HPE Community
Operating System - HP-UX
1753731 Members
4745 Online
108799 Solutions
New Discussion

Re: sftp authentication using private key passphrase prompt

 
SOLVED
Go to solution
Paul Maglinger
Regular Advisor

‎08-22-2011 09:06 AM

‎08-22-2011 09:06 AM

sftp authentication using private key passphrase prompt

Running HP-UX 11.23

 

This vendor that we are dealing with is wanting us to use sftp authentication from a HP-UX client based on a private key generated by PuttyGen on a Windows workstation.  I was able to get this to work after converting that key to OpenSSH and by using:

 

# sftp -o IdentityFile=~/.ssh/filename username@sftp-site.website.com 22

 

but after running this command I then get prompted for the passphrase each time.  After entering the passphrase I am then allowed in.  Does anyone have any suggestions on why it continues to ask for the passphrase?  If there is not a way around it, is there a way to automate the entering of the passphrase?  Google searches came up with suggestions of using a 3rd-party solution like keychain.  I didn't see any other options.  A -v in the command line gives me:

 

(systemname:user)[/user01/user] sftp -o IdentityFile=~/.ssh/filename username@sftp-site.website.com 22

Connecting to sftp-site.website.com...

OpenSSH_4.5p1+sftpfilecontrol-v1.1-hpn12v14, OpenSSL 0.9.7l 28 Sep 2006

HP-UX Secure Shell-A.04.50.021, HP-UX Secure Shell version

debug1: Reading configuration data /opt/ssh/etc/ssh_config

debug1: Connecting to sftp-site.website.com [###.###.###.###] port 22.

debug1: Connection established.

debug1: identity file /user01/user/.ssh/filename type -1

debug1: Remote protocol version 2.0, remote software version OpenSSH_5.4p1+sftpfilecontrol-v1.3

debug1: match: OpenSSH_5.4p1+sftpfilecontrol-v1.3 pat OpenSSH*

debug1: Remote is NON-HPN aware

debug1: Enabling compatibility mode for protocol 2.0

debug1: Local version string SSH-2.0-OpenSSH_4.5p1+sftpfilecontrol-v1.1-hpn12v14

debug1: SSH2_MSG_KEXINIT sent

debug1: SSH2_MSG_KEXINIT received

debug1: kex: server->client aes128-cbc hmac-md5 none

debug1: kex: client->server aes128-cbc hmac-md5 none

debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP

debug1: SSH2_MSG_KEX_DH_GEX_INIT sent

debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY

debug1: Host 'sftp-site.website.com' is known and matches the RSA host key.

debug1: Found key in /user01/user/.ssh/known_hosts:33

debug1: ssh_rsa_verify: signature correct

debug1: SSH2_MSG_NEWKEYS sent

debug1: expecting SSH2_MSG_NEWKEYS

debug1: SSH2_MSG_NEWKEYS received

debug1: SSH2_MSG_SERVICE_REQUEST sent

debug1: SSH2_MSG_SERVICE_ACCEPT received

debug1: Authentications that can continue: publickey,password

debug1: Next authentication method: publickey

debug1: Trying private key: /user01/user/.ssh/filename

debug1: PEM_read_PrivateKey failed

debug1: read PEM private key done: type <unknown>

Enter passphrase for key '/user01/user/.ssh/filename':

debug1: read PEM private key done: type RSA

debug1: Authentication succeeded (publickey).

debug1: Final hpn_buffer_size = 131072

debug1: channel 0: new [client-session]

debug1: Entering interactive session.

debug1: Sending subsystem: sftp

sftp>

0 Kudos
Reply
4 REPLIES 4
Steven Schweda
Honored Contributor

‎08-22-2011 09:29 AM

‎08-22-2011 09:29 AM

Re: sftp authentication using private key passphrase prompt

 
0 Kudos
Reply
Paul Maglinger
Regular Advisor

‎08-22-2011 10:27 AM

‎08-22-2011 10:27 AM

Re: sftp authentication using private key passphrase prompt

This method wasn't my idea at all.  The vendor came up with it.  I'm just trying to make it work with the least user intervention.

0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

‎08-22-2011 11:38 AM - edited ‎08-22-2011 11:39 AM

‎08-22-2011 11:38 AM - edited ‎08-22-2011 11:39 AM

Solution

Re: sftp authentication using private key passphrase prompt

>Does anyone have any suggestions on why it continues to ask for the passphrase?

 

Because you are missing some documentation about how ssh passphrases work.

 

You have to cache the passphrase with ssh-agent and ssh-add:

http://h30499.www3.hp.com/t5/System-Administration/ssh-without-password/m-p/4318471

http://h30499.www3.hp.com/t5/System-Administration/Help-me-with-passwordless-login/m-p/4188573

 

So if the agent terminates, you'll have to start the agent all over.

Reply
Paul Maglinger
Regular Advisor

‎08-22-2011 12:36 PM

‎08-22-2011 12:36 PM

Re: sftp authentication using private key passphrase prompt

After posting the issue I was having with the vendor's tracking system, they decided to go ahead with using the public key generated by the originating server.   As you might well guess, it is working now without password or passphrase prompts.  Thank you all for your time.  i appreciate the feedback.

0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.