[Info-vax] SSH
Neil Rieck
n.rieck at sympatico.ca
Sat Feb 19 07:57:47 EST 2011
On Feb 15, 4:53 pm, hel... at astro.multiCLOTHESvax.de (Phillip Helbig---
undress to reply) wrote:
> In article <4d5a4bd... at ns.langstoeger.at>, pe... at langstoeger.at (Peter
>
> 'EPLAN' LANGSTOEGER) writes:
> > In article <ijd5ur$5o... at online.de>, hel... at astro.multiCLOTHESvax.de (Phillip Helbig---undress to reply) writes:
> > >I received the following answer in response to my quoted question:
>
> > >> > Thanks. I'll just have to figure out how to use scp without having to
> > >> > interactively use a password.
>
> > >> If you haven't done this already, the trick is to set up an ssh key
> > >> without a passphrase on your local machine and add the corresponding
> > >> public key to ~/.ssh/authorized_keys on [the remote machine].
>
> > >What is the magic incantation on V5.4 - ECO 7? SSH works fine but needs
> > >an interactively entered password. I'd like to make the change above
> > >but don't want to risk breaking anything.
>
> Thanks to the replies; it's working now.
>
> > Where do you want to login from?
> > From one VMS to another VMS?
>
> At the moment, scp from VMS to (what happens to be) a unix box in the
> outside world. I have a dynamic IP address at home (since a permanent
> one is not worth the extra cost) and for the occasional problems when
> the connection is working but the DNS is not (either a---very
> rare---problem with the dynamic DNS provider or a problem on my side
> updating the DNS after the IP has changed) AND when I am not at home
> when this happens AND am aware of the problem AND can log in remotely
> (sounds rare, but has happened), I copy the current IP address to this
> remote system so that I know what it is.
>
> > PS: Why don't you upgrade VMS as soon as possible before you start learning
> > new features (which might change/improve after the upgrade)?
>
> First, I want to get this working soon. Second, though I hope to
> upgrade soon (before Easter?) I'm not sure when. Third, I'll do a
> rolling upgrade and want to be able to fall back in case of problems
> without losing any functionality. Fourth, hopefully one can upgrade
> without having to reconfigure! (I did an upgrade from 7.3-2 to 8.3 (the
> same one I am planning to do) including TCPIP upgrade for a fellow
> hobbyist (a heavy user of VMS but very much a user as opposed to system
> manager) while travelling and was surprised when some TCPIP stuff didn't
> "just work" after the upgrade. IIRC it was only the BIND server (which
> I am not using at home), but this has put some fear into my soul so I
> will read the New Features, Installation and Upgrade, SPD etc manuals
> carefully first. (I hope he managed to get the BIND problem sorted out
> in the meantime.))
I think Peter Langstoeger has it pretty much nailed but let me add a
few points I discovered after I spun my wheels in this area a while
back.
1) SCP (secure copy) and SFTP (secure FTP) are based upon SSH. If you
have any problems using either of these technologies, you should first
attempt to get everything working with SSH. I did this recently to
solve a customer's PC problem (he was using CoreFTP to connect to an
OpenVMS box) by first installing CYGWIN with openSSH on the PC then
proceeding from there.
2) SSH is based upon port 22. If the source computer can't connect to
the destination computer on port 22 (lets say it was due to a
misconfigured firewall or proxy-server) then other technologies like
SFTP and SCP have no chance of working.
3) There is no way to programatically pass a password to SSH (or SCP
or SFTP) and this short-coming is "by design" because the developers
wanted to stop people from placing passwords in scripts.
4) So the developers of this technology replaced "password
authentication" with "2-key authentication". Once the keys are in
place, changing the destination account's password will not block
future connection events. You've got to delete the key file (or modify
one of the SSH2 configuration files)
I had a difficult time documenting this for some non-technical co-
workers and so created this web page.
http://www3.sympatico.ca/n.rieck/docs/openvms_notes_ssh2.html
Neil Rieck
Kitchener / Waterloo / Cambridge,
Ontario, Canada.
http://www3.sympatico.ca/n.rieck/OpenVMS.html
More information about the Info-vax
mailing list