[Info-vax] SSH

Tue Feb 15 03:48:09 EST 2011

In article <ijd5ur$5ol$1 at online.de>, helbig at astro.multiCLOTHESvax.de (Phillip Helbig---undress to reply) writes:
>I received the following answer in response to my quoted question:
>
>> > Thanks.  I'll just have to figure out how to use scp without having to 
>> > interactively use a password.
>> 
>> If you haven't done this already, the trick is to set up an ssh key
>> without a passphrase on your local machine and add the corresponding
>> public key to ~/.ssh/authorized_keys on [the remote machine].
> 
>What is the magic incantation on V5.4 - ECO 7?  SSH works fine but needs 
>an interactively entered password.  I'd like to make the change above 
>but don't want to risk breaking anything.

Where do you want to login from?
>From one VMS to another VMS?

1) make a key pair

$ SET DEFAULT SYS$LOGIN
$ SET DEFAULT [.SSH2]
$ SSH_KEYGEN "-P" "-cDSA 2048 helbig at vms"	!modify comment to your needs

2) Rename the key file pair to a name which identifies the keys
without looking into the content (like for debugging with SET WATCH ;-)

$ RENAME/LOG ID_DSA_2048_A.* KEY_HELBIG_VMS

3) Add this Public Key (in fact the name of the file with the key) to your
account's SSH2 authorize file - to allow login into this VMS [account]
(~/.ssh/authorized_keys on U**X or SYS$LOGIN:[.SSH2]AUTHORIZED. on VMS)

btw: Refer to the config file for the SSH2 daemon to check for the filename:

$ SEARCH TCPIP$SSH_DEVICE:[TCPIP$SSH.SSH2]SSHD2_CONFIG. AuthorizationFile
    AuthorizationFile                   authorization

where you could change the name of the authorization file to be identical
on UNIX and VMS TCPIP (means "authorized_keys") ...

$ TYPE AUTHORIZATION.		! or TYPE AUTHORIZED_KEYS. if you changed it
KEY KEY_HELBIG_VMS.PUB

4) Add the Private Key (again the name of the file but without an extension)
to your account's SSH identity file - to allow login from VMS

$ TYPE IDENTIFICATION.
IdKey KEY_HELBIG_VMS

Done (though it maybe neccessary for older versions of TCPIP to change the
file attributes to Stream-LF - which is not required on the current versions)

You could now login with "$ SSH localhost" (without a password).

If you copy these 4 files from one VMS to all other of your VMS boxes
you could do a "$ SSH vms1" on vms2 and "$ SSH vms2" on vms1 and so on.
If you want to use other usernames on other systems, you would need to
"$ SSH user at vms2", but you probably know this already.
(don't forget to use different keys for different accounts)

If you want to login from your Personal Crap to VMS (PuTTY or KiTTY or...)
you could create the key pair on your PC also (with PuTTYgen), and add the
private key (*.PPK) to your PuTTY config ("Connection" "SSH" "Auth" - and
don't forget to add the remote = VMS username to "Connection" "Data") and
transfer the public key file to VMS (perhaps rename it to KEY_HELBIG_PC.PUB)
and then add a similar "KEY" line to your SSH authorization file (as above)

-EPLAN

PS: Why don't you upgrade VMS as soon as possible before you start learning
new features (which might change/improve after the upgrade)?
-- 
Peter "EPLAN" LANGSTÖGER
Network and OpenVMS system specialist
E-mail  Peter at LANGSTOeGER.at
A-1030 VIENNA  AUSTRIA              I'm not a pessimist, I'm a realist