× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. June 2024

Re: SFTP Client on AS400 V5R4 Help

Here's the somewhat simplified mechanics of it to help you understand it better.

After the SSH client connects to the server (sftp sits on top of ssh) the following happens:

There's a welcome-banner and product-name/version exchange. Then the key exchange starts - the key here is the key for the session - nothing to do with authentication. The server puts together a preferred-ordered list of the algorithms it supports for encryption, hmac, hostkey and kex and sends this to the client. The client prepares a similar list and sends it to the server. The best matching algorithms are then chosen. The ssh configuration file can be used to order and set the server and client preferred algorithms.

Once all that is agreed, the server sends the client a signed copy of its ssh key. The client verifies the signature and does a known hosts lookup.

The server then sends the client a list of all supported authentication methods (public-key, password) and the client picks one or more and sends the appropriate info.

In your case the client proposes these mac algorithms:

hmac-md5, hmac-shal, umac-64@openssh. com, hmac-rip emd160,hmac-ripemd160@openssh. com, hmac-sha1-96, hmac-md5-96

The server supports these:

hmac-sha2-2 56,hmac-sha2-512, hmac-sha2-256-etm@openssh. com, hmac-sha2-512-etm@xxxxxxxxxxx


On 6/26/2024 1:59 AM, aidan2474--- via MIDRANGE-L wrote:
Hi Bryan /Stefan,
Thanks for the Expect, I am aware of that and was hoping not to have to install it, but its looking like that might be the only saving grace at this point.
Yes it is and I can connect using the Filezilla App with only the user/password.
I believe the user/password fails on the MAC first and never gets to use the User/Password. Which brings me to the main question about this entire situation:
If IBM (or SSH) gives you the ability to use user and password, then HOW does the known hosts file get created first without needing the public/private key working?

That IBM USER/PASSWORD doc is what I have used previously and was hoping would work for this pickle, but looking at the last assumption in the doc tells me I need to be able to have a matching MAC to be able to use User/Password, as it is also used in the known host file. From what I can remember over the years, I have only ever done the User/Password scenario after already establishing a connection with the Public/private key.
- The SFTP server's public host key is stored in the known_hosts file in the batch SFTP user's .ssh directory.


message: 4
date: Tue, 25 Jun 2024 13:52:24 +0200
from: <stefan@xxxxxxxxxx>
subject: RE: SFTP Client on AS400 V5R4 Help

Hi Frank,
1. Is the server configured to allow access using user/password?
If you run the sftp client command with the -vv or -vvv ( very verbose, or very very verbose keyword) I think you should be able to see if the server allows user/password.
2. You should also be able to see if the mac negotiation is done ahead of the access type negotiation. If so -I'll guess you are in trouble.

Best regards

Stefan


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.