ssh FROM linux TO OpenVMS - VMS

This is a discussion on ssh FROM linux TO OpenVMS - VMS ; Hello, I'm trying hard to connect from a linux client to a VMS server using hostkey identification. I'm always getting a password request and if I type the password it failed anyway: I have on the client side : $ ...

+ Reply to Thread
Results 1 to 4 of 4

Thread: ssh FROM linux TO OpenVMS

  1. ssh FROM linux TO OpenVMS

    Hello,
    I'm trying hard to connect from a linux client to a VMS server using
    hostkey identification.
    I'm always getting a password request and if I type the password it
    failed anyway:

    I have on the client side :
    $ uname -a
    Linux kashmir 2.6.18-8.el5 #1 SMP Thu Mar 15 19:57:35 EDT 2007 i686
    i686 i386 GNU/Linux
    $ ssh -V
    OpenSSH_4.3p2, OpenSSL 0.9.8b 04 May 2006

    and the verbose lines of the ssh request: (bombay is the vms server)
    $ ssh -v texas@bombay
    OpenSSH_4.3p2, OpenSSL 0.9.8b 04 May 2006
    debug1: Reading configuration data /etc/ssh/ssh_config
    debug1: Applying options for *
    debug1: Connecting to bombay [172.20.211.25] port 22.
    debug1: Connection established.
    debug1: identity file /home/denis/.ssh/identity type -1
    debug1: identity file /home/denis/.ssh/id_rsa type 1
    debug1: identity file /home/denis/.ssh/id_dsa type 2
    debug1: Remote protocol version 2.0, remote software version 3.2.0 SSH
    Secure Shell OpenVMS V5.6 VMS_sftp_version 2
    debug1: no match: 3.2.0 SSH Secure Shell OpenVMS V5.6 VMS_sftp_version
    2
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_4.3
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug1: kex: server->client aes128-cbc hmac-md5 none
    debug1: kex: client->server aes128-cbc hmac-md5 none
    debug1: sending SSH2_MSG_KEXDH_INIT
    debug1: expecting SSH2_MSG_KEXDH_REPLY
    debug1: Host 'bombay' is known and matches the DSA host key.
    debug1: Found key in /home/denis/.ssh/known_hosts:14
    debug1: ssh_dss_verify: signature correct
    debug1: SSH2_MSG_NEWKEYS sent
    debug1: expecting SSH2_MSG_NEWKEYS
    debug1: SSH2_MSG_NEWKEYS received
    debug1: SSH2_MSG_SERVICE_REQUEST sent
    debug1: SSH2_MSG_SERVICE_ACCEPT received
    debug1: Authentications that can continue: publickey,password
    debug1: Next authentication method: publickey
    debug1: Trying private key: /home/denis/.ssh/identity
    debug1: Offering public key: /home/denis/.ssh/id_rsa
    debug1: Authentications that can continue: publickey,password
    debug1: Offering public key: /home/denis/.ssh/id_dsa
    debug1: Authentications that can continue: publickey,password
    debug1: Next authentication method: password
    texas@bombay's password:

    entering the right password will fail

    On the server side:
    ssh -V
    debug: Ssh2/SSH2.C:1904: CRTL version (SYS$SHAREECC$SHR.EXE ident)
    is V8.3-00
    debug: SshAppCommon/SSHAPPCOMMON.C:322: Allocating global SshRegex
    context.
    debug: SshConfig/SSHCONFIG.C:3421: Metaconfig parsing stopped at line
    4.
    debug: SshConfig/SSHCONFIG.C:875: Setting variable 'VerboseMode' to
    'FALSE'.
    debug: SshConfig/SSHCONFIG.C:3329: Unable to open ssh2/ssh2_config
    warning: You didn't specify a host name.
    Type bombay$dka0:[sys0.syscommon.][sysexe]tcpip$ssh_ssh2.exe -h for
    help.

