HPE Community
Operating System - Tru64 Unix
1823113 Members
3303 Online
109646 Solutions
New Discussion юеВ

Interoperability OpenSSH Tru64-SSH

 
SOLVED
Go to solution
Leyrat
Occasional Advisor

тАО05-28-2004 02:18 AM

тАО05-28-2004 02:18 AM

Interoperability OpenSSH Tru64-SSH

Hi,
I want to exchange files by scp between a Tru64 5.1B system (using the "scp.com like" package provided by Tru64)and Linux boxes with OpenSSH. And should like to do this without password, by use of private/public keys.

Is this possible ? I have not encountered any documentation about it.
I did various tries, but I am still searching the solution to the first step of establishing a passwordless ssh login by private/public keys.
Could someone help me ?

Thanks.
0 Kudos
11 REPLIES 11
Abdul Rahiman
Esteemed Contributor

тАО05-28-2004 02:35 AM

тАО05-28-2004 02:35 AM

Re: Interoperability OpenSSH Tru64-SSH

Here is how you could setup key based authentication between the Tru64 and Linux systems.

1. Generate the public/private key pair on the Linux system using the ssh-keygen comamnd. Remember to use a null passphrase when prompted. This will create a the id_*.pub file in the .ssh or .ssh2 (depending on the SSH version) directory under user's home directory.

2. scp the *.pub file to the Tru64 user's user's /.ssh2 directory.

3. Create the "authorization" file and add the key name in the format..

Key urkeyfilename.pub

4. chmod 600 authorization

Once this is done, u should be able to do password free ssh from Tru64 system to the Linux system..

Pls. let me know if you have any questions.

No unix, no fun
0 Kudos
Ravi_8
Honored Contributor

тАО05-30-2004 08:17 PM

тАО05-30-2004 08:17 PM

Re: Interoperability OpenSSH Tru64-SSH

Hi,

the process given by Abdul should work(without askin for passwd). it's working with us.
Let's know if any problems
never give up
0 Kudos
Leyrat
Occasional Advisor

тАО05-31-2004 08:57 PM

тАО05-31-2004 08:57 PM

Re: Interoperability OpenSSH Tru64-SSH

I did the steps given by Abdul. This doesn't solve my problem.

1) ssh-keygen -t rsa with an empty passphrase

2) I can't use scp to my Tru-64 system. It fails with:
leyrat@elingue:~/.ssh$ scp id_rsa.pub leyrat@baligan.unicaen.fr:/.ssh2
leyrat@baligan.unicaen.fr's password:
scp: warning: Executing scp1.
scp: FATAL: Executing ssh1 in compatibility mode failed (Check that scp1 is in
your PATH).
lost connection

I did it with sftp which works fine.

3) create the authorization file, with one line:
Key id_rsa.pub

4) chmod 600 authorization

Then, ssh still ask for password:

leyrat@elingue:~/.ssh$ ssh -v baligan.unicaen.fr
OpenSSH_3.4p1 Debian 1:3.4p1-1.woody.3, SSH protocols 1.5/2.0, OpenSSL 0x0090603f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to baligan.unicaen.fr [195.221.176.40] port 22.
debug1: Connection established.
debug1: identity file /home/leyrat/.ssh/identity type -1
debug1: identity file /home/leyrat/.ssh/id_rsa type 1
debug1: identity file /home/leyrat/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version 3.2.0 SSH Secure Shell Tru64 UNIX
debug1: no match: 3.2.0 SSH Secure Shell Tru64 UNIX
Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1.woody.3
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: dh_gen_key: priv key bits set: 114/256
debug1: bits set: 520/1024
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug1: Host 'baligan.unicaen.fr' is known and matches the DSA host key.
debug1: Found key in /home/leyrat/.ssh/known_hosts:3
debug1: bits set: 518/1024
debug1: ssh_dss_verify: signature correct
debug1: kex_derive_keys
debug1: newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: waiting for SSH2_MSG_NEWKEYS
debug1: newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: done: ssh_kex2.
debug1: send SSH2_MSG_SERVICE_REQUEST
debug1: service_accept: ssh-userauth
debug1: got SSH2_MSG_SERVICE_ACCEPT
debug1: authentications that can continue: publickey,password
debug1: next auth method to try is publickey
debug1: try privkey: /home/leyrat/.ssh/identity
debug1: try pubkey: /home/leyrat/.ssh/id_rsa
debug1: authentications that can continue: publickey,password
debug1: try privkey: /home/leyrat/.ssh/id_dsa
debug1: next auth method to try is password
leyrat@baligan.unicaen.fr's password:


