edumgt
asked on
Setting up SFTP between two HPUX servers
I am trying to setup an SFTP connection between two HPUX servers that authenticates using a public key. I used the following command to geneerate the key pair and entered a passphrase:
ssh-keygen -t dsa -f test_key
Output:
Your identification has been saved in test_key.
Your public key has been saved in test_key.pub.
The key fingerprint is:
68:a2:60:e4:47:29:d6:0f:f4 :98:8f:08: bc:24:6d:2 0 myuserid@serverA
I then copied the test_key.pub file to ~myuserid/.ssh on serverB and appended it to authorized_keys.
On serverA:
ls ~myuserid/.ssh
test_key
test_key.pub
known_hosts
On serverB:
ls ~myuserid/.ssh
test_key.pub
authorized_keys
From serverA I ranthe following command to connect to serverB using sftp:
sftp -v -oIdentityFile=~/.ssh/test _key myuserid@serverB
Output:
Connecting to serverB...
OpenSSH_3.9, OpenSSL 0.9.7d 17 Mar 2004
HP-UX Secure Shell-A.03.91.002, HP-UX Secure Shell version
debug1: Reading configuration data /opt/ssh/etc/ssh_config
debug1: Connecting to serverB [xxx.xx.xx.xxx] port 22.
debug1: Connection established.
debug1: identity file /usr/relids/myuserid/.ssh/ test_key type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_3.9
debug1: match: OpenSSH_3.9 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUES T(1024<102 4<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'serverB' is known and matches the RSA host key.
debug1: Found key in /usr/relids/myuserid/.ssh/ known_host s:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboar d-interact ive
debug1: Next authentication method: publickey
debug1: Offering public key: /usr/relids/myuserid/.ssh/ test_key
debug1: Authentications that can continue: publickey,password,keyboar d-interact ive
debug1: Next authentication method: keyboard-interactive
Password: (I enter my password here)
debug1: Authentication succeeded (keyboard-interactive).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: channel 0: free: client-session, nchannels 1
debug1: fd 0 clearing O_NONBLOCK
debug1: fd 1 clearing O_NONBLOCK
Connection to serverB closed by remote host.
debug1: Transferred: stdin 0, stdout 0, stderr 45 bytes in 0.0 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 1401.6
debug1: Exit status -1
Connection closed
Here is the output from the syslog on serverB:
serverB sshd[20819]: Authentication refused: bad ownership or modes for directory /usr/relids/myuserid/.ssh
serverB sshd[20819]: Accepted keyboard-interactive/pam for myuserid from xxx.xx.xx.xxx port 59109 ssh2
There are two problems here, first it prompts for a password and doesn't authenticate with the public key (this is my main problem). Second, when I do type my password the connection is closed. As I said earlier my goal is to connect using the public key to authenticate, however I am also interested as to why this connection is dropping. My thought is I am missing something small and trivial but cannot figure out what it is, any help would be appreciated.
Thanks
ssh-keygen -t dsa -f test_key
Output:
Your identification has been saved in test_key.
Your public key has been saved in test_key.pub.
The key fingerprint is:
68:a2:60:e4:47:29:d6:0f:f4
I then copied the test_key.pub file to ~myuserid/.ssh on serverB and appended it to authorized_keys.
On serverA:
ls ~myuserid/.ssh
test_key
test_key.pub
known_hosts
On serverB:
ls ~myuserid/.ssh
test_key.pub
authorized_keys
From serverA I ranthe following command to connect to serverB using sftp:
sftp -v -oIdentityFile=~/.ssh/test
Output:
Connecting to serverB...
OpenSSH_3.9, OpenSSL 0.9.7d 17 Mar 2004
HP-UX Secure Shell-A.03.91.002, HP-UX Secure Shell version
debug1: Reading configuration data /opt/ssh/etc/ssh_config
debug1: Connecting to serverB [xxx.xx.xx.xxx] port 22.
debug1: Connection established.
debug1: identity file /usr/relids/myuserid/.ssh/
debug1: Remote protocol version 2.0, remote software version OpenSSH_3.9
debug1: match: OpenSSH_3.9 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUES
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'serverB' is known and matches the RSA host key.
debug1: Found key in /usr/relids/myuserid/.ssh/
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboar
debug1: Next authentication method: publickey
debug1: Offering public key: /usr/relids/myuserid/.ssh/
debug1: Authentications that can continue: publickey,password,keyboar
debug1: Next authentication method: keyboard-interactive
Password: (I enter my password here)
debug1: Authentication succeeded (keyboard-interactive).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: channel 0: free: client-session, nchannels 1
debug1: fd 0 clearing O_NONBLOCK
debug1: fd 1 clearing O_NONBLOCK
Connection to serverB closed by remote host.
debug1: Transferred: stdin 0, stdout 0, stderr 45 bytes in 0.0 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 1401.6
debug1: Exit status -1
Connection closed
Here is the output from the syslog on serverB:
serverB sshd[20819]: Authentication refused: bad ownership or modes for directory /usr/relids/myuserid/.ssh
serverB sshd[20819]: Accepted keyboard-interactive/pam for myuserid from xxx.xx.xx.xxx port 59109 ssh2
There are two problems here, first it prompts for a password and doesn't authenticate with the public key (this is my main problem). Second, when I do type my password the connection is closed. As I said earlier my goal is to connect using the public key to authenticate, however I am also interested as to why this connection is dropping. My thought is I am missing something small and trivial but cannot figure out what it is, any help would be appreciated.
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I figured out on my own why the connection is dropping. The UsePAM in the sshd_config file was set to 'yes'. Once I commented out that variable and took the default 'no' I was able to keep the sftp connection open without it dropping.
Although I still can't get the Public Authentication to work, anyone have any ideas, could it be another setting somehwere in that file???
Although I still can't get the Public Authentication to work, anyone have any ideas, could it be another setting somehwere in that file???
ASKER
I have found the solution to my problem. The StrictModes variable needs to be set to no. It is set to yes by default but once I set it to no I was no longer prompted for my password and was able to authenticate using a public key with no keyboard interaction.
ASKER
ls -l ~/.ssh/ on serverA
-rw------- 1 myuserid common 736 Apr 12 11:37 test_key
-rw-r--r-- 1 myuserid common 605 Apr 12 11:37 test_key.pub
ls -l ~/.ssh/ on serverB
-rw-r----- 1 myuserid common 605 Apr 12 11:49 authorized_keys
-rw-r----- 1 myuserid common 605 Apr 12 11:49 test_key.pub
Do any of these need changed? Any other ideas?