× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. October 2018

Re: Sftp password auth

sorry if i'm beating a dead horse here, but I just cannot understand why
the below script works when sftp'ing to an iSeries but when I attempt it to
a non-iSereie sftp it fails...

#!/usr/local/bin/expect -f
set timeout 20
spawn sftp -vvv -o PreferredAuthentications=password -oport=22
$env(SSH_USER)@10.175.96.213
expect {
default {exit 2}
"continue connecting (yes/no)?" {send "yes\n"; exp_continue}
"assword:" {send "$env(SSH_PASS) \n"; exp_continue}
"sftp>"
}
send "lcd /lsams/outbound/pmi/mgic\n"
expect "sftp>"
send "cd /inbound/pay\n"
...

log...

"********************************************************************************"
"**** Start SFTP Log For PMI2000-T/0 on 2018-10-04-09.38.33.708000"
"********************************************************************************"
"spawn sftp -vvv -o PreferredAuthentications=password -oport=22
ldtesting@10.175.96.213
"
"OpenSSH_6.9p1"
"debug1: Reading configuration data
/QOpenSys/QIBM/ProdData/SC1/OpenSSH/etc/ssh_config
"
"debug2: ssh_connect: needpriv 0
"
"debug1: Connecting to 10.175.96.213 [10.175.96.213] port 22.
"
"debug1: Connection established.
"
"debug1: identity file /home/lsamsso/.ssh/id_rsa type 1
"
"debug1: key_load_public: No such file or directory
"
"debug1: identity file /home/lsamsso/.ssh/id_rsa-cert type -1
"
"debug1: key_load_public: No such file or directory
"
"debug1: identity file /home/lsamsso/.ssh/id_dsa type -1
"
"debug1: key_load_public: No such file or directory
"
"debug1: identity file /home/lsamsso/.ssh/id_dsa-cert type -1
"
"debug1: key_load_public: No such file or directory
"
"debug1: identity file /home/lsamsso/.ssh/id_ecdsa type -1
"
"debug1: key_load_public: No such file or directory
"
"debug1: identity file /home/lsamsso/.ssh/id_ecdsa-cert type -1
"
"debug1: key_load_public: No such file or directory
"
"debug1: identity file /home/lsamsso/.ssh/id_ed25519 type -1
"
"debug1: key_load_public: No such file or directory
"
"debug1: identity file /home/lsamsso/.ssh/id_ed25519-cert type -1
"
"debug1: Enabling compatibility mode for protocol 2.0
"
"debug1: Local version string SSH-2.0-OpenSSH_6.9
"
"debug1: Remote protocol version 2.0"
"debug1: no match: Syncplify_Me_Server
"
"debug2: fd 3 setting O_NONBLOCK
"
"debug1: Authenticating to 10.175.96.213:22 as 'ldtesting'
"
"debug3: hostkeys_foreach: reading file ""/home/lsamsso/.ssh/known_hosts""
"
"debug3: record_hostkey: found key type ECDSA in file
/home/lsamsso/.ssh/known_hosts:1
"
"debug3: load_hostkeys: loaded 1 keys from 10.175.96.213
"
"debug3: order_hostkeyalgs: prefer hostkeyalgs:
ecdsa-sha2-nistp256-cert-v01@xxxxxxxxxxx"
"debug1: SSH2_MSG_KEXINIT sent
"
"debug1: SSH2_MSG_KEXINIT received
"
"debug2: kex_parse_kexinit: curve25519-sha256@xxxxxxxxxx"
"debug2: kex_parse_kexinit: ecdsa-sha2-nistp256-cert-v01@xxxxxxxxxxx"
"debug2: kex_parse_kexinit: chacha20-poly1305@xxxxxxxxxxx"
"debug2: kex_parse_kexinit: chacha20-poly1305@xxxxxxxxxxx"
"debug2: kex_parse_kexinit: umac-64-etm@xxxxxxxxxxx"
"debug2: kex_parse_kexinit: umac-64-etm@xxxxxxxxxxx"
"debug2: kex_parse_kexinit: none"
"debug2: kex_parse_kexinit: none"
"debug2: kex_parse_kexinit:
"
"debug2: kex_parse_kexinit:
"
"debug2: kex_parse_kexinit: first_kex_follows 0
"
"debug2: kex_parse_kexinit: reserved 0
"
"debug2: kex_parse_kexinit: diffie-hellman-group14-sha1"