I tried between another (Redhat) Linux with OpenSSH-3.5p1 and another Tru64 (3.2.0 SSH), with the same result. Thanks for your help.
0 Kudos
Abdul Rahiman
Esteemed Contributor

тАО06-01-2004 05:21 AM

тАО06-01-2004 05:21 AM

Solution

Re: Interoperability OpenSSH Tru64-SSH

Leyrat,

For the SSH to work, you may want to convert the public key on the Linux bosx to SSH format by doing the followng command,
ssh-keygen -e
Copy-paste the ouput of this command on the key file named in the "authorization file" on the Tru64 box's .ssh directory.

I think there are some issues with scp b/w openSSH and SSH ..
here is some pointers from google,
http://www.google.com/search?hl=en&ie=UTF-8&q=scp%3A+warning%3A+Executing+scp1&btnG=Google+Search

Let me know if this works,
Abdul.
No unix, no fun
Leyrat
Occasional Advisor

тАО06-01-2004 07:47 PM

тАО06-01-2004 07:47 PM

Re: Interoperability OpenSSH Tru64-SSH

Thank you very much Abdul,
I missed the ssh-keygen -e
Since I did it, ssh without password works fine.

I have now to solve the problem of Tru64 scp.

Thanks again.
0 Kudos
Louis Bouchard
Occasional Advisor

тАО06-02-2004 01:34 AM

тАО06-02-2004 01:34 AM

Re: Interoperability OpenSSH Tru64-SSH

Hello,

Regarding the use of 'scp' from Linux (OpenSSH) to Tru64 UNIX (SSH Inc), it will not be possible without installing OpenSSH (maybe only OpenSSH's scp) locally on your Tru64 system.

This note gives more details about the matter :

http://groups.google.com/groups?q=g:thl3202770764d&dq=&hl=en&lr=&ie=UTF-8&selm=985n8m%2427jj%241%40FreeBSD.csie.NCTU.edu.tw

The suggestion in this posting is to use the batch mode of sftp or to use OpenSSH's version of scp.

I tested sftp's batch mode but hot OpenSSH's scp.

Hope it helps,

...Louis
Leyrat
Occasional Advisor

тАО06-02-2004 02:29 AM

тАО06-02-2004 02:29 AM

Re: Interoperability OpenSSH Tru64-SSH

hello,

I tried sftp as suggested by Louis. It is convenient for my needs.
And I found at the link http://www.batterton.net/archives/000006.html
the suggestion of using tar over ssh for file/directory transfer, which works too.

So, my problem is solved.
Thanks to everyone.

Jacques
0 Kudos
Sergio2006
New Member

тАО01-17-2006 09:24 AM

тАО01-17-2006 09:24 AM

Re: Interoperability OpenSSH Tru64-SSH

Hi all. This is a related question regarding how to passwordless Tru63 and OpenSSH. In the last weeks we have been struggling against this problem and all trials have failed so far. We really appreciate any help on this matter.

Here is our cluster setup :

Masternode is an Alpha running SSH2 (Tru64 3.2.0).

All nodes are running linux (some RH8, others Fedora 4) and their setup is to use OpenSSH.
They are successfully running OpenSSH without passwords so far.

This cluster uses NFS therefore all machines
are able to access each other (ie, folders .ssh and .ssh2 are visible everywhere).

Here is what I did so far :

a. Run 'ssh-keygen -t rsa' on linux boxes to generate public/private keys. Passphare was empty. Two files were created : id_rsa and id_rsa.pub.

b. Copied id_rsa.pub to masternode/.ssh2
I created an authorization file with one
line : key id_rsa.pub

c. chmod 600 authorization

From the masternode I tried SSH one of the
nodes but it keeps asking the password.
Then I tried to use "ssh-keygen -e" hint but it did not work.

