, user_pki = NULL)

SUNNY2$

Steven Schweda · ‎11-19-2008

> ok while i read these can you please tell
> me why I am getting this msg , and why is
> it showing the directory structure as unix
> style..is it normal ? where is he saving
> the key?
>
> Host key saved to
> ssh2/hostkeys/key_22_dotstosunpassdb.pub

This happens the first time you connect to
any host, when its host key is stored. It's
in UNIX form because the software was ported
from UNIX, and the CRTL can work with
UNIX-format file specs, so it was easier to
leave it that way. The file should be found
in the [.SSH2.HOSTKEYS] directory under your
SYS$LOGIN directory.

> I think my ssh configuration is not good
> [...]

http://h71000.www7.hp.com/doc/index.html
http://h71000.www7.hp.com/doc/tcpip56.html
http://h71000.www7.hp.com/doc/tcpip54.html
http://h71000.www7.hp.com/doc/732final/aa-rvbua-te/aa-rvbua-te.html

> I dont have any IDENTIFICATION file [...]

Apparently:

debug(20-NOV-2008 00:19:10.26): SshConfig/SSHCONFIG.C:3246: Unable to open ssh2/identification

You'll probably want one of those.

SAMI AHMAD · ‎11-19-2008

ok I fixed the issue of ssh_config file not being found and I generated the public/private key pair on openVMS, below are the keys ,they both say SSH2 so do I still need to convert ?

******** openVMS public key ***************

---- BEGIN SSH2 PUBLIC KEY ----
Subject: oracle
Comment: "2048-bit dsa, oracle@SUNNY2.to.dot.state.fl.us, Thu Nov 20 2\
008 06:14:49"
AAAAB3NzaC1kc3MAAAEBAPr8zUzYOjF4gOGju/6sE55iGec/tAEnXst8UMIHbsBERa0+76
TQVP417aJvAWtbhXOCAXSqUaSqqw4jJiaDX3gOYr3MakmgOc9jmYZpd7aCPFBxQsF+Knrk
uJEdf7f/4k+hSGI9Iw3TBIywkg8OgUlonO3u9MFMbiibDp2aIgwHHun6hZL9BlUsvUvhmf
4XK0tyuASA8+0SQ5yKJqMPjXnTf6eZKWIdZxy8yTpvOgMphhh95UCWbaA6Jyoy4QhHsKWE
oNqmfWIBDHWuh07ENDd+cVlanwvYnBFnLGp2t7dlUQtzuS+pzZZbUsxnmsn1mYh4ClMx0V
6/pNWVW2SVPyEAAAAVAO5eBZPS/eOXeU8T7b+A0BmfT62PAAABAQCFc/WI56QuqfX/B1WW
zPcegUg5fux09fgs62RglvYsgo30oSvdCKxZJde9Uzu9WlTJkVpPAJfEnZJK16hKwlk6lE
fTuyFvkJMSZKS/Dfm8urGfk4s/Z0vdlsWuMEkKi18QRHO+Nrn+xliH9C5H6efAzBOP0XMS
OVOokCAefptQvLNQLCZfnZrf6Rre+fZTx79DXkS+ygtLamr2T/Cv5aNjo5UISMj7pBwt+0
Vii/oR9BMYPU7J69NA7slXG2xhpSEl1bwAKVcN0SlVgYngTbcByiFVCZRFhfUKtJIBYHmL
FyzNjnbqQ+qbvqxGd4w2Pp8gLWCKevfZO7t6zKz3D/cxAAABABrkPu5ULuGFiwnF8rBZHf
VJHF2n4gFRtH2ewV9AsW6yPeju5LrvdnTSkjGWFqpwCly9gCKsWWnJAb4xmqQuKQB70ubw
x9BhkxlKcaPtOWO4VDdvjs7sZRhS1zkFzcImzm6iNirb06eLP4jhGMxmSw5wsjKiesHQZE
uAHNuXjMY5yFglfz9Cuu/9d8yMbmxlq96hPuEXdPRTpGkqIv0Vv6JE6RB2eF3rO08E0eI1
oxzv4D0zqezUSE/UmWmnQFppFD00c5GneiY+m5necsGYqLdC14OFiAtSguSIRxW6+g6d30
SNAkrqzD8DP9moA5bJbbOydaB1tDMdiM7C9oo9w6U=
---- END SSH2 PUBLIC KEY ----