"debug2: kex_parse_kexinit: ssh-rsa"
"debug2: kex_parse_kexinit: blowfish-cbc"
"debug2: kex_parse_kexinit: blowfish-cbc"
"debug2: kex_parse_kexinit: hmac-sha1"
"debug2: kex_parse_kexinit: hmac-sha1"
"debug2: kex_parse_kexinit: none"
"debug2: kex_parse_kexinit: none"
"debug2: kex_parse_kexinit:
"
"debug2: kex_parse_kexinit:
"
"debug2: kex_parse_kexinit: first_kex_follows 0
"
"debug2: kex_parse_kexinit: reserved 0
"
"debug1: kex: server->client chacha20-poly1305@xxxxxxxxxxx <implicit> none
"
"debug1: kex: client->server chacha20-poly1305@xxxxxxxxxxx <implicit> none
"
"debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
"
"debug1: Server host key: ecdsa-sha2-nistp521
SHA256:hUYga+opCloDCRt3KSV2yKTOmpyUzajsKnP59aY/kj0
"
"debug3: hostkeys_foreach: reading file ""/home/lsamsso/.ssh/known_hosts""
"
"debug3: record_hostkey: found key type ECDSA in file
/home/lsamsso/.ssh/known_hosts:1
"
"debug3: load_hostkeys: loaded 1 keys from 10.175.96.213
"
"debug1: Host '10.175.96.213' is known and matches the ECDSA host key.
"
"debug1: Found key in /home/lsamsso/.ssh/known_hosts:1
"
"debug2: set_newkeys: mode 1
"
"debug1: SSH2_MSG_NEWKEYS sent
"
"debug1: expecting SSH2_MSG_NEWKEYS
"
"debug2: set_newkeys: mode 0
"
"debug1: SSH2_MSG_NEWKEYS received
"
"debug1: SSH2_MSG_SERVICE_REQUEST sent
"
"debug2: service_accept: ssh-userauth
"
"debug1: SSH2_MSG_SERVICE_ACCEPT received
"
"debug2: key: /home/lsamsso/.ssh/id_rsa (2002c790)"
"debug2: key: /home/lsamsso/.ssh/id_dsa (0)"
"debug2: key: /home/lsamsso/.ssh/id_ecdsa (0)"
"debug2: key: /home/lsamsso/.ssh/id_ed25519 (0)"
"debug1: Authentications that can continue: password"
"debug3: start over"
"debug3: preferred password
"
"debug3: authmethod_lookup password
"
"debug3: remaining preferred:
"
"debug3: authmethod_is_enabled password
"
"debug1: Next authentication method: password
"
"ldtesting@10.175.96.213's password:"
"debug2: we sent a password packet"
"Connection closed by 10.175.96.213
"
"Connection closed
"

On Wed, Oct 3, 2018 at 12:28 PM Kevin Adler <kadler@xxxxxxxxxx> wrote:

> the non-iseries sends a "keyboard-interactive packet" and the iseries
sends
> a "password packet"...
>
> what are the difference in these two?

[1]https://superuser.com/a/894625

In the default configuration, not much. However, keyboard-interactive
can
be set up to use PAM (though not on IBM i) and you can set all sorts of
fancy authentication methods: Kerberos, 2FA, etc... In the default
configuration, they both do plain password auth.

You can always specify which authentication methods you want to use from
the client with the -oPreferredAuthentications=keyboard-interactive
argument to sftp.

One thing I've run in to in the past is differences in capitalization
and
formatting of the prompts across different servers and operating
systems.
Is it a matter of your script expecting

"password: "

and getting instead

"Password: "


References

Visible links
1. https://superuser.com/a/894625
--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: https://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at https://archive.midrange.com/midrange-l.

Please contact support@xxxxxxxxxxxx for any subscription related
questions.

Help support midrange.com by shopping at amazon.com with our affiliate
link: http://amzn.to/2dEadiD


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.