Here is what I get when running "ssh -v elf1" from masternode dasher :

[dasher/user/user1]$ ssh -v elf1
debug: SshAppCommon/sshappcommon.c:185: Allocating global SshRegex context.
debug: SshConfig/sshconfig.c:2795: Version not found on first line, assuming configuration to be old style.
debug: SshConfig/sshconfig.c:646: Setting variable 'VerboseMode' to 'FALSE'.
debug: SshConfig/sshconfig.c:2737: Unable to open /user/user1/.ssh2/ssh2_config
debug: Connecting to elf1, port 22... (SOCKS not used)
debug: Ssh2/ssh2.c:2332: Entering event loop.
debug: Ssh2Client/sshclient.c:1452: Creating transport protocol.
debug: SshAuthMethodClient/sshauthmethodc.c:95: Added "publickey" to usable methods.
debug: SshAuthMethodClient/sshauthmethodc.c:95: Added "password" to usable methods.
debug: Ssh2Client/sshclient.c:1493: Creating userauth protocol.
debug: client supports 2 auth methods: 'publickey,password'
debug: SshUnixTcp/sshunixtcp.c:1227: using local hostname dasher.wustl.edu
debug: Ssh2Common/sshcommon.c:541: local ip = 192.168.1.1, local port = 46473
debug: Ssh2Common/sshcommon.c:543: remote ip = 192.168.1.101, remote port = 22
debug: SshConnection/sshconn.c:1957: Wrapping...
debug: SshReadLine/sshreadline.c:3388: Initializing ReadLine...
debug: Remote version: SSH-1.99-OpenSSH_3.4p1
debug: OpenSSH: Major: 3 Minor: 4 Revision: 0
debug: Ssh2Transport/trcommon.c:1530: All versions of OpenSSH handle kex guesses incorrectly.
debug: Ssh2Transport/trcommon.c:1913: lang s to c: `', lang c to s: `'
debug: Ssh2Transport/trcommon.c:1978: c_to_s: cipher aes128-cbc, mac hmac-sha1, compression none
debug: Ssh2Transport/trcommon.c:1981: s_to_c: cipher aes128-cbc, mac hmac-sha1, compression none
debug: Remote host key found from database.
debug: Ssh2Common/sshcommon.c:342: Received SSH_CROSS_STARTUP packet from connection protocol.
debug: Ssh2Common/sshcommon.c:392: Received SSH_CROSS_ALGORITHMS packet from connection protocol.
debug: server offers auth methods 'publickey,password,keyboard-interactive'.
debug: Ssh2AuthClient/sshauthc.c:330: Method 'publickey' disabled.
debug: server offers auth methods 'publickey,password,keyboard-interactive'.
debug: Ssh2AuthPasswdClient/authc-passwd.c:117: Starting password query...
user1's password:


Thank you,

Sergio
0 Kudos
Nuno Ricardo Carvalho
Occasional Advisor

тАО06-11-2006 10:28 PM

тАО06-11-2006 10:28 PM

Re: Interoperability OpenSSH Tru64-SSH

I belive the ssh-keygen -e should be run on the Linux box and then copied to the Tru64 box. This Works fine.

I also have a problem, I need to get the open-ssh keys converted to corporate-ssh ( @ Tru64 ). Anyone has a clue how to do it?

Regards all.
0 Kudos
John Peery
New Member

тАО10-25-2006 11:05 AM

тАО10-25-2006 11:05 AM

Re: Interoperability OpenSSH Tru64-SSH

Here is how we resolved this issue:

1) Obtain compiled copies of the below OpenSSH files (latest version or whatever your pleasure).

2) zlib can be obtained from the Tru64 Open Source Software Collection for HP Tru64 Unix Disc 1 of 2.

3) Download OpenSSH from openssh.com and compile it on a Tru64 System (if you don't have it compiled already) to get the scp and ssh binaries.

4) Place a copy of the following (compiled for Tru64) on the Tru64 System in the directories specified:

/usr/local/bin/ssh
/usr/local/bin/scp
/usr/local/include/zconf.h
/usr/local/include/zlib.h
/usr/local/lib/libz.a
/usr/local/lib/libz.so
/usr/local/lib/libz.so.1
/usr/local/lib/libz.so.1.1.4

(Note: /usr/local/lib will need to be in the $PATH if it was removed.)

5) Create the following link:

ln -s /usr/local/bin/scp /bin/scp1

That should do the trick.

This will allow the Tru64 default install of SSH2 to conintue working without problems while allowing for Systems running OpenSSH to transfer files using SCP.

Also, no configuration beyond what is specified above is needed.
0 Kudos
John Peery
New Member

тАО12-04-2006 08:50 AM

тАО12-04-2006 08:50 AM

Re: Interoperability OpenSSH Tru64-SSH

The only other thing that might require modification are the file/directory permissions for the above mentioned files/directories.

Just make sure that the permissions are configured accordingly to allow the users/groups access as needed.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.