06-24-2012 01:28 AM
I'm trying to transfer file from RedHat Enterprise 5.6 to OpenVMS via SCP, but I got the following error message:
redhat_host$ scp gclog.txt email@example.com: This is SM11MV, Unauthorized Access Prohibited. scp1 compatibility mode is not supported.
I posted on OpenVMS forum because that error is forwarded by OpenVMS. The error is quite clear, means that SSH server dorsn't accept scp1 protocol. Since I cannot upgrade TCP Stack or install new software, is there any thing I can do (like change some settings on OpenVMS?
Is there any other methods to exchange file from RedHat to OpenVMS? (except the FTP protocol)....
This is some info from the machines:
redhat_host$ cat /etc/redhat-release Red Hat Enterprise Linux Server release 5.4 (Tikanga) OV:USER> TCPIP SHOW VERSION HP TCP/IP Services for OpenVMS Industry Standard 64 Version V5.6 - ECO 4 on an HP rx3600 (1.59GHz/9.0MB) running OpenVMS V8.3-1H
06-24-2012 07:50 AM
Honestly i did the search but I didn't found any solution. In one post there was some people speaking about install scp1 on OpenVMS, but I don't know how to do that, plus, as specified, I cannot install anything since the machines are in traffic and cannot be stopped. Maybe intalling scp1 is quite easy and don't need downtime, but I don't find any documentation about it!!!
BTW, the problem with native FTP is the fact that, if one of the destination server are down (eg for maintenance) I cannot setup any timeout on connection. This means the script hangs for a long time untill it reach the connection timeout (I have to do 6/8 tranfer operations). Is this also for SFTP?
06-24-2012 09:38 PM
scp1 uses the SSHv1 protocol which is old and insecure.
Most TCP/IP stacks implement SSHv2 which is more secure; and in many cases, SSHv1 is disabled by default.
So on your Linux host, try using scp2 instead.
If you can't do that, you might be able to enable SSHv2 on the OpenVMS side by editing the file SYS$SYSDEVICE:[TCPIP$SSH.SSH2]SSHD2_CONFIG. and uncomment the line which reads
# Ssh1Compatibility no
There may be more steps required. I always use scp2.
06-25-2012 08:42 AM
The difference between scp1 and scp2 has nothing to do with the difference between SSHv1 and SSHv2. The former refer to different file transfer protocols; the latter to different versions of an encryption protocol. Basically scp1 (or just plain scp) refers to rcp over an encrypted connection, whereas scp2 is an scp-like interface doing sftp under the hood. Any modern implementation of ssh (except VMS, assuming that counts) will do scp1 over SSHv2. The TCP/IP Services ssh server will only talk scp2, not scp1.
You need to supply either the missing scp1 server side component, most easily done by using some TCP/IP stack other than the HP-supplied one, or supply the missing scp2 client-side component, most easily done by building PuTTY from source and installing pscp. I've done the latter on OS X and I can't think of any reason it wouldn't work on Linux. PuTTY also supplies a pscp for Windows.
The PuTTY sources are available at <http://the.earth.li/~sgtatham/putty/latest/>.
I'm not aware of a non-commercial scp2 client other than pscp, but if someone knows of other options, do speak up. I believe there are commercial scp2 clients available from the folks at <http://www.ssh.com/>, but I have no direct experience with them.
06-25-2012 10:55 AM
# Ssh1Compatibility no
is in the configuration file, but TCPIP services do not have the code to support ssh1. I had the discussion with HP's support a good while back and ssh1 support was considered "outdated and unsecure."
06-25-2012 11:45 PM
Thanks all for feedback... Based on your information, I tried to forcethe SCP protocol to V2 as also the man scp said:
-2 Forces scp to use protocol 2.
But the result is always the same:
redhat_host$ scp -2 gclog.txt firstname.lastname@example.org: This is SM11MV, Unauthorized Access Prohibited. scp1 compatibility mode is not supported.
Maybe the problem is on OpenSSH on RedHat...
06-26-2012 05:10 AM
The scp man page doesn't tell you this, but what it says about -2 refers to the SSH protocol version, not the file transfer protocol. By giving it -2, you're telling it to do something it was probably going to do anyway, but you can't tell it to use a different file transfer protocol that it doesn't know how to do.
The problem, as I already explained, is that the OpenSSH scp client speaks only scp1, but the TCP/IP Services scp server speaks only scp2. You must substitute either a different client or a different server in order to get a successful combination.
If you don't want to install PuTTY from source on the client side as I suggested, it looks like there are RPM packages. And if it wasn't obvious from what I said before, the pscp client included in it has the same interface as scp, but knows how to talk to an scp2-only server.
06-26-2012 11:29 AM
Richard Brodie_1 wrote:
Am I missing something, or would not just using sftp instead of scp be the easiest thing to do?
That works fine unless you really need a one-liner to include in a script. I suppose it's possible to script sftp, but it's messier than using scp. At the opposite extreme, if you really want something scriptable, Kermit over SSH is an option.
06-26-2012 02:10 PM
Correct, with scp I can make oneline code, otherwise there's no difference between sftp and ftp... Both requires multiple code lines.
I can install software on client side (Red Hat enterprise), but I cannot find anything related to SCP2, could someone point me to the right rpm?
06-26-2012 03:34 PM
I cannot find anything related to SCP2, could someone point me to the right rpm?
You mean like pscp in PuTTY, which I've already told you (twice) is exactly what you need? I know very little about Red Hat packages, but putting "rpm putty" in the search box of a web browser seems to turn up some things.
06-27-2012 12:11 AM
You're absolutely right Craig, I had some problems during putty installation, so I left it and search for another solution. Now, after solving installation issue, I was able to use pscp, and FINALLY I was able to transfer files from Red Hat to OpenVMS without issues and using protocol V2.