Re: SFTP -- MIDRANGE-L

Just to be clear... the server keys (the ones needed to start the SSHD daemon) are to allow OTHERS to log in to YOUR system. Not the other way around. They won't help with the permission denied message.

Steve McKay wrote:

I ran the ssh-keygen process - doesn't that create the server keys?
Since you asked, though, I went step-by-step through the article and reran the ssh-keygen and then was able to start the SSH daemon so, obviously, I must have done something wrong.

After I did that, I tried to SFTP to our business partner but received the same "Permission denied" messages.

Steve

"Scott Klement" <midrange-l@xxxxxxxxxxxxxxxx> wrote in message news:mailman.2830.1205348692.2436.midrange-l@xxxxxxxxxxxxxxx
Did you create the server keys? Does the user running the SSHD process have authority to them?

Also -- this has nothing to do with the errors you're getting, but -- since writing that article, I've discovered that the following command actually works better for starting SSHD:

SBMJOB CMD(STRQSH CMD('/QOpenSys/usr/sbin/sshd')) JOB(SSHD)

Both methods work, but starting it through QShell lets a few programs (non-SSH related) work that didn't work when I start it through QP2SHELL... just a heads up.

Steve McKay wrote:

Scott -

>From your article, when I try to start the SSH daemon with:

SBMJOB CMD(CALL QP2SHELL PARM('/QOpenSys/usr/sbin/sshd')) JOB(SSHD)

I get the following:

Could not load host key: /QOpenSys/QIBM/ProdData/SC1/OpenSSH/openssh-3.5p1/etc/ssh_host_key
Could not load host key: /QOpenSys/QIBM/ProdData/SC1/OpenSSH/openssh-3.5p1/etc/ssh_host_rsa_key
Could not load host key: /QOpenSys/QIBM/ProdData/SC1/OpenSSH/openssh-3.5p1/etc/ssh_host_dsa_key
Disabling protocol version 1. Could not load host key
Disabling protocol version 2. Could not load host key
sshd: no hostkeys available -- exiting.

Any ideas?

"Scott Klement" <midrange-l@xxxxxxxxxxxxxxxx> wrote in message news:mailman.2732.1205335022.2436.midrange-l@xxxxxxxxxxxxxxx
I recently wrote an article about SSH/SCP/SFTP. If you're interested in that, it's located here (requires a Pro membership with System iNetwork):

http://systeminetwork.com/article/ssh-scp-and-sftp-tools-openssh

In my experience, you don't need to get the server's key -- that'll be done by SSH automatically. But you do need to generate your own private/public keys, and install the public key (or have them install it) on the server.

But a lot of it also depends on how the server is configured. Is it configured to allow password logons? Is it configured to allow interactive logons?

If the folks running the server know less about SFTP than you do, how the heck did they set this up?

Steve McKay wrote:

Once again, we're attempting to use SFTP (yes, the one in SSH) to connect to a business partner's server. I've done the ssh-keyscan and have gotten their public key (I think) and have done ssh-keygen and created my private/public keys (I think). Do they have to install my public key on their server?

When I 'call qp2term' and enter 'sftp myuserid@xxxxxxxxxxxxxxx', I get the following response:

Connecting to ftp.theirserver.com...
Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,gssapi-with-mic,password).
Connection closed

I presume that I'm connected but don't have access to something on their end. Are the 3 'permission denied' messages a result of a 'retry' or do I not have access to 3 things or what?

The business partner knows less about SFTP than I do (if that's possible), so they're no help.

Thanks,

Steve