    I tried to copy the client id_dsa.pub to the server's user [.ssh2]
    directory
    and making all that they said in the manual but nothing works.
    any help please ?
    d.fayaud

  2. Re: ssh FROM linux TO OpenVMS

    On 5 mei, 16:06, zemb...@chkoun.com wrote:
    > Hello,
    > I'm trying hard to connect from a linux client to a VMS server using
    > hostkey identification.
    > I'm always getting a password request and if I type the password it
    > failed anyway:
    >
    > I have on the client side :
    > $ uname -a
    > Linux kashmir 2.6.18-8.el5 #1 SMP Thu Mar 15 19:57:35 EDT 2007 i686
    > i686 i386 GNU/Linux
    > $ ssh -V
    > OpenSSH_4.3p2, OpenSSL 0.9.8b 04 May 2006
    >
    > and the verbose lines of the ssh request: (bombay is the vms server)
    > $ ssh -v texas@bombay
    > OpenSSH_4.3p2, OpenSSL 0.9.8b 04 May 2006
    > debug1: Reading configuration data /etc/ssh/ssh_config
    > debug1: Applying options for *
    > debug1: Connecting to bombay [172.20.211.25] port 22.
    > debug1: Connection established.
    > debug1: identity file /home/denis/.ssh/identity type -1
    > debug1: identity file /home/denis/.ssh/id_rsa type 1
    > debug1: identity file /home/denis/.ssh/id_dsa type 2
    > debug1: Remote protocol version 2.0, remote software version 3.2.0 SSH
    > Secure Shell OpenVMS V5.6 VMS_sftp_version 2
    > debug1: no match: 3.2.0 SSH Secure Shell OpenVMS V5.6 VMS_sftp_version
    > 2
    > debug1: Enabling compatibility mode for protocol 2.0
    > debug1: Local version string SSH-2.0-OpenSSH_4.3
    > debug1: SSH2_MSG_KEXINIT sent
    > debug1: SSH2_MSG_KEXINIT received
    > debug1: kex: server->client aes128-cbc hmac-md5 none
    > debug1: kex: client->server aes128-cbc hmac-md5 none
    > debug1: sending SSH2_MSG_KEXDH_INIT
    > debug1: expecting SSH2_MSG_KEXDH_REPLY
    > debug1: Host 'bombay' is known and matches the DSA host key.
    > debug1: Found key in /home/denis/.ssh/known_hosts:14
    > debug1: ssh_dss_verify: signature correct
    > debug1: SSH2_MSG_NEWKEYS sent
    > debug1: expecting SSH2_MSG_NEWKEYS
    > debug1: SSH2_MSG_NEWKEYS received
    > debug1: SSH2_MSG_SERVICE_REQUEST sent
    > debug1: SSH2_MSG_SERVICE_ACCEPT received
    > debug1: Authentications that can continue: publickey,password
    > debug1: Next authentication method: publickey
    > debug1: Trying private key: /home/denis/.ssh/identity
    > debug1: Offering public key: /home/denis/.ssh/id_rsa
    > debug1: Authentications that can continue: publickey,password
    > debug1: Offering public key: /home/denis/.ssh/id_dsa
    > debug1: Authentications that can continue: publickey,password
    > debug1: Next authentication method: password
    > texas@bombay's password:
    >
    > entering the right password will fail
    >
    > On the server side:
    > ssh -V
    > debug: Ssh2/SSH2.C:1904: CRTL version (SYS$SHAREECC$SHR.EXE ident)
    > is V8.3-00
    > debug: SshAppCommon/SSHAPPCOMMON.C:322: Allocating global SshRegex
    > context.
    > debug: SshConfig/SSHCONFIG.C:3421: Metaconfig parsing stopped at line
    > 4.
    > debug: SshConfig/SSHCONFIG.C:875: Setting variable 'VerboseMode' to
    > 'FALSE'.
    > debug: SshConfig/SSHCONFIG.C:3329: Unable to open ssh2/ssh2_config
    > warning: You didn't specify a host name.
    > Type bombay$dka0:[sys0.syscommon.][sysexe]tcpip$ssh_ssh2.exe -h for
    > help.
    >
    > I tried to copy the client id_dsa.pub to the server's user [.ssh2]
    > directory
    > and making all that they said in the manual but nothing works.
    > any help please ?
    > d.fayaud


