- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: sftp authentication using private key passphra...
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-22-2011 09:06 AM
08-22-2011 09:06 AM
Running HP-UX 11.23
This vendor that we are dealing with is wanting us to use sftp authentication from a HP-UX client based on a private key generated by PuttyGen on a Windows workstation. I was able to get this to work after converting that key to OpenSSH and by using:
# sftp -o IdentityFile=~/.ssh/filename username@sftp-site.website.com 22
but after running this command I then get prompted for the passphrase each time. After entering the passphrase I am then allowed in. Does anyone have any suggestions on why it continues to ask for the passphrase? If there is not a way around it, is there a way to automate the entering of the passphrase? Google searches came up with suggestions of using a 3rd-party solution like keychain. I didn't see any other options. A -v in the command line gives me:
(systemname:user)[/user01/user] sftp -o IdentityFile=~/.ssh/filename username@sftp-site.website.com 22
Connecting to sftp-site.website.com...
OpenSSH_4.5p1+sftpfilecontrol-v1.1-hpn12v14, OpenSSL 0.9.7l 28 Sep 2006
HP-UX Secure Shell-A.04.50.021, HP-UX Secure Shell version
debug1: Reading configuration data /opt/ssh/etc/ssh_config
debug1: Connecting to sftp-site.website.com [###.###.###.###] port 22.
debug1: Connection established.
debug1: identity file /user01/user/.ssh/filename type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.4p1+sftpfilecontrol-v1.3
debug1: match: OpenSSH_5.4p1+sftpfilecontrol-v1.3 pat OpenSSH*
debug1: Remote is NON-HPN aware
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_4.5p1+sftpfilecontrol-v1.1-hpn12v14
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'sftp-site.website.com' is known and matches the RSA host key.
debug1: Found key in /user01/user/.ssh/known_hosts:33
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password
debug1: Next authentication method: publickey
debug1: Trying private key: /user01/user/.ssh/filename
debug1: PEM_read_PrivateKey failed
debug1: read PEM private key done: type <unknown>
Enter passphrase for key '/user01/user/.ssh/filename':
debug1: read PEM private key done: type RSA
debug1: Authentication succeeded (publickey).
debug1: Final hpn_buffer_size = 131072
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: Sending subsystem: sftp
sftp>
Solved! Go to Solution.
- Tags:
- sftp
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-22-2011 09:29 AM
08-22-2011 09:29 AM
Re: sftp authentication using private key passphrase prompt
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-22-2011 10:27 AM
08-22-2011 10:27 AM
Re: sftp authentication using private key passphrase prompt
This method wasn't my idea at all. The vendor came up with it. I'm just trying to make it work with the least user intervention.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-22-2011 11:38 AM - edited 08-22-2011 11:39 AM
08-22-2011 11:38 AM - edited 08-22-2011 11:39 AM
Solution>Does anyone have any suggestions on why it continues to ask for the passphrase?
Because you are missing some documentation about how ssh passphrases work.
You have to cache the passphrase with ssh-agent and ssh-add:
http://h30499.www3.hp.com/t5/System-Administration/ssh-without-password/m-p/4318471
http://h30499.www3.hp.com/t5/System-Administration/Help-me-with-passwordless-login/m-p/4188573
So if the agent terminates, you'll have to start the agent all over.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-22-2011 12:36 PM
08-22-2011 12:36 PM
Re: sftp authentication using private key passphrase prompt
After posting the issue I was having with the vendor's tracking system, they decided to go ahead with using the public key generated by the originating server. As you might well guess, it is working now without password or passphrase prompts. Thank you all for your time. i appreciate the feedback.