[Info-vax] SSH / SFTP troubles

Thu Aug 2 09:30:15 EDT 2012

On Thursday, August 2, 2012 1:54:52 PM UTC+1, Stephen Hoffman wrote:
> On 2012-08-02 11:06:54 +0000, GerMarsh said:
> 
> 
> 
> > Using OpenText Secure Shell with the usual password authentication to 
> 
> > VMS V8.3 has no problems. However, attempting SSH connection from one 
> 
> > VMS system to another using publickey only results in "no more 
> 
> > authentication methods" on the client and "WARNING: got bad packet when 
> 
> > verifying user me's publickey" on the remote side.
> 
> > 
> 
> > Tried checking everything according to the HP "Guide to SSH" manual - 
> 
> > which I found a bit confusing - including the file protection. I did 
> 
> > get confused as to whether I need the SSH_ADD to add the key though.
> 
> 
> 
> That manual needs an overhaul or a rewrite, and the whole of the TCP/IP 
> 
> Services UI needs an overhaul.  Its content is entirely correct from 
> 
> what I can tell of it, but it's the result of shifting what the 
> 
> programmers should have done (within the ssh implementation, 
> 
> certificate stores, and related tools) over onto what the system 
> 
> manager and the end-user now have to deal with.
> 
> 
> 
> > I tried debugging on both sides - discovered the logical name on the 
> 
> > server side by looking in the TCPIP$SSH_RUN.COM - but again no further 
> 
> > info.
> 
> 
> 
> I'll presume the sshd server daemon is enabled and started, and that 
> 
> the daemon has been configured.
> 
> > 
> 
> > No clues either in VMS audit journal.
> 
> 
> 
> Don't bother looking there on the older TCP/IP Services ssh releases, 
> 
> as ssh was not particularly integrated with OpenVMS.  The only way to 
> 
> see what's going on there is to enable debugging within the sshd server 
> 
> daemon.
> 
> 
> 
> > Any tips on how to determine exactly what has gone wrong would be 
> 
> > greatly appreciated. I was expecting to see some debug lines stating 
> 
> > the public key file it was attempting to access etc.
> 
> 
> 
> Confirm that the public key file format is one that is supported by OpenVMS.
> 
> 
> 
> > This is running TCP/IP Services Version V5.6 - ECO 5 and I know there 
> 
> > are some fixes in more recent patches but I would have thought I could 
> 
> > get the thing to work using public key!
> 
> 
> 
> Given you're apparently on Microsoft Windows of some ilk, see if this 
> 
> is something odd with your ssh client, or with your key set-up on the 
> 
> OpenVMS server.   Put another way, set up and try PuTTY.  Set-up 
> 
> details for Windows PuTTY are at <http://labs.hoffmanlabs.com/node/1760>
> 
> 
> 
> 
> 
> -- 
> 
> Pure Personal Opinion | HoffmanLabs LLC

Thank you all for your prompt responses!

This is purely VMS to VMS and the keys were generated on VMS so there should be none of the compatibility issues which seem to be common in this area.

Here is a section of the debug output from the server side:
debug( 2-AUG-2012 11:18:39.84): SshEncode/SSHENCODE.C:325: Format = 0x0d
Thu 02 11:18:39 WARNING: got bad packet when verifying user me's publickey.
debug( 2-AUG-2012 11:18:39.84): Ssh2AuthPubKeyServer/AUTHS-PUBKEY.C:1630: bad packetd
debug( 2-AUG-2012 11:18:39.84): openvms_specific/OPENVMS_SPECIFIC.C:1496: do_accounting: SSH event: LOGINFAIL;
debug( 2-AUG-2012 11:18:39.84): SshEncode/SSHENCODE.C:78: Format = 0x2d
debug( 2-AUG-2012 11:18:39.84): SshEncode/SSHENCODE.C:78: Format = 0x5d
debug( 2-AUG-2012 11:18:39.84): SshEncode/SSHENCODE.C:78: Format = 0xD0E0A0Dd
debug( 2-AUG-2012 11:18:39.84): SshEncode/SSHENCODE.C:78: Format = 0x5d
debug( 2-AUG-2012 11:18:39.84): SshEncode/SSHENCODE.C:78: Format = 0x0d
debug( 2-AUG-2012 11:18:39.84): SshEncode/SSHENCODE.C:78: Format = 0x3d
debug( 2-AUG-2012 11:18:39.84): SshEncode/SSHENCODE.C:78: Format = 0xD0E0A0Dd
debug( 2-AUG-2012 11:18:39.84): Ssh2Transport/TRCOMMON.C:4526: Application changing transport stream callback.d

Client shows this:
debug( 2-AUG-2012 14:27:28.68): Ssh2Transport/TRCOMMON.C:1113: Sending packet with type 2 to connection
debug( 2-AUG-2012 14:27:28.68): Ssh2Transport/TRCOMMON.C:1113: Sending packet with type 50 to connection
debug( 2-AUG-2012 14:27:28.69): Ssh2Transport/TRCOMMON.C:2756: >TR packet_type=2
debug( 2-AUG-2012 14:27:28.69): Ssh2Transport/TRCOMMON.C:2756: >TR packet_type=51
debug( 2-AUG-2012 14:27:28.69): server offers auth methods 'publickey,password'.
debug( 2-AUG-2012 14:27:28.69): Ssh2AuthClient/SSHAUTHC.C:378: Method 'publickey' disabled.
debug( 2-AUG-2012 14:27:28.69): Ssh2Transport/TRCOMMON.C:1113: Sending packet with type 2 to connection
debug( 2-AUG-2012 14:27:28.69): Ssh2Transport/TRCOMMON.C:1113: Sending packet with type 50 to connection

Perhaps I'll just give this up as a bad job.

Thanks again,

Gerald.