[Info-vax] SSH / SFTP troubles

Fri Aug 3 05:04:43 EDT 2012

On Thursday, August 2, 2012 5:36:37 PM UTC+1, Steven Schweda wrote:
> > This used to be known as Hummingbird and is a Windows 7
> 
> > client. Using password authentication it works a treat!
> 
> 
> 
>    And what happens with password authentication "from one
> 
> VMS system to another"?
> 

That is a very good point - it merely asks for my password three times then comes up with the usual "No further authentication methods available".

I note too that it does clock up intrusion records as well as clocking up failures in the UAF. The audit journal contains...
Remote username:          SSH_23529361
Status:                   %LOGIN-F-NOTVALID, user authorization failure

I'm positive I am entering the password correctly as I can set host to it no problem.

The server still reports bad packet with public key.

I note that ssh -d 9 gives more debug info but still no clue.

(I've generated the keys from scratch and they are stream_lf. I've altered the protection to world: read too.)

> 
> 
> > Sorry about the lack of info - I meant I followed the HP
> 
> > SSH guide including setting up AUTHORIZATION and
> 
> > IDENTIFICATION files.
> 
> 
> 
>    Not an improvement.  _Which_ "the HP SSH guide"?  And, no
> 
> matter which one, telling me that you did everything right is
> 
> not the same as telling me what you did.  I have no idea how
> 
> you generated your key files.  I have no idea who owns your
> 
> key files, or what their protections/permissions are, or
> 
> what's in them.
> 
> 
> 
> > define/sys tcpip$ssh_server_debug y
> 
> 
> 
>    Did you try any client diagnostics?
> 
> 
> 
>       ssh -v[v[v]] hostname
> 
> 
> 
> > The idea is to use SFTP - setting up SSH is just the first
> 
> > step.
> 
> 
> 
>    I read the Subject just after I posted that.  Sigh.  I use
> 
> only plain SSH.  I know not whether SFTP works.  However,
> 
> public-key authentication itself from one VMS system to
> 
> another (or, to itself) should pose few problems.
> 
> 
> 
> > [...] Especially if it is only using public key
> 
> > authentication.
> 
> 
> 
> alp $ ssh -v alp-l
> 
> [...]
> 
> debug( 2-AUG-2012 11:17:05.34): Ssh2AuthPubKeyClient/AUTHC-PUBKEY.C:
> 
> 1677: adding
> 
>  keyfile "/ALP$DKC0/SMS/ssh2/SMS_NPP_ID_DSA_1024_A" to candidates
> 
> [...]
> 
> debug( 2-AUG-2012 11:17:05.47): Ssh2AuthPubKeyClient/AUTHC-PUBKEY.C:
> 
> 1915: Public
> 
>  key authentication was successful.
> 
> [...]
> 
> 
> 
> alp $ type [.ssh2]IDENTIFICATION.
> 
> IdKey SMS_NPP_ID_DSA_1024_A
> 
> 
> 
> alp $ type [.ssh2]AUTHORIZATION.
> 
> KEY SMS_NPP_ID_DSA_1024_A.PUB
> 
> 
> 
> alp $ dire /owne /prot [-.ssh2]AUTHORIZATION.;, IDENTIFICATION.;,
> 
> SMS_NPP_ID_DSA
> 
> _1024_A;
> 
> 
> 
> Directory ALP$DKC0:[SMS.SSH2]
> 
> 
> 
> AUTHORIZATION.;8     [SMS]              (RWED,RWED,,)
> 
> IDENTIFICATION.;3    [SMS]              (RWED,RWED,,)
> 
> SMS_NPP_ID_DSA_1024_A.;1
> 
>                      [SMS]              (RWD,RWD,,)
> 
> SMS_NPP_ID_DSA_1024_A.PUB;1
> 
>                      [SMS]              (RWD,RWD,R,R)
> 
> 
> 
>    A little searching should find many past discussions here
> 
> or on HP's forums involving basic SSH set-up.  (Almost all of
> 
> which include more info than this one.)