RE: SFTP-Server? - VMS

This is a discussion on RE: SFTP-Server? - VMS ; Hi, >We tried to backup the configuration of our new Cisco VoIP system. We then >get "invalid password" messages on the console although the correct password >is provided. Now as we looked a bit deeper into it, the problem seems ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: RE: SFTP-Server?

  1. RE: SFTP-Server?

    Hi,

    >We tried to backup the configuration of our new Cisco VoIP system. We then
    >get "invalid password" messages on the console although the correct password
    >is provided. Now as we looked a bit deeper into it, the problem seems to be
    >on Cisco's side.


    We found that even trying to SSH to the Cisco router (for console access)
    produced something similar. It seems their SSH server code is broken -- and
    SFTP relies on SSH to set up the secure TCP session.

    Regards,

    Jeremy Begg

  2. RE: SFTP-Server?

    Actually, we've found that when attempting to SSH to a Cisco server, you
    can add the following lines to your SSH2_DIR:SSH2_CONFIG (note, the config
    for the client, not server):

    SendKEXGuess NO
    allowagentforwarding no
    allowx11forwarding no

    These should allow you to talk to the router properly using our client
    (which, of course, is used by the SFTP client).

    At 02:43 PM 12/3/2007, you wrote:
    >Hi,
    >
    > >We tried to backup the configuration of our new Cisco VoIP system. We then
    > >get "invalid password" messages on the console although the correct password
    > >is provided. Now as we looked a bit deeper into it, the problem seems to be
    > >on Cisco's side.

    >
    >We found that even trying to SSH to the Cisco router (for console access)
    >produced something similar. It seems their SSH server code is broken -- and
    >SFTP relies on SSH to set up the secure TCP session.
    >
    >Regards,
    >
    > Jeremy Begg


    ------
    +-------------------------------+----------------------------------------+
    | Dan O'Reilly | "There are 10 types of people in this |
    | Principal Engineer | world: those who understand binary |
    | Process Software | and those who don't." |
    | http://www.process.com | |
    +-------------------------------+----------------------------------------+


  3. Re: SFTP-Server?

    Hi Dan,

    > Actually, we've found that when attempting to SSH to a Cisco server, you
    > can add the following lines to your SSH2_DIR:SSH2_CONFIG (note, the
    > config for the client, not server):
    >
    > SendKEXGuess NO
    > allowagentforwarding no
    > allowx11forwarding no
    >
    > These should allow you to talk to the router properly using our client
    > (which, of course, is used by the SFTP client).


    That's interesting. I'm setting up a new HP Integrity server today and I've
    just installed MultiNet V5.2 on it, with all the MultiNet updates, and I've
    found a couple of issues directly relating to the above comments. I've
    opened the manual to page 30-27 ("Starting the SSH Server for the First Time").

    1. The manual says to run this command:
    $ COPY MULTINET_SPECIFIC_ROOT:[MULTINET.SSH2]SSHD2_CONFIG.TEMPLATE -
    _$ MULTINET_SPECIFIC_ROOT:[MULTINET.SSH2]SSHD2_CONFIG.

    The problem is that the SSHD2_CONFIG.TEMPLATE file is not in that
    directory; it's in the MULTINET: directory instead.

    2. The manual says to run this command:
    $ COPY MULTINET_SPECIFIC_ROOT:[MULTINET.SSH2]SSH2_CONFIG.TEMPLATE -
    _$ MULTINET_SPECIFIC_ROOT:[MULTINET.SSH2]SSH2_CONFIG.

    The problem is that this template file does not exist.

    Here's a list of all the .TEMPLATE files shipped with MultiNet 5.2:

    rx2660::SYSTEM> d multinet_root:[multinet...]*.template

    Directory MULTINET_COMMON_ROOT:[MULTINET]

    ACCOUNTING_CONF.TEMPLATE;1 2/48 8-SEP-2003 09:36:29.00
    GATED_CONF.TEMPLATE;1 3/16 8-APR-2007 03:54:27.59
    NTPD_DST_PROC_COM.TEMPLATE;1 4/16 8-APR-2007 03:54:28.12
    NTP_CONF.TEMPLATE;1 8/16 8-APR-2007 03:54:27.99
    PSK_TXT.TEMPLATE;1 1/48 20-JAN-2005 08:14:55.80
    RACOON_CONF.TEMPLATE;1 2/48 20-JAN-2005 08:15:37.01
    SMTP_SERVER_REJECT.TEMPLATE;1 6/16 8-APR-2007 03:48:20.23
    SSHD2_CONFIG.TEMPLATE;1 10/48 3-OCT-2003 15:05:41.79
    SSHD_CONFIG.TEMPLATE;1 3/48 9-NOV-2001 12:11:07.78

    Total of 9 files, 39/304 blocks.

    Looking at another couple of systems I have access to, it appears that the
    SSH2_CONFIG.TEMPLATE file was omitted from the V5.2 kit. Can I just copy
    this file from a MultiNet 5.1 system, or have there been more recent changes
    to it?

