× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. April 2018

Re: iSeries SSH config for SFTP

i do see this if i run the same login command with -vvv for extended
output...

debug1: Connection established.
debug1: identity file /home/lsamsso/.ssh/identity type -1
debug1: identity file /home/lsamsso/.ssh/id_rsa type -1
debug3: Not a RSA1 key file /home/lsamsso/.ssh/id_dsa.
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: missing keytype


what does this tell me?

I have also tried setting up the RSA key with same results.

On Wed, Apr 18, 2018 at 8:46 AM, Jay Vaughn <jeffersonvaughn@xxxxxxxxx>
wrote:

ok,,, here are where things go wrong...

Under number 7 of this link... https://www-01.ibm.
com/support/docview.wss?uid=nas8N1012710

It says, " If Public-key authentication is successful, you will not be
prompted for a password."


If this is the first time you have connected to the remote host using SSH,
you will receive a message similar to the one below:

*The authenticity of host 'somehost (x.x.x.x)' can't be established.*

*. key fingerprint is RSA.
*
*Are you sure you want to continue connecting (yes/no)? *


Type *yes* and press the Enter key to add the server's public host key
into the known_hosts file in the .ssh folder in the user's home directory.
If Public-key authentication is successful, you will not be prompted for a
password.

and here is my logon attempt... (where it does ask for a password and the
public key auth apparently failed)...


ssh -T user@xxxxxxx

The authenticity of host 'xxxxxx (xx.xxx.x.xx)' can't be established.

RSA key fingerprint is 05:c8:e8:f3:e------------------------1:a5:45:be.

Are you sure you want to continue connecting (yes/no)?

yes

Warning: Permanently added 'xxxxxxx,xx.xxx.x.xx' (RSA) to the list of
known h
osts.

user@xxxxxxx's password:

I'm using another iSeries lpar as the sftp server for testing
Up until this point i followed all the instructions exactly and checked
the contents of the home/user folder for the id_dsa.pub key, which matched
the servers authorized_keys entry with the same key value.



why is it asking for a password?

On Wed, Apr 18, 2018 at 8:34 AM, Kevin Bucknum <Kevin@xxxxxxxxxxxxxxxxxxx>
wrote:

Post the entire output of ssh -vv use@host




Kevin Bucknum
Senior Programmer Analyst
MEDDATA/MEDTRON
Tel: 985-893-2550

-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On Behalf
Of Jay Vaughn
Sent: Wednesday, April 18, 2018 7:26 AM
To: Midrange Systems Technical Discussion
Subject: Re: iSeries SSH config for SFTP

thanks Paul, i have been bouncing back and forth between the link you
provided and Scott Klements tutorial.

On Tue, Apr 17, 2018 at 10:04 PM, Steinmetz, Paul
<PSteinmetz@xxxxxxxxxx>
wrote:

Jay,

Below is the link that I use for all my SSH configs for SFTP.


https://www-01.ibm.com/support/docview.wss?uid=nas8N1012710

Paul


-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On
Behalf Of
Jay Vaughn
Sent: Tuesday, April 17, 2018 9:58 PM
To: Midrange Systems Technical Discussion
Subject: Re: iSeries SSH config for SFTP

Jack. I did not come across that in my readings. I will look into
that
first thing in the morning. THANK YOU.

Sent from my iPhone

On Apr 17, 2018, at 9:31 PM, Jack Woehr
<jwoehr@xxxxxxxxxxxxxxxxxxxxxxxx>
wrote:

Did anyone mention that the .ssh directory of the user account on
the target machine must be rwx------ (not publicly readable or
executable any
way) for public key validation to proceed?

On Tue, Apr 17, 2018 at 6:46 PM, Jay Vaughn
<jeffersonvaughn@xxxxxxxxx>
wrote:

Kevin. Haha. That's a good question. Ummm because I'm following
an
example
from a Scott klement tutorial. (Must be obsolete)

So I remove the -1 and no longer get the version msg. But I am
still having an issue with the server accepting the public key at
sign on.

Will create a new thread on this tomorrow.

Jay

Sent from my iPhone

On Apr 17, 2018, at 10:44 AM, Kevin Bucknum
<Kevin@xxxxxxxxxxxxxxxxxxx

wrote:

Why are you trying to force protocol 1 with the -1 flag? SSH
version 1 hasn't been safe for quite a while yet. It looks like
the server piece has already disabled it, but you are trying to
force the client to use it.




Kevin Bucknum
Senior Programmer Analyst
MEDDATA/MEDTRON
Tel: 985-893-2550

-----Original Message-----
From: MIDRANGE-L [mailto:midrange-l-bounces@xxxxxxxxxxxx] On
Behalf Of Jay Vaughn
Sent: Tuesday, April 17, 2018 9:36 AM
To: Midrange Systems Technical Discussion
Subject: Re: iSeries SSH config for SFTP

ok the issue was i wasn't specifying the host correctly... so
now
I am
getting...
(so is the message "Protocol major versions differ: 1 vs. 2"
high
severity?
What is the solution?

ssh -1 -vvv lsamsso@xxxxxxxxxx

OpenSSH_4.7p1, OpenSSL 0.9.7d 17 Mar 2004

debug1: Reading configuration data
/QOpenSys/QIBM/ProdData/SC1/OpenSSH/openss
h-3.8.1p1//etc/ssh_config

debug3: RNG is ready, skipping seeding

debug2: ssh_connect: needpriv 0

debug1: Connecting to 10.110.4.99 [10.110.4.99] port 22.

debug1: Connection established.

