[Info-vax] SSH / SFTP troubles
David Froble
davef at tsoft-inc.com
Thu Aug 2 23:24:22 EDT 2012
GerMarsh wrote:
> Using OpenText Secure Shell with the usual password authentication to VMS V8.3 has no problems. However, attempting SSH connection from one VMS system to another using publickey only results in "no more authentication methods" on the client and "WARNING: got bad packet when verifying user me's publickey" on the remote side.
>
> Tried checking everything according to the HP "Guide to SSH" manual - which I found a bit confusing - including the file protection. I did get confused as to whether I need the SSH_ADD to add the key though.
>
> I tried debugging on both sides - discovered the logical name on the server side by looking in the TCPIP$SSH_RUN.COM - but again no further info.
>
> No clues either in VMS audit journal.
>
> Any tips on how to determine exactly what has gone wrong would be greatly appreciated. I was expecting to see some debug lines stating the public key file it was attempting to access etc.
>
> This is running TCP/IP Services Version V5.6 - ECO 5 and I know there are some fixes in more recent patches but I would have thought I could get the thing to work using public key!
Ok, this seems familiar.
The boss was having some problems getting SFTP to work, so I suggested that we get it
working in-house first, before pointing fingers at the bank.
We had an itanium, and an Alpha. We each had user accounts. At first nothing worked,
then I was able to use my user accounts to get a connection. Then I could connect from my
account on the Itanium to his account on the Alpha, but he could not connect.
It was getting frustrating, and I suggested that we start over with new keys, and be very
careful to take short steps. We ended up getting it working. I still don't know what the
problem was, but, it was definitely key related.
Perhaps start over, checking the keys carefully. Make sure the beginning date for the
keys has already passed. (Ask me how long this one had a clamp on my ass.)
Note, SSH (and SSL) will gladly tell you that something failed, but really doesn't want to
tell you what failed.
More information about the Info-vax
mailing list