X-Recipient:	archive-cygwin AT delorie DOT com
X-SWARE-Spam-Status:	No, hits=2.2 required=5.0 tests=AWL,BAYES_50,T_FRT_ESTABLISH
X-Spam-Check-By:	sourceware.org
From:	Andrew Erskine <a DOT erskine AT darasoft DOT com>
To:	"cygwin AT cygwin DOT com" <cygwin AT cygwin DOT com>
Date:	Tue, 29 Nov 2011 21:49:12 +0000
Subject:	Passwordless sftp with ssh 5.9 still asks for password
Message-ID:	<9E9DD545D034B84B935BB50A739B078B0551DD6893@sha-exch12.shared.ifeltd.com>
MIME-Version:	1.0
X-IsSubscribed:	yes
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
X-MIME-Autoconverted:	from base64 to 8bit by delorie.com id pATLnx5C019578

Im trying to configure sftp for a enterprise tool I use and the instructions (which I think are out dated as they don’t mention 2008) are as follows which I have followed to the letter – prob is im still asked for a password at the end .. (verbose output at the bottom)
 
To generate authentication keys
1.  Configure the key authentication by entering the following:
ssh-keygen -t dsa
Note: Accept the default key location, C:\Documents and
Settings\nhuser\.ssh\id_dsa, and do not provide a passphrase.
The id_dsa and id_dsa.pub keys appear at the default key locations.
 
2.  Copy the public key, id_dsa.pub, to all remote poller systems in this collection set.
Place the key in the directory, C:\Documents and Settings\nhuser\.ssh.
sftp NH_USER AT REMOTE_SITE
sftp>cd .ssh
sftp>put id_dsa.pub
sftp>exit
 
Update Authentication File on a Windows Remote Site
After you copy the public keys to the .ssh subdirectory on each remote site in the
collection set, you must update the authentication file on each remote site.
To update authentication file on each remote site
1.  Log into the remote site as $NH_USER and navigate to the .ssh subdirectory on the
remote site.
2.  List the files in the .ssh subdirectory by entering the command, dir. 
The system displays a file with a .pub extension. This is your public key.
 
3.  Create an authorization file (with no extension) in the .ssh subdirectory on the
remote site.
Name the authorization file authorized_keys2.
4.  Copy the public key into the authorized_keys2 file, using the following command:
copy /b id_dsa.pub authorized_keys2
 
5.  Save the authorization file.
6.  Restart the cygwin Windows service.
7.  Repeat this procedure for each Windows remote system.
 
Test the Secure FTP Connection
Test the secure FTP connection between the central site and the remote polling sites to
verify that the sites do not prompt for a user name or password.
To test the secure FTP connection for SunSSH or OpenSSH
1.  Access a command prompt on the central site.
2.  Enter the following command:
sftp NH_USER AT hostname
NH_USER 
Specifies your FTP user name.
hostname 
Specifies the name of the remote polling site system.
The central site should connect to the remote polling site without requiring you to
enter a user name or password. If you are prompted for a user name or password,
the encryption authentication is not set up correctly.
 
My config …
 
D:\cygwin\bin>mkpasswd -d -u ehealth >> ..\etc\passwd
 
D:\cygwin\bin>ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/cygdrive/c/users/ehealth/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /cygdrive/c/users/ehealth/.ssh/id_dsa.
Your public key has been saved in /cygdrive/c/users/ehealth/.ssh/id_dsa.pub.
The key fingerprint is:
11:f2:7d:97:d6:bb:d9:e8:84:b0:c3:86:14:c6:26:8a ehealth AT PWEEHPR01
The key's randomart image is:
+--[ DSA 1024]----+
|      . .        |
|       + o     o |
|      . B . . + .|
|   . . + o . o  .|
|  E .   S .    . |
|       . o o . .+|
|        . = . oo.|
|         . . o   |
|              .  |
+-----------------+
 
D:\cygwin\bin>sftp ehealth AT 2e2ehpr01
The authenticity of host '2e2ehpr01 (2002:2b00:2f8::2b00:2f8)' can't be establis
hed.
ECDSA key fingerprint is 9b:9a:9a:19:38:d3:80:d2:b9:8c:c5:11:68:e7:0b:d4.
Are you sure you want to continue connecting (yes/no)? yes
 
