Issues with automating SFTP - Solaris

This is a discussion on Issues with automating SFTP - Solaris ; Hi We are trying to set up a non-interactive sftp to one of our clients to be able to transfer files to them. For the setup I logged into server1 as user1 and generated RSA public and private keys id_rsa ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Issues with automating SFTP

  1. Post Issues with automating SFTP

    Hi

    We are trying to set up a non-interactive sftp to one of our clients to be able to transfer files to them. For the setup I logged into server1 as user1 and generated RSA public and private keys id_rsa and id_rsa.pub. Then I did an sftp to server2 as user2 and put the id_rsa.pub in the .ssh folder as authorized_keys. Then when I try to do an sftp from server1 (logged in as user1) to server2 as user2 I get prompted for the password.

    These are the sshd_config parameters on server2:
    IgnoreRhosts yes
    RhostsAuthentication no
    RhostsRSAAuthentication no
    RSAAuthentication yes
    PubkeyAuthentication yes

    One interesting this that I have noticed is that when I connect via. sftp to server2 as user2 for the first time I get the message:
    The authenticity of host '' can't be established.
    DSA key fingerprint is
    Are you sure you want to continue connecting (yes/no)?
    and the known_hosts file is created with a key starting with ssh-dss. When I am creating an RSA key pair why is my server creating a DSA key fingerprint? Is that right/expected behaviour?

    I did a -vvv on the sftp to server2 to try to detect what my problem was and noticed that the RSA key is not being detected.This is the version of SSH on the server
    server1:user1:> ssh -V
    Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090704f

    Part of the logging that I captured. I can send you the complete one if you need it:
    server1:user1:> sftp -vvv user2@server2
    Connecting to server2...
    Sun_SSH_1.1, SSH protocols 1.5/2.0, OpenSSL 0x0090704f
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Rhosts Authentication disabled, originating port will not be trusted.
    debug1: ssh_connect: needpriv 0
    debug1: Connecting to server2 port 22.
    debug1: Connection established.
    debug3: Not a RSA1 key file /abcd/./files/mgr/.ssh/id_rsa.
    debug2: key_type_from_name: unknown key type '-----BEGIN'
    debug3: key_read: no key found
    debug3: key_read: no space
    debug3: key_read: no space
    debug3: key_read: no space
    debug3: key_read: no space
    debug3: key_read: no space
    debug3: key_read: no space
    debug3: key_read: no space
    debug3: key_read: no space
    debug3: key_read: no space
    debug3: key_read: no space
    debug3: key_read: no space
    debug3: key_read: no space
    debug3: key_read: no space
    debug2: key_type_from_name: unknown key type '-----END'
    debug3: key_read: no key found
    debug1: identity file /abcd/./files/mgr/.ssh/id_rsa type 1
    debug1: identity file /abcd/./files/mgr/.ssh/id_dsa type -1
    debug1: Remote protocol version 2.0, remote software version ReflectionForSecureIT_6.1.0.16
    debug1: no match: ReflectionForSecureIT_6.1.0.16
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-Sun_SSH_1.1
    debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1
    debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
    debug2: kex_parse_kexinit: aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc
    debug2: kex_parse_kexinit: aes128-ctr,aes128-cbc,arcfour,3des-cbc,blowfish-cbc
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: none,zlib
    debug2: kex_parse_kexinit: none,zlib
    debug2: kex_parse_kexinit: i-default
    debug2: kex_parse_kexinit: i-default
    debug2: kex_parse_kexinit: first_kex_follows 0
    debug2: kex_parse_kexinit: reserved 0

    I have spent a lot of time on this without any success. I don't know if I am missing something very obvious here. Any response would be appreciated.

  2. Re: Issues with automating SFTP

    To setup non-interactvie SSH RSA Keys I use the following procedure:

    First, install OpenSSH on two UNIX machines, hurly and burly.

    This works best using DSA keys and SSH2 by default as far as I can tell.

    All the other HOWTOs I've seen seem to deal with RSA keys and SSH1, and the instructions not surprisingly fail to work with SSH2.

    2. On each machine type ssh somemachine.example.com and make a connection with your
    regular password. This will create a .ssh dir in your home directory with the proper perms.

    3. On your primary machine where you want your secret keys to live (let's say hurly), type
    ssh-keygen -t dsa

    This will prompt you for a secret passphrase. If this is your primary identity
    key, make sure to use a good passphrase. If this works right you will get two files
    called id_dsa and id_dsa.pub in your .ssh dir.

    Note: it is possible to just press the enter key when prompted for a passphrase, which will make a key with no passphrase.

    This is a Bad Idea for an identity key, so don't do it!
    See below for uses of keys without passphrases.

    4. scp ~/.ssh/id_dsa.pub burly:.ssh/authorized_keys2
    Copy the id_dsa.pub file to the other host's .ssh dir with the name
    authorized_keys2.

    5. Now burly is ready to accept your ssh key. How to tell it which keys to use? The ssh-add
    command will do it. For a test, type

    ssh-agent sh -c 'ssh-add < /dev/null && bash'

    This will start the ssh-agent, add your default identity(prompting you for
    your passphrase), and spawn a bash shell. From this new shell you should be able
    to:

    ssh burly

    This should let you in without typing a password or passphrase. Hooray!
    You can ssh and scp all you want from this bash shell and not have to type any
    password or passphrase.

+ Reply to Thread