?
Solved

Setting up SFTP between two HPUX servers

Posted on 2005-04-12
4
Medium Priority
?
13,840 Views
Last Modified: 2013-12-16
I am trying to setup an SFTP connection between two HPUX servers that authenticates using a public key.  I used the following command to geneerate the key pair and entered a passphrase:
ssh-keygen -t dsa -f test_key

Output:
Your identification has been saved in test_key.
Your public key has been saved in test_key.pub.
The key fingerprint is:
68:a2:60:e4:47:29:d6:0f:f4:98:8f:08:bc:24:6d:20 myuserid@serverA

I then copied the test_key.pub file to ~myuserid/.ssh on serverB and appended it to authorized_keys.
On serverA:
ls ~myuserid/.ssh
test_key
test_key.pub
known_hosts

On serverB:
ls ~myuserid/.ssh
test_key.pub
authorized_keys

From serverA I ranthe following command to connect to serverB using sftp:
sftp -v -oIdentityFile=~/.ssh/test_key myuserid@serverB

Output:
Connecting to serverB...
OpenSSH_3.9, OpenSSL 0.9.7d 17 Mar 2004
HP-UX Secure Shell-A.03.91.002, HP-UX Secure Shell version
debug1: Reading configuration data /opt/ssh/etc/ssh_config
debug1: Connecting to serverB [xxx.xx.xx.xxx] port 22.
debug1: Connection established.
debug1: identity file /usr/relids/myuserid/.ssh/test_key type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_3.9
debug1: match: OpenSSH_3.9 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'serverB' is known and matches the RSA host key.
debug1: Found key in /usr/relids/myuserid/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /usr/relids/myuserid/.ssh/test_key
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: keyboard-interactive
Password:  (I enter my password here)
debug1: Authentication succeeded (keyboard-interactive).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: channel 0: free: client-session, nchannels 1
debug1: fd 0 clearing O_NONBLOCK
debug1: fd 1 clearing O_NONBLOCK
Connection to serverB closed by remote host.
debug1: Transferred: stdin 0, stdout 0, stderr 45 bytes in 0.0 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 1401.6
debug1: Exit status -1
Connection closed

Here is the output from the syslog on serverB:
serverB sshd[20819]: Authentication refused: bad ownership or modes for directory /usr/relids/myuserid/.ssh
serverB sshd[20819]: Accepted keyboard-interactive/pam for myuserid from xxx.xx.xx.xxx port 59109 ssh2

There are two problems here, first it prompts for a password and doesn't authenticate with the public key (this is my main problem).  Second, when I do type my password the connection is closed.  As I said earlier my goal is to connect using the public key to authenticate, however I am also interested as to why this connection is dropping.  My thought is I am missing something small and trivial but cannot figure out what it is, any help would be appreciated.

Thanks
0
Comment
Question by:edumgt
  • 3
4 Comments
 
LVL 21

Accepted Solution

by:
tfewster earned 500 total points
ID: 13767025
/usr/relids/myuserid/.ssh should be owned by "myuserid" and not have write permission for group or other; That's probably why the key method fails and you have to enter a password. However, I don't know why the connection drops out anyway...

ls -ld .ssh
drwxr-xr-x   2 myuserid     staff        512 Sep 17  2003 .ssh
0
 

Author Comment

by:edumgt
ID: 13772797
I changed the perms on the .ssh directories and I'm still being prompted for a password.  I have the following perms on the files within the directories:

ls -l ~/.ssh/ on serverA
-rw-------   1 myuserid common         736 Apr 12 11:37 test_key
-rw-r--r--   1 myuserid common         605 Apr 12 11:37 test_key.pub

ls -l ~/.ssh/ on serverB
-rw-r-----   1 myuserid common         605 Apr 12 11:49 authorized_keys
-rw-r-----   1 myuserid common         605 Apr 12 11:49 test_key.pub

Do any of these need changed?  Any other ideas?
0
 

Author Comment

by:edumgt
ID: 13809692
I figured out on my own why the connection is dropping.  The UsePAM in the sshd_config file was set to 'yes'.  Once I commented out that variable and took the default 'no' I was able to keep the sftp connection open without it dropping.

Although I still can't get the Public Authentication to work, anyone have any ideas, could it be another setting somehwere in that file???
0
 

Author Comment

by:edumgt
ID: 13817026
I have found the solution to my problem.  The StrictModes variable needs to be set to no.  It is set to yes by default but once I set it to no I was no longer prompted for my password and was able to authenticate using a public key with no keyboard interaction.
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I promised to write further about my project, and here I am.  First, I needed to setup the Primary Server.  You can read how in this article: Setup FreeBSD Server with full HDD encryption (http://www.experts-exchange.com/OS/Unix/BSD/FreeBSD/A_3660-S…
Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Suggested Courses
Course of the Month14 days, 6 hours left to enroll

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question