Re: sftp problems

["Michael Ryan" <michaelrtr@xxxxxxxxx>]

Yeah...you have to change permissions for the files and directories.
Check out this document:

Document Number: 386077821
Functional Area: Communications-TCP
Subfunctional Area: Security
Sub-Subfunctional Area: OpenSSH
OS/400 Release: V5R3M0
Product: PORTABLE UTILITIES FOR I5/OS (5733SC101)
Product Release: N/A

I'm sending you the email I got from IBM that contains this document.

On Fri, Apr 18, 2008 at 8:59 AM, Jon S <rvrratjon@xxxxxxxxxxx> wrote:
>  It is a unix box running ssh2. I just copied the
>  ssh_host_rsa_key.pub file from the Qopensys... Directory to my ~/.ssh directory and ran
>  ssh-keygen -e -f /home/gla/.ssh/ssh_host_rsa_key.pub > /home/gla/.ssh/ssh
>  _host_rsa_key.pub
>  and got a bunch of errors starting with
>
>  WARNING: UNPROTECTED PRIVATE KEY FILE!
>  Permissions 0644 for '/home/gla/.ssh/ssh_host_rsa_key.pub' are too open.
>  It is recommended that your private key files are NOT accessible by others.
>  This private key will be ignored.
>  bad permissions: ignore key: /home/gla/.ssh/ssh_host_rsa_key.pub
>
>  It looks like it thinks that my public key  file is a private key. Any ideas?> Date: Fri, 18 Apr 2008 08:37:27 -0400> From: michaelrtr@xxxxxxxxx> To: midrange-l@xxxxxxxxxxxx> Subject: Re: sftp problems> > Is it a Unix box running SSH2? Check this> out...http://archive.midrange.com/midrange-l/200711/msg01240.html> > On Fri, Apr 18, 2008 at 8:33 AM, Jon S <rvrratjon@xxxxxxxxxxx> wrote:> >> > I am trying to get sftp up and running for a customer that needs to connect to a vendor. I have gone through all of the setup on the i and have verified that the vendor has loaded my public key on their host but I am still unable to connect. Below is the debug information that i am getting from -vvv, I just don't know what it's telling me. Any help would be appreciated.> >> > Thanks, Jon> >> > OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL 0.9.7d 17 Mar 2004debug1: Reading configuration data /QOpenSys/QIBM/ProdData/SC1/OpenSSH/openssh-3.5p1/etc/ssh_configdebug3: Seeding PRNG from /QOpenSys/Q
>   IBM/ProdData/SC1/OpenSSH/openssh-3.5p1/libexec/ssh-rand-helperdebug1: Rhosts Authentication disabled, originating port will not be trusted.debug1: ssh_connect: needpriv 0debug1: Connecting to connect2.thehost.com [xxx.xxx.xxx.xxx] port 10022.debug1: Connection established.debug1: identity file /home/GLA/.ssh/id_rsa type -1debug1: identity file /home/GLA/.ssh/id_dsa type -1 debug1: Remote protocol version 2.0, remote software version Connect:Enterprise_UNIX_2.4.02 debug1: no match: Connect:Enterprise_UNIX_2.4.02 debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.5p1 debug3: RNG is ready, skipping seeding debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,d> iff> > ie-hellman- group1-sha1 debug2: kex_parse_kexinit: ssh-rsa,ssh-dss debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfo ur,aes192-cbc,aes256-cbc,rijndael-cbc@xxxxxxxxxx
>   u.se debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc,rijndael-cbc@xxxxxxxxxxxxxxxxxxxx: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@xxxxxxxxxxx,hmac-sha1-96,hmac-md5-96debug2: kex_parse_kexinit: none,zlibdebug2: kex_parse_kexinit: none,zlibdebug2: kex_parse_kexinit:debug2: kex_parse_kexinit:debug2: kex_parse_kexinit: first_kex_follows 0debug2: kex_parse_kexinit: reserved 0debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-group1-sha1debug2: kex_parse_kexinit: ssh-rsadebug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbcdebug> 2:> > kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbcdebug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96debug2: ke
