|
I may be off base but I have seen this a few times where your are using a form of openssh and the?target is tectia or another product like that that uses the .SSH2 client. I believe you need to convert your key, see below. Maybe this is it. If not, and you have control over the remote, have them start the ssh server in debug mode,? sshd -d -d -d and it will show why your request is being rejected, cryptic but you will see it. You can also at the same time debug the client with -v -v -v options on the ssh line
Case 1. OpenSSH server and SSH2 client
Suppose you already generated an RSA2 key pair on your SSH2 client machine, and the public key is stored at ~/.ssh2/id_rsa_1024_a.pub.
The following procedure applies to DSA key pairs too.
Copy your SSH2 public key from your SSH2 client machine to your OpenSSH server like:
scp ~/.ssh2/id_rsa_1024_a.pub server:.ssh/rsa_ssh2.pub
If you can't copy the public key because the password authentication is disabled, you can email it to the system administrator and ask him/her to do the following for you (~/ is your home directory).
Run the OpenSSH version of ssh-keygen on the server to convert the SSH2 public key to into the format needed by OpenSSH:
ssh-keygen -i -f ~/.ssh/rsa_ssh2.pub > ~/.ssh/rsa_openssh.pub
Append this newly generated OpenSSH public key to your authorization file on the server:
cat ~/.ssh/rsa_openssh.pub >> ~/.ssh/authorized_keys2
Once this is done, the .pub files you created are no longer needed so you can remove them if you like.?
Now your SHH2 client should be able to connect to the OpenSSH server with the public key authentication.
Case 2. SSH2 server and OpenSSH client
Note that RSA2 is not working on ISI's SSH2 servers at the the time the guide is written. DSA works fine, so you should generate a DSA key pair with the ssh-keygen on your OpenSSH client machine. By default, the public key is stored at ~/.ssh/id_dsa.pub.
Run the OpenSSH version of ssh-keygen on the OpenSSH client machine to convert the OpenSSH public key into the format needed by SSH2:?
ssh-keygen -e -f ~/.ssh/id_dsa.pub > ~/.ssh/dsa_ssh2.pub
Copy this SSH2 public key to your .ssh2 directory on the SSH2 server:
scp ~/.ssh/dsa_ssh2.pub server:.ssh2/dsa_ssh2.pub
If you can't copy the public key because the password authentication is disabled, you can email it to the system administrator and ask him/her to do the following for you (~/ is your home directory).
Add this new pub key to the authorization on the server:
echo Key dsa_ssh2.pub >> ~/.ssh2/authorization
Once this is done, the temporary .pub file you created on the OpenSSH client is no longer needed so you can remove it. DO NOT remove the .pub file you just copied to the SSH2 server.
Now your OpenSSH client should be able to connect to the SSH2 server with the DSA public key authentication
-----Original Message-----
From: Steve McKay <steve.mckay@xxxxxxxxxxx>
To: midrange-l@xxxxxxxxxxxx
Sent: Wed, 12 Mar 2008 11:11 am
Subject: SFTP
Once again, we're attempting to use SFTP (yes, the one in SSH) to connect to
a business partner's server. I've done the ssh-keyscan and have gotten
their public key (I think) and have done ssh-keygen and created my
private/public keys (I think). Do they have to install my public key on
their server?
When I 'call qp2term' and enter 'sftp myuserid@xxxxxxxxxxxxxxx', I get the
following response:
Connecting to ftp.theirserver.com...
Permission denied, please try again.
Permission denied, please try again.
Permission denied (publickey,gssapi-with-mic,password).
Connection closed
I presume that I'm connected but don't have access to something on their
end. Are the 3 'permission denied' messages a result of a 'retry' or do I
not have access to 3 things or what?
The business partner knows less about SFTP than I do (if that's possible),
so they're no help.
Thanks,
Steve
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
