Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com X-Authentication-Warning: slinky.cs.nyu.edu: pechtcha owned process doing -bs Date: Wed, 18 Aug 2004 13:43:07 -0400 (EDT) From: Igor Pechtchanski Reply-To: cygwin AT cygwin DOT com To: Chris Shehan cc: cygwin AT cygwin DOT com Subject: Re: Setting up SSH keys for password less connections for sftp In-Reply-To: Message-ID: References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Scanned-By: MIMEDefang 2.39 Two things to check: 1) Is the ssh client actually using the keys (and same goes for the ssh server)? Run ssh with the "-v" flag to check. It's possible either the client or the server is rejecting the keys because of too-open permissions on them, or something. 2) Does your HPUX machine use Kerberos, AFS, DFS, or some other sort of external filesystem authentication mechanism? If so, then you're POL, since the server won't be able to read the authorized_keys file until you authenticate, which creates a Catch-22. Igor On Wed, 18 Aug 2004, Chris Shehan wrote: > Good Afternoon, > > Thanks for your response. I have tried to work through both you answer and > the solution you provided in the web link. So far I am still unable to get > the passwordless connection to work. > > Here is my setup: > Windows 2000 server. Windows user name is colibri. I have generated the RSA > keys which were created in the c:\Documents and Settings\colibri\.ssh > directory (id_rsa & id_rsa.pub). > > The user that I wish to connect to on the HP UX server is applmgr. So I take > the id_rsa.pub file and copy it to the HPUX server. It was placed in the > /u02/app/applmgr/.ssh directly and named authorized_keys. > > Supposedly once this is done I should be able to connect to the HPUX server > from the Windows server as applmgr via ssh or sftp (example : sftp > applmgr AT finprod1 ) without being asked for a password... correct? I am still > prompted for a password. > > Or is this process assuming that I have identical users on both servers with > identical passwords? > I am sure this is a very simple setup and that I am missing something > simple. > > Please help me clarify the situation and/or point out my problem. > > Thanks again for you help, > Chris Shehan > > > -----Original Message----- > From: Ken Dibble > Sent: Wednesday, August 18, 2004 11:36 AM > To: cygwin > Subject: Re: Setting up SSH keys for password less connections for sftp > > from > man ssh > > ----- > The file $HOME/.ssh/authorized_keys lists the public keys that are per- > mitted for logging in. > > > ssh implements the RSA authentication protocol automatically. The user > creates his/her RSA key pair by running ssh-keygen(1). This stores the > private key in $HOME/.ssh/identity and stores the public key in > $HOME/.ssh/identity.pub in the user's home directory. The user should > then copy the identity.pub to $HOME/.ssh/authorized_keys in his/her home > directory on the remote machine (the authorized_keys file corresponds to > the conventional $HOME/.rhosts file, and has one key per line, though the > lines can be very long). After this, the user can log in without giving > the password. > ----- > > My personal opinion is that the last line causes a bit of confusion for > some users, as giving a non-null passphrase when the specified key is > generated causes the user to have to enter the passphrase (which can be > interpreted as a request for the password). > > this link may also provide some useful information > > http://cricket.ecs.umass.edu/~czou/linux/backupSSH.html > > > Chris Shehan wrote: > > >Hello, > > > >I am attempting to replace an automated ftp process with sftp. This ftp > >process , which runs on a Windows 2000 server, grabs EDI files from our > >HPUX 11.0 server every 10 minutes and places then on the EDI Server. I > >would like to modify this process to use sftp and use the SSH keys for > >password less connections ..i.e. public key authentication. > > > >So far I have installed and tested SSH on the HPUX 11.0 server. I have > >also installed cygwin on the Windows 2000 server and preformed a > >successful test using sftp. The next step is to setup the public key > >authentication so that I can use sftp in the automated ftp process. > > > >I have Google'd the net and searched the archives of this list but have > >not been able to find any good documentation that shows me exactly what > >needs to be done in order to get the authentication working in my > >environment (mix of Windows and UNIX). So far I have been able to > >generate the private and public keys for both servers as show below: > > > >HPUX 11.0 - ssh-keygen -t dsa -f hp_sftp_user > >This command create the following files hp_sftp_user & hp_sftp_user.pub > > > >Windows / CYGWIN - ssh -keygen -t dsa -P "" > >This was an interactive session and I was asked for the file names. > >win2k_sftp and win2k_sftp.pub were generated. > > > >** Please let me know if there are better ways to generate the above keys > >..including any additional options I may need. > > > >If the above mentioned keys are workable ... I now need a solution that > >will allow me to put these files to use on both the HPUX and Windows > >servers so I will be able to use password less connections .. which is > >especially need for the scheduled ftp process running on Windows. -- http://cs.nyu.edu/~pechtcha/ |\ _,,,---,,_ pechtcha AT cs DOT nyu DOT edu ZZZzz /,`.-'`' -. ;-;;,_ igor AT watson DOT ibm DOT com |,4- ) )-,_. ,\ ( `'-' Igor Pechtchanski, Ph.D. '---''(_/--' `-'\_) fL a.k.a JaguaR-R-R-r-r-r-.-.-. Meow! "Happiness lies in being privileged to work hard for long hours in doing whatever you think is worth doing." -- Dr. Jubal Harshaw -- Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple Problem reports: http://cygwin.com/problems.html Documentation: http://cygwin.com/docs.html FAQ: http://cygwin.com/faq/