    1. Read the TCPIP documentation carefully.
    2. Make sure the public key is in IETF SECSH format, NOT the OpenSSH
    format as it is on
    your Linux system. If you are lucky, you can do with the ssh-
    keygen utility (-x option is the one)
    on your Linux system, otherwise download and install openssh on
    your pc.
    Give the public key a good name to make life easier on mere humans
    (ridiculous non-Unix idea) like kashmir.pub.
    3. Put this public key in the SSH2 subdirectory of the default
    directory of user texas, and create in this directory a file
    authorization.;
    with one line that reads "key kasmir.pub" (without the quotes)
    4. make sure all files ( keys and authorization.; ) in this ssh2
    subdirectory are in stream_lf format

    Good luck,
    jose


  3. Re: ssh FROM linux TO OpenVMS

    zemb...@chkoun.com wrote:

    > [...]
    > On the server side:
    > ssh -V
    > debug: Ssh2/SSH2.C:1904: CRTL version (SYS$SHAREECC$SHR.EXE ident)
    > is V8.3-00
    > [...]


    It's a minor point, but that's "-v" output. For the version, you
    need to quote the "-V". For example:

    alp $ ssh "-V"
    alp$dka0:[sys0.syscommon.][sysexe]tcpip$ssh_ssh2.exe: SSH Secure Shell
    OpenVMS (
    V5.5) 3.2.0 on COMPAQ Professional Workstation - VMS V7.3-2

    So far, I've used only public-key authorization, so I don't know what
    goes wrong with host-key.

    > I tried to copy the client id_dsa.pub to the server's user [.ssh2]
    > directory


    Probably doomed. Different key file formats, as already explained.
    If you make a key pair on the VMS system, you can see how different
    the
    files look. Conversion (one way or the other) should be possible, but
    a
    simple copy won't do the job.

  4. Re: ssh FROM linux TO OpenVMS

    On May 5, 4:56 pm, Jose Baars wrote:
    > On 5 mei, 16:06, zemb...@chkoun.com wrote:
    >
    >
    >
    > > Hello,
    > > I'm trying hard to connect from a linux client to a VMS server using
    > > hostkey identification.
    > > I'm always getting a password request and if I type the password it
    > > failed anyway:

    >
    > > I have on the client side :
    > > $ uname -a
    > > Linux kashmir 2.6.18-8.el5 #1 SMP Thu Mar 15 19:57:35 EDT 2007 i686
    > > i686 i386 GNU/Linux
    > > $ ssh -V
    > > OpenSSH_4.3p2, OpenSSL 0.9.8b 04 May 2006

    >
    > > and the verbose lines of the ssh request: (bombay is the vms server)
    > > $ ssh -v texas@bombay
    > > OpenSSH_4.3p2, OpenSSL 0.9.8b 04 May 2006
    > > debug1: Reading configuration data /etc/ssh/ssh_config
    > > debug1: Applying options for *
    > > debug1: Connecting to bombay [172.20.211.25] port 22.
    > > debug1: Connection established.
    > > debug1: identity file /home/denis/.ssh/identity type -1
    > > debug1: identity file /home/denis/.ssh/id_rsa type 1
    > > debug1: identity file /home/denis/.ssh/id_dsa type 2
    > > debug1: Remote protocol version 2.0, remote software version 3.2.0 SSH
    > > Secure Shell OpenVMS V5.6 VMS_sftp_version 2
    > > debug1: no match: 3.2.0 SSH Secure Shell OpenVMS V5.6 VMS_sftp_version
    > > 2
    > > debug1: Enabling compatibility mode for protocol 2.0
    > > debug1: Local version string SSH-2.0-OpenSSH_4.3
    > > debug1: SSH2_MSG_KEXINIT sent
    > > debug1: SSH2_MSG_KEXINIT received
    > > debug1: kex: server->client aes128-cbc hmac-md5 none
    > > debug1: kex: client->server aes128-cbc hmac-md5 none
    > > debug1: sending SSH2_MSG_KEXDH_INIT
    > > debug1: expecting SSH2_MSG_KEXDH_REPLY
    > > debug1: Host 'bombay' is known and matches the DSA host key.
    > > debug1: Found key in /home/denis/.ssh/known_hosts:14
    > > debug1: ssh_dss_verify: signature correct
    > > debug1: SSH2_MSG_NEWKEYS sent
    > > debug1: expecting SSH2_MSG_NEWKEYS
    > > debug1: SSH2_MSG_NEWKEYS received
    > > debug1: SSH2_MSG_SERVICE_REQUEST sent
    > > debug1: SSH2_MSG_SERVICE_ACCEPT received
    > > debug1: Authentications that can continue: publickey,password
    > > debug1: Next authentication method: publickey
    > > debug1: Trying private key: /home/denis/.ssh/identity
    > > debug1: Offering public key: /home/denis/.ssh/id_rsa
    > > debug1: Authentications that can continue: publickey,password
    > > debug1: Offering public key: /home/denis/.ssh/id_dsa
    > > debug1: Authentications that can continue: publickey,password
    > > debug1: Next authentication method: password
    > > texas@bombay's password:

