Link to home
Start Free TrialLog in
Avatar of edumgt
edumgt

asked on

Setting up SFTP between two HPUX servers

I am trying to setup an SFTP connection between two HPUX servers that authenticates using a public key.  I used the following command to geneerate the key pair and entered a passphrase:
ssh-keygen -t dsa -f test_key

Output:
Your identification has been saved in test_key.
Your public key has been saved in test_key.pub.
The key fingerprint is:
68:a2:60:e4:47:29:d6:0f:f4:98:8f:08:bc:24:6d:20 myuserid@serverA

I then copied the test_key.pub file to ~myuserid/.ssh on serverB and appended it to authorized_keys.
On serverA:
ls ~myuserid/.ssh
test_key
test_key.pub
known_hosts

On serverB:
ls ~myuserid/.ssh
test_key.pub
authorized_keys

From serverA I ranthe following command to connect to serverB using sftp:
sftp -v -oIdentityFile=~/.ssh/test_key myuserid@serverB

Output:
Connecting to serverB...
OpenSSH_3.9, OpenSSL 0.9.7d 17 Mar 2004
HP-UX Secure Shell-A.03.91.002, HP-UX Secure Shell version
debug1: Reading configuration data /opt/ssh/etc/ssh_config
debug1: Connecting to serverB [xxx.xx.xx.xxx] port 22.
debug1: Connection established.
debug1: identity file /usr/relids/myuserid/.ssh/test_key type 2
debug1: Remote protocol version 2.0, remote software version OpenSSH_3.9
debug1: match: OpenSSH_3.9 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST(1024<1024<8192) sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug1: Host 'serverB' is known and matches the RSA host key.
debug1: Found key in /usr/relids/myuserid/.ssh/known_hosts:1
debug1: ssh_rsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: publickey
debug1: Offering public key: /usr/relids/myuserid/.ssh/test_key
debug1: Authentications that can continue: publickey,password,keyboard-interactive
debug1: Next authentication method: keyboard-interactive
Password:  (I enter my password here)
debug1: Authentication succeeded (keyboard-interactive).
debug1: channel 0: new [client-session]
debug1: Entering interactive session.
debug1: channel 0: free: client-session, nchannels 1
debug1: fd 0 clearing O_NONBLOCK
debug1: fd 1 clearing O_NONBLOCK
Connection to serverB closed by remote host.
debug1: Transferred: stdin 0, stdout 0, stderr 45 bytes in 0.0 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 1401.6
debug1: Exit status -1
Connection closed

Here is the output from the syslog on serverB:
serverB sshd[20819]: Authentication refused: bad ownership or modes for directory /usr/relids/myuserid/.ssh
serverB sshd[20819]: Accepted keyboard-interactive/pam for myuserid from xxx.xx.xx.xxx port 59109 ssh2

There are two problems here, first it prompts for a password and doesn't authenticate with the public key (this is my main problem).  Second, when I do type my password the connection is closed.  As I said earlier my goal is to connect using the public key to authenticate, however I am also interested as to why this connection is dropping.  My thought is I am missing something small and trivial but cannot figure out what it is, any help would be appreciated.

Thanks
ASKER CERTIFIED SOLUTION
Avatar of tfewster
tfewster
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of edumgt
edumgt

ASKER

I changed the perms on the .ssh directories and I'm still being prompted for a password.  I have the following perms on the files within the directories:

ls -l ~/.ssh/ on serverA
-rw-------   1 myuserid common         736 Apr 12 11:37 test_key
-rw-r--r--   1 myuserid common         605 Apr 12 11:37 test_key.pub

ls -l ~/.ssh/ on serverB
-rw-r-----   1 myuserid common         605 Apr 12 11:49 authorized_keys
-rw-r-----   1 myuserid common         605 Apr 12 11:49 test_key.pub

Do any of these need changed?  Any other ideas?
Avatar of edumgt

ASKER

I figured out on my own why the connection is dropping.  The UsePAM in the sshd_config file was set to 'yes'.  Once I commented out that variable and took the default 'no' I was able to keep the sftp connection open without it dropping.

Although I still can't get the Public Authentication to work, anyone have any ideas, could it be another setting somehwere in that file???
Avatar of edumgt

ASKER

I have found the solution to my problem.  The StrictModes variable needs to be set to no.  It is set to yes by default but once I set it to no I was no longer prompted for my password and was able to authenticate using a public key with no keyboard interaction.