********* windows public key ************

---- BEGIN SSH2 PUBLIC KEY ----
Comment: "dsa-key-20081120"
AAAAB3NzaC1kc3MAAAEAelKE19HQn+DSwBicUMNiEWwlRNKtDXuFeWtRtcI3OeCB
7tcLP00XpF/6EmOuyg1vHkrXacUKrGRhTX5tTEfWV0avDomwoVSNGuaDib8Je+F5
N8ISFDqIZGk4FDF/gFcwf6zVKAGuq9CrmHeVIAwGnA+ienxkz1t5an0A4Tc4LEnD
lAnzvOZfgkCaa4+jAWmX0HZNUJyLD3pZiGswTLQ/jjHUM5NfVEPMxBTSWCnhIuJh
N/OS4+7ZlXQErWN7R5E1fsGPqPUnO+mUf1UhRPFFCJtPQKL+9BtTbKPmyiyVdQI4
8qH5qp9kT6QsjPFItoMDFtA5Qd92njyoYTOFIqIGqwAAABUAkeEXruZ+kNrPIlIM
HSFnNVAKe3sAAAEAdNA1yvIs+BrvZ/x1ytd7TQayGGBjUFKY/HmbwBeLn1HqkQdb
Tnm3yAM2RfBwT+IoUVefZpiqsvaKzofwpFPlTJ9JtwH7H9XtVejBNvU/GfjaYIxg
Qw7DMsOhNSvFweJLZN7uMQNiAq0FBgXsxoGDjSI/j6cl1fvoykEkbg+R4WKw1PH6
kdk9DRpApcHgU7Vc/F9OHV4hgbJ4Vo4Y2mlIN+8oR9Fe10iEPYF6LNPraM4mDPxj
bRZn2U9laM7bpyjiVMtigz9cvJq3SMi9pAkv1GAymhTnxDD9Wi2vUsobq+e0hdp8
NYza7bczfJ5NvZC1rj+FmW8JbiG0MvO5Oq8McQAAAQBtWQz1R/tt4+VrFOvdRKle
KPeB1YKCvcbCQ5xSKXV5nOp2izTVSc5dCxUbXPh8GsKlqLoGAGG3YZreytRk1SS0
acrJFYD9Jhu1Mo9g3agNZLSwBMS2xW3hvMZaLQ6KxDh2VriIqRAoehVMIwAj2ZDv
fyVozo3plV+OlKWOQJz+qxZBLS76dASeByxE/Tw/d2LttUiCjdwXmG7eSbrQHpb5
JqGDHTGn8QSkWWLXBwRRpdXG341eukGTgqMlWQX4xRzjHGaBrqbhTzlusyro1yLT
WZvnT0SD7oyRLFY4989Tly83uBYvu69gOV+EZZ7U/JC1Bn4dQBOqmPIc7LD+VWyC
---- END SSH2 PUBLIC KEY ----

SAMI AHMAD · ‎11-19-2008

i checked the server log file and its saying 'client send bad key'

and on the vms client the debug shows follows:

debug(20-NOV-2008 02:00:45.93): Constructing and sending signature in publickey authentication.
debug(20-NOV-2008 02:00:45.93): Ssh2AuthPubKeyClient/AUTHC-PUBKEY.C:869: ssh_client_auth_pubkey_send_signature: reading /DISK$ORACLE
Passphrase for key "/DISK$ORACLE/ORACLE9I/ssh2/ID_DSA_2048_A" with comment "2048-bit dsa, oracle@SUNNY2.to.dot.state.fl.us, Thu Nov
20 2008 06:14:49":

debug(20-NOV-2008 02:02:18.43): Ssh2Transport/TRCOMMON.C:1105: Sending packet with type 2 to connection
debug(20-NOV-2008 02:02:18.43): Ssh2Transport/TRCOMMON.C:1105: Sending packet with type 50 to connection
debug(20-NOV-2008 02:02:18.46): server offers auth methods 'publickey'.
debug(20-NOV-2008 02:02:18.46): Ssh2AuthPubKeyClient/AUTHC-PUBKEY.C:1899: Server rejected the signature.

Steven Schweda · ‎11-20-2008

> [...] do I still need to convert ?

What does the documentation for "freeSSHD"
say?

If you make keys using the "freeSSHD" key
generator (assuming that it has one), do they
look the same as or different from the keys
made using the TCPIP key generator?

SAMI AHMAD · ‎11-20-2008

The freeSSHD doesnt have a key generator of their own they ask to use puttygen which I used. The key I have inlcuded in my previous post and if you compare it with VMS key there is one extra line at top called 'subject'.
but freeSSHD is saying 'openvms sent a bad key' .. so shouldnt we be looking into how the key is generated at the vms side and how we can make it acceptable at the windows side?

Steven Schweda · ‎11-20-2008

> The key I have inlcuded in my previous post
> [...]

Those would seem to be the public keys. I
assume that there are also private keys.

I wouldn't publish the full content of all
these key files.

> but freeSSHD is saying 'openvms sent a bad
> key' [...]

I don't know whether that means that the key
data being sent were bad, or simply that the
key data being sent don't match any key data
on the server. (I can't see very much of the
server's log file.)

SAMI AHMAD · ‎11-20-2008

I fix the problem , the Identification file was missing and protection was wrong .
there is no conversion needed between keys on vms and windows so I am not sure why so many people are talking about key conversion here, this totally threw me off track.
thanks for all your help n suggestions

Steven Schweda · ‎11-20-2008

> there is no conversion needed between keys
> on vms and windows so I am not sure why so
> many people are talking about key
> conversion here,

Probably because so many other people (using
OpenSSH) need to convert their keys. Here, I
see only one person who said that "the key
format needs to be converted", and one who
suggested that you _might_ need to convert
them. Is that "so many"?

> this totally threw me off track.

That was easy.

If the different SSH software products use
different key formats, then you need to
convert the keys. If not, then you don't.
People who know nothing about "freeSSHD on
windows" probably don't know which key format
it uses. Some, apparently, would assume that
it would match OpenSSH, which, apparently, it
doesn't. It was pretty deep into the
discussion before we got to see only one of
the "freeSSHD" key formats. Better questions
often lead to better answers.

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: SFTP setup on openVMS question

SFTP setup on openVMS question