    Thanks,

    Jeremy Begg

    +---------------------------------------------------------+
    | VSM Software Services Pty. Ltd. |
    | http://www.vsm.com.au/ |
    | "OpenVMS Systems Management & Programming" |
    | Web & Email Hosting |
    |---------------------------------------------------------|
    | P.O.Box 402, Walkerville, | E-Mail: jeremy@vsm.com.au |
    | South Australia 5081 | Phone: +61 8 8221 5188 |
    |---------------------------| Mobile: 0414 422 947 |
    | A.C.N. 068 409 156 | FAX: +61 8 8221 7199 |
    +---------------------------------------------------------+



  4. Re: SFTP-Server?

    Are these available on the command line?

    I rely on X11 forwarding and I'd expect that others do too, so just
    setting these lines isn't something that you'd want to do in general
    I assume...

    -Ross-

    On Dec 3, 2007, at 4:51 PM, Dan O'Reilly wrote:

    > Actually, we've found that when attempting to SSH to a Cisco
    > server, you can add the following lines to your
    > SSH2_DIR:SSH2_CONFIG (note, the config for the client, not server):
    >
    > SendKEXGuess NO
    > allowagentforwarding no
    > allowx11forwarding no
    >
    > These should allow you to talk to the router properly using our
    > client (which, of course, is used by the SFTP client).
    >
    > At 02:43 PM 12/3/2007, you wrote:
    >> Hi,
    >>
    >> >We tried to backup the configuration of our new Cisco VoIP

    >> system. We then
    >> >get "invalid password" messages on the console although the

    >> correct password
    >> >is provided. Now as we looked a bit deeper into it, the problem

    >> seems to be
    >> >on Cisco's side.

    >>
    >> We found that even trying to SSH to the Cisco router (for console
    >> access)
    >> produced something similar. It seems their SSH server code is
    >> broken -- and
    >> SFTP relies on SSH to set up the secure TCP session.
    >>
    >> Regards,
    >>
    >> Jeremy Begg

    >
    > ------
    > +-------------------------------
    > +----------------------------------------+
    > | Dan O'Reilly | "There are 10 types of people in
    > this |
    > | Principal Engineer | world: those who understand
    > binary |
    > | Process Software | and those who
    > don't." |
    > | http://www.process.com
    > | |
    > +-------------------------------
    > +----------------------------------------+



  5. Re: SFTP-Server?

    They are available from the command line, but you can use what's called a
    "stanza" in your SSH2_CONFIG file. For example:

    lima.beans.com:
    sendkexguess no
    allowagentforwarding no
    allowx11forwarding no
    pinto.beans.com:
    sendkexguess no
    allowagentforwarding no
    allowx11forwarding no

    In this example, the 2 systems lima and pinto both use specific
    options. For all other systems, either defaults or other specified values
    are used.

    Just FYI, if you REALLY want to do it from the command line:

    $ ssh lima.beans.com
    /option=(sendkexguess=no,allowagentforwarding=no,al lowx11forwarding=no)

    At 05:53 PM 12/3/2007, you wrote:
    >Are these available on the command line?
    >
    >I rely on X11 forwarding and I'd expect that others do too, so just
    >setting these lines isn't something that you'd want to do in general
    >I assume...
    >
    >-Ross-
    >
    >On Dec 3, 2007, at 4:51 PM, Dan O'Reilly wrote:
    >
    >>Actually, we've found that when attempting to SSH to a Cisco
    >>server, you can add the following lines to your
    >>SSH2_DIR:SSH2_CONFIG (note, the config for the client, not server):
    >>
    >>SendKEXGuess NO
    >>allowagentforwarding no
    >>allowx11forwarding no
    >>
    >>These should allow you to talk to the router properly using our
    >>client (which, of course, is used by the SFTP client).
    >>
    >>At 02:43 PM 12/3/2007, you wrote:
    >>>Hi,
    >>>
    >>> >We tried to backup the configuration of our new Cisco VoIP
    >>>system. We then
    >>> >get "invalid password" messages on the console although the
    >>>correct password
    >>> >is provided. Now as we looked a bit deeper into it, the problem
    >>>seems to be
    >>> >on Cisco's side.
    >>>
    >>>We found that even trying to SSH to the Cisco router (for console
    >>>access)
    >>>produced something similar. It seems their SSH server code is
    >>>broken -- and
    >>>SFTP relies on SSH to set up the secure TCP session.
    >>>
    >>>Regards,
    >>>
    >>> Jeremy Begg

    >>
    >>------
    >>+------------------------------- +----------------------------------------+
    >>| Dan O'Reilly | "There are 10 types of people in
    >>this |
    >>| Principal Engineer | world: those who understand
    >>binary |
    >>| Process Software | and those who
    >>don't." |
    >>| http://www.process.com
    >>| |
    >>+------------------------------- +----------------------------------------+

    >


    ------
    +-------------------------------+----------------------------------------+
    | Dan O'Reilly | "There are 10 types of people in this |
    | Principal Engineer | world: those who understand binary |
    | Process Software | and those who don't." |
    | http://www.process.com | |
    +-------------------------------+----------------------------------------+


+ Reply to Thread