D:\cygwin\bin>sftp ehealth AT 2e2ehpr01
The authenticity of host '2e2ehpr01 (2002:2b00:2f8::2b00:2f8)' can't be establis
hed.
ECDSA key fingerprint is 9b:9a:9a:19:38:d3:80:d2:b9:8c:c5:11:68:e7:0b:d4.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '2e2ehpr01,2002:2b00:2f8::2b00:2f8' (ECDSA) to the li
st of known hosts.
ehealth AT 2e2ehpr01's password:
Connected to 2e2ehpr01.
cygwin warning:
  MS-DOS style path detected: D:\nutcroot\usr\lib\terminfo
  Preferred POSIX equivalent is: /cygdrive/d/nutcroot/usr/lib/terminfo
  CYGWIN environment variable option "nodosfilewarning" turns off this warning.
  Consult the user's guide for more details about POSIX paths:
    http://cygwin.com/cygwin-ug-net/using.html#using-pathnames
No entry for terminal type "nutc";
using dumb terminal settings.
No entry for terminal type "nutc";
using dumb terminal settings.
sftp>
sftp> lcd c:/users/ehealth/.ssh
sftp>
sftp> cd .ssh
sftp>
sftp> put id_dsa.pub
Uploading id_dsa.pub to /cygdrive/c/users/ehealth/.ssh/id_dsa.pub
id_dsa.pub                                    100%  607     0.6KB/s   00:00
sftp>
sftp> exit
 
D:\cygwin\bin>sftp ehealth AT 2e2ehpr01
ehealth AT 2e2ehpr01's password:
 
D:\cygwin\bin>sftp ehealth AT 2e2ehpr01
ehealth AT 2e2ehpr01's password:
 
D:\cygwin\bin>sftp ehealth AT 2e2ehpr01
ehealth AT 2e2ehpr01's password:
Connected to 2e2ehpr01.
cygwin warning:
  MS-DOS style path detected: D:\nutcroot\usr\lib\terminfo
  Preferred POSIX equivalent is: /cygdrive/d/nutcroot/usr/lib/terminfo
  CYGWIN environment variable option "nodosfilewarning" turns off this warning.
  Consult the user's guide for more details about POSIX paths:
    http://cygwin.com/cygwin-ug-net/using.html#using-pathnames
No entry for terminal type "nutc";
using dumb terminal settings.
No entry for terminal type "nutc";
using dumb terminal settings.
sftp> lcd c:/users/ehealth/.ssh
sftp> cd .ssh
sftp> put id_dsa.pub
Uploading id_dsa.pub to /cygdrive/c/users/ehealth/.ssh/id_dsa.pub
id_dsa.pub                                    100%  607     0.6KB/s   00:00
sftp>
sftp>
sftp>
sftp> bye
 
D:\cygwin\bin>sftp ehealth AT 2e2ehpr01
ehealth AT 2e2ehpr01's password:
 
D:\cygwin\bin>
D:\cygwin\bin>
D:\cygwin\bin>
D:\cygwin\bin>sftp ehealth AT 2e2ehpr01
ehealth AT 2e2ehpr01's password:
 
D:\cygwin\bin>
D:\cygwin\bin>
D:\cygwin\bin>
D:\cygwin\bin>
D:\cygwin\bin>sftp ehealth AT 2e2ehpr01
ehealth AT 2e2ehpr01's password:
 
D:\cygwin\bin>sftp -v ehealth AT 2e2ehpr01
OpenSSH_5.9p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /etc/ssh_config
debug1: Connecting to 2e2ehpr01 [2002:2b00:2f8::2b00:2f8] port 22.
debug1: Connection established.
debug1: identity file /cygdrive/c/users/ehealth/.ssh/id_rsa type -1
debug1: identity file /cygdrive/c/users/ehealth/.ssh/id_rsa-cert type -1
debug1: identity file /cygdrive/c/users/ehealth/.ssh/id_dsa type 2
debug1: identity file /cygdrive/c/users/ehealth/.ssh/id_dsa-cert type -1
debug1: identity file /cygdrive/c/users/ehealth/.ssh/id_ecdsa type -1
debug1: identity file /cygdrive/c/users/ehealth/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9
debug1: match: OpenSSH_5.9 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 9b:9a:9a:19:38:d3:80:d2:b9:8c:c5:11:68:e7:0b:d4
debug1: Host '2e2ehpr01' is known and matches the ECDSA host key.
debug1: Found key in /cygdrive/c/users/ehealth/.ssh/known_hosts:3
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interacti
ve
debug1: Next authentication method: publickey
debug1: Trying private key: /cygdrive/c/users/ehealth/.ssh/id_rsa
debug1: Offering DSA public key: /cygdrive/c/users/ehealth/.ssh/id_dsa
debug1: Authentications that can continue: publickey,password,keyboard-interacti
ve
debug1: Trying private key: /cygdrive/c/users/ehealth/.ssh/id_ecdsa
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interacti
ve
debug1: Next authentication method: password
ehealth AT 2e2ehpr01's password:
 
Config on remote server ..
 
 
D:\cygwin\bin>cd c:
 
C:\Users\ehealth>
C:\Users\ehealth>cd .ssh
C:\Users\ehealth\.ssh>ls
id_dsa.pub   known_hosts
 
C:\Users\ehealth\.ssh>edit authorized_keys2
C:\Users\ehealth\SSH~1>ls
authorized_keys2  id_dsa.pub        known_hosts
C:\Users\ehealth\SSH~1>copy /b id_dsa.pub authorized_keys2
Overwrite authorized_keys2? (Yes/No/All): Yes
        1 file(s) copied

Regards
Andy 
Sent from my iPhone

- Raw text -