    >
    > > entering the right password will fail

    >
    > > On the server side:
    > > ssh -V
    > > debug: Ssh2/SSH2.C:1904: CRTL version (SYS$SHAREECC$SHR.EXE ident)
    > > is V8.3-00
    > > debug: SshAppCommon/SSHAPPCOMMON.C:322: Allocating global SshRegex
    > > context.
    > > debug: SshConfig/SSHCONFIG.C:3421: Metaconfig parsing stopped at line
    > > 4.
    > > debug: SshConfig/SSHCONFIG.C:875: Setting variable 'VerboseMode' to
    > > 'FALSE'.
    > > debug: SshConfig/SSHCONFIG.C:3329: Unable to open ssh2/ssh2_config
    > > warning: You didn't specify a host name.
    > > Type bombay$dka0:[sys0.syscommon.][sysexe]tcpip$ssh_ssh2.exe -h for
    > > help.

    >
    > > I tried to copy the client id_dsa.pub to the server's user [.ssh2]
    > > directory
    > > and making all that they said in the manual but nothing works.
    > > any help please ?
    > > d.fayaud

    >
    > 1. Read the TCPIP documentation carefully.
    > 2. Make sure the public key is in IETF SECSH format, NOT the OpenSSH
    > format as it is on
    > your Linux system. If you are lucky, you can do with the ssh-
    > keygen utility (-x option is the one)
    > on your Linux system, otherwise download and install openssh on
    > your pc.
    > Give the public key a good name to make life easier on mere humans
    > (ridiculous non-Unix idea) like kashmir.pub.
    > 3. Put this public key in the SSH2 subdirectory of the default
    > directory of user texas, and create in this directory a file
    > authorization.;
    > with one line that reads "key kasmir.pub" (without the quotes)
    > 4. make sure all files ( keys and authorization.; ) in this ssh2
    > subdirectory are in stream_lf format
    >
    > Good luck,
    > jose


    Jose !
    I did all what you wrote and it WORKS !!
    I had to work around with the id_rsa.pub conversion on the linux side,
    it was not so easy.
    For the readers, I had to do the following:
    (under the .ssh directory, after the creation of id_dsa and
    id_dsa.pub)
    # ssh-keygen -x -t dsa
    Enter file in which the key is (/home/denis/.ssh/id_dsa): (RETURN)

    This converts the file id_dsa to the right format
    For the id_rsa.pub convertion :
    # mkdir test
    # cp id_rsa_pub ./test/toto
    # cd test
    # ssh-keygen -x -t dsa > id_dsa.pub
    Enter file in which the key is (/home/denis/.ssh/id_dsa): /home/
    denis/.ssh/test/toto
    # ls
    id_dsa.pub toto

    # cp id_dsa.pub ../

    Then under .ssh, I had the two files id_dsa and id_dsa.pub with the
    good format.
    (The creation and use of subdirectory test is not mandatory, but, in
    my case, it was clearer for me)

    Then I transfered id_dsa.pub under openvms [.ssh2] directory.
    I renamed it as kashmir.pub
    I created the autorization.; file with: key kasmir.pub (as you said)
    I made the conversion of kashmir.pub and autorization.; to Stream_lf

    and it WORKS
    so Jose, you'r the best !
    thanks a lot !
    Denis

+ Reply to Thread