[Info-vax] SSH

Carl Friedberg frida.fried at gmail.com
Sat Feb 19 22:04:19 EST 2011 

Phillip, Neil, Peter,

At least with Multinet and some flavors of Unix, I have found that the
SSH daemon is very particular about the protections on the key files,
authentication, and identification.

Here is an example of typical VMS settings:

 dir /sec [.ssh2]

Directory user: [xxxxxx.SSH2]

AUTHORIZATION.;1         1/16       21-JAN-2010 23:36:13.61  [xxxxxx]
            (RWD,RWD,,)
HOSTKEYS.DIR;1           1/16        2-AUG-2007 10:00:59.29  [xxxxxx]
            (RWD,RWD,,)
IDENTIFICATION.;1
                         1/16        5-JAN-2009 13:55:35.63  [xxxxxx]
            (RWD,RWD,,)
ID_xxx_yyy_zzz_COM.PUB;1
                         2/16        5-JAN-2009 14:06:55.44  [xxxxxx]
            (RWD,RWD,R,R)
ID_www_uuu_ttt_COM.PUB;1
                         2/16        5-JAN-2009 14:08:46.92  [xxxxxx]
            (RWD,RWD,R,R)


Your mileage may vary, but the protection masks above (note 2 classes:
private, and public) are mandatory for Multinet SSH v5.3.

Two other notes about security: (1) to run SCP and SFTP without a
password, you must create the public/private key pair without a
password or passphrase. This will siginificantly detract from the
strength of your key. (2) to login as SYSTEM (root), you need to
change a line in sshd_config to allow root access, for instance:

PermitRootLogin                 yes
AllowUsers                         system,moe,curly,larry

Neil, thanks for posting your SSH key creation page, that is very good.

Carl

On Tue, Feb 15, 2011 at 1:20 AM, Phillip Helbig---undress to reply
<helbig at astro.multiclothesvax.de> wrote:
> I received the following answer in response to my quoted question:
>
>> > Thanks.  I'll just have to figure out how to use scp without having to
>> > interactively use a password.
>>
>> If you haven't done this already, the trick is to set up an ssh key
>> without a passphrase on your local machine and add the corresponding
>> public key to ~/.ssh/authorized_keys on [the remote machine].
>
> What is the magic incantation on V5.4 - ECO 7?  SSH works fine but needs
> an interactively entered password.  I'd like to make the change above
> but don't want to risk breaking anything.
>
> _______________________________________________
> Info-vax mailing list
> Info-vax at rbnsn.com
> http://rbnsn.com/mailman/listinfo/info-vax_rbnsn.com
>

More information about the Info-vax mailing list