debug1: identity file /home/lsamsso/.ssh/identity type -1

debug1: Remote protocol version 2.0, remote software version
OpenSSH_6.9

debug1: match: OpenSSH_6.9 pat OpenSSH*

Protocol major versions differ: 1 vs. 2

$





On Tue, Apr 17, 2018 at 10:34 AM, Jay Vaughn
<jeffersonvaughn@xxxxxxxxx>
wrote:

gotcha - thanks...

so what in the world am I missing?

on one lpar I have setup to be an SFTP server by...
QSYS/STRTCPSVR
SERVER(*SSHD)

on another lpar i am doing the following and cannot log on for
some reason...??
what is this telling me?

ssh -1 -vvv user xx.xxx.x.xx

OpenSSH_4.7p1, OpenSSL 0.9.7d 17 Mar 2004

debug1: Reading configuration data
/QOpenSys/QIBM/ProdData/SC1/
OpenSSH/openss h-3.8.1p1//etc/ssh_config

debug3: RNG is ready, skipping seeding

debug2: ssh_connect: needpriv 0

ssh: lsamsso: Hostname and service name not provided or found

$






On Tue, Apr 17, 2018 at 10:30 AM, Michael Ryan
<michaelrtr@xxxxxxxxx>
wrote:

They both are. id_rsa is your private key, id_rsa.pub is your
public key.

Sent from my iPhone

On Apr 17, 2018, at 10:28 AM, Jay Vaughn
<jeffersonvaughn@xxxxxxxxx>
wrote:

ok, we do in fact have the prerequisites loaded and in
place...

so which file is RSA2?

the id_rsa or the id_rsa.pub?

Jay

On Tue, Apr 17, 2018 at 9:40 AM, Jay Vaughn
<jeffersonvaughn@xxxxxxxxx>
wrote:

Thanks - Scott your PDF on this is priceless...

I went back over it and found the "prerequisites" section.

Seems as though we don't have everything necessary loaded -
so that is
the
first item of biz before I continue.

Jay

On Mon, Apr 16, 2018 at 5:44 PM, Scott Klement <
midrange-l@xxxxxxxxxxxxxxxx> wrote:

Jay,

The id_rsa/id_rsa.pub filenames are the default for RSA2.
So...
I suspect that it's quite correct that they aren't RSA1...
plus... it's 2018, and nobody should be using RSA1!

-SK



On 4/16/2018 12:44 PM, Jay Vaughn wrote:

so thought I had performed the setup steps correctly, but
producing
the
key
info to home/userprf/.ssh directory...

but when I run the simple sftp, there is an issue with
connecting...
(what does this mean? " debug3: Not a RSA1 key file
/home/lsamsso/.ssh/id_rsa."???

sftp -vvv user@xxxxxxxxxxx
Connecting to xx.xxx.x.xx...

OpenSSH_4.7p1, OpenSSL 0.9.7d 17 Mar 2004

debug1: Reading configuration data
/QOpenSys/QIBM/ProdData/SC1/OpenSSH/openss
h-3.8.1p1//etc/ssh_config

debug3: RNG is ready, skipping seeding

debug2: ssh_connect: needpriv 0

debug1: Connecting to xx.xxx.x.xx [xx.xxx.x.xx] port 22.

debug1: Connection established.
debug3: Not a RSA1 key file /home/user/.ssh/id_rsa.
debug2: key_type_from_name: unknown key type '-----
BEGIN'
debug3: key_read: missing keytype
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace
debug3: key_read: missing whitespace ...

Jay

--
This is the Midrange Systems Technical Discussion
(MIDRANGE-L) mailing list To post a message email:
MIDRANGE-L@xxxxxxxxxxxx
To
subscribe, unsubscribe, or change list options,
visit:
https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before
posting,
please
take a moment to review the archives at
https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription
related
questions.

Help support midrange.com by shopping at amazon.com with
our
affiliate
link: http://amzn.to/2dEadiD



--
This is the Midrange Systems Technical Discussion
(MIDRANGE-L)
mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx To
subscribe,
unsubscribe, or change list options,
visit:
https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting,
please take a moment to review the archives at
https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription
related
questions.

Help support midrange.com by shopping at amazon.com with our
affiliate
link: http://amzn.to/2dEadiD
--
This is the Midrange Systems Technical Discussion
(MIDRANGE-L)
mailing list To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting,
please
take
a moment to review the archives at
https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription
related questions.

Help support midrange.com by shopping at amazon.com with our
affiliate
link: http://amzn.to/2dEadiD



--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting,
please
take a moment to review the archives at
https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription
related
questions.

Help support midrange.com by shopping at amazon.com with our
affiliate
link: http://amzn.to/2dEadiD
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please
take a moment to review the archives at
https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our
affiliate
link: http://amzn.to/2dEadiD
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please
take a moment to review the archives at
https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our
affiliate
link: http://amzn.to/2dEadiD




--
Absolute Performance, Inc.
12303 Airport Way, Suite 100
Broomfield, CO 80021

NON-DISCLOSURE NOTICE: This communication including any and all
attachments is for the intended recipient(s) only and may contain
confidential and privileged information. If you are not the
intended recipient of this communication, any disclosure, copying
further distribution or use of this communication is prohibited.
If
you received this communication in error, please contact the
sender
and delete/destroy all copies of this communication immediately.
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please
take a moment to review the archives at
https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our
affiliate
link: http://amzn.to/2dEadiD
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please
take
a moment to review the archives at
https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our
affiliate
link: http://amzn.to/2dEadiD
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L)
mailing
list To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please
take
a moment to review the archives at
https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our
affiliate
link: http://amzn.to/2dEadiD

--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx To subscribe,
unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx Before posting, please take
a moment to review the archives at
https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD




As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.