>   x_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-sha1-96,hmac-md5-96debug2: kex_parse_kexinit: none,zlibdebug2: kex_parse_kexinit: none,zlibdebug2: kex_parse_kexinit:debug2: kex_parse_kexinit:debug2: kex_parse_kexinit: first_kex_follows 0debug2: kex_parse_kexinit: reserved 0debug2: mac_init: found hmac-md5debug1: kex: server->client aes128-cbc hmac-md5 nonedebug2: mac_init: found hmac-md5debug1: kex: client->server aes128-cbc hmac-md5 nonedebug1: SSH2_MSG_KEX_DH_GEX_REQUEST sentdebug1: expecting SSH2_MSG_KEX_DH_GEX_GROUPdebug1: dh_gen_key: priv key bits set: 128/256debug1: bits set: 1595/3191debug1: SSH2_MSG_KEX_DH_GEX_INIT sentdebug1: expecting SSH2_MSG_KEX_DH_GEX_REPLYdebug3: check_host_in_hostfile: filename /home/GLA/.ssh/known_hostsdebug3: check_host_in_hostfile: filename /QOp> enS> > ys/QIBM/ProdData/SC1/OpenSSH/openssh-3.5p1/etc/ssh_known_hostsdebug3: check_host_in_hostfile: filename /home/GLA/.ssh/known_hostsdebug3: check_host_in_hostfile: filename /QOpenSys/QI
>   BM/ProdData/SC1/OpenSSH/openssh-3.5p1/etc/ssh_known_hostsdebug3: check_host_in_hostfile: filename /home/GLA/.ssh/known_hostsdebug3: check_host_in_hostfile: filename /QOpenSys/QIBM/ProdData/SC1/OpenSSH/openssh-3.5p1/etc/ssh_known_hostsdebug2: no key of type 0 for host connect2.intrado.comdebug3: check_host_in_hostfile: filename /home/GLA/.ssh/known_hosts2debug3: check_host_in_hostfile: filename /QOpenSys/QIBM/ProdData/SC1/OpenSSH/openssh-3.5p1/etc/ssh_known_hosts2debug3: check_host_in_hostfile: filename /home/GLA/.ssh/known_hostsdebug3: check_host_in_hostfile: filename /QOpenSys/QIBM/ProdData/SC1/OpenSSH/openssh-3.5p1/etc/ssh_known_hostsdebug2: no key of type 2 for host connect2.intrado.comdebug2: readpassphrase: not a 5250 return ENOTTYHost key verification failed.debug1: Calling cleanup 0x200> 13a> > 74(0x0)> >> >> >> >> >> >> >> >> >> >> >> >> >> >> > _________________________________________________________________> > More immediate than e-mail? Get instant access with Wi
>   ndows Live Messenger.> > http://www.windowslive.com/messenger/overview.html?ocid=TXT_TAGLM_WL_Refresh_instantaccess_042008> > --> > This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list> > To post a message email: MIDRANGE-L@xxxxxxxxxxxx> > To subscribe, unsubscribe, or change list options,> > visit: http://lists.midrange.com/mailman/listinfo/midrange-l> > or email: MIDRANGE-L-request@xxxxxxxxxxxx> > Before posting, please take a moment to review the archives> > at http://archive.midrange.com/midrange-l.> >> >> -- > This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list> To post a message email: MIDRANGE-L@xxxxxxxxxxxx> To subscribe, unsubscribe, or change list options,> visit: http://lists.midrange.com/mailman/listinfo/midrange-l> or email: MIDRANGE-L-request@xxxxxxxxxxxx> Before posting, please take a moment to review the archives> at http://archive.midrange.com/midrange-l.>
>  _________________________________________________________________
>  Get in touch in an instant. Get Windows Live Messenger now.
>  http://www.windowslive.com/messenger/overview.html?ocid=TXT_TAGLM_WL_Refresh_getintouch_042008
>
>
> --
>  This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
>  To post a message email: MIDRANGE-L@xxxxxxxxxxxx
>  To subscribe, unsubscribe, or change list options,
>  visit: http://lists.midrange.com/mailman/listinfo/midrange-l
>  or email: MIDRANGE-L-request@xxxxxxxxxxxx
>  Before posting, please take a moment to review the archives
>  at http://archive.midrange.com/midrange-l.