Compatibilty between SSH Tectia Server 4.4.2 and OpenSSH_3.8.1p1 (489 Views)
Reply
Occasional Visitor
charu_1
Posts: 3
Registered: ‎09-08-2006
Message 1 of 2 (489 Views)

Compatibilty between SSH Tectia Server 4.4.2 and OpenSSH_3.8.1p1

Hi All
I have SSH Tectia Server 4.4.2 installed and working on one HPUX server .
Secondly, I'm havinf a WIn2K3 server having OpenSSH_3.8.1p1 installed working fine.
I want to transfer file from HPUX(ssh-tectia) to win2K3 (openSSH) thru scp thru public key without prompting for any password.

1. I generated a 1024 bit dsa key without
passphrase on HPUX(ssh-tectia)
# ssh-keygen -b 1024 -t dsa
and copied the id_dsa_1024_a.pub file to windows server.

2. then on windows server I did
# ssh-keygen -i -f id_dsa_1024_a.pub >
id_dsa_1024_a_OSSH.pub

# cat id_dsa_1024_a_OSSH.pub >>
authorized_keys2

But even after this while doing
# ssh user@win2K3

it asks password to login.

while doing scp -B it returns following error

[ warning: Authentication failed.
Disconnected (remote); protocol error (Too many authentication failures for neth).
Disconnect reason 2, exit code = 66scp: warning: ssh2 client failed to authenticate. (or yo u have too old ssh2 installed, check with ssh2 -V)]

while doing debugging from HPUX(ssh-tectia)it gives following error:

debug: server offers auth methods 'publickey,password,keyboard-interactive'.
debug: Ssh2AuthPubKeyClient/authc-pubkey.c:1851: Starting pubkey auth...
debug: Ssh2AuthPubKeyClient/authc-pubkey.c:1807: Agent is not running.
debug: Ssh2AuthPubKeyClient/authc-pubkey.c:1598: Got 0 keys from the agent.
debug: Ssh2AuthPubKeyClient/authc-pubkey.c:1375: Trying to add external certificate, key count = 0.
debug: SshUserFiles/sshuserfiles.c:584: Using '/home/neth/.ssh2/identification' as identity file.
debug: SshConfigParse/sshconfig_parse.c:158: Unable to open /home/neth/.ssh2/identification
debug: Ssh2AuthPubKeyClient/authc-pubkey.c:1575: Trying 0 key candidates.
debug: Ssh2AuthPubKeyClient/authc-pubkey.c:896: All keys declined by server, disabling method.
debug: SshProtoAuthClient/sshauthc.c:317: Method 'publickey' disabled.

while doing debugging from win2K3 side this error comes :

OpenSSH_3.8.1p1, OpenSSL 0.9.7d 17 Mar 2004
debug1: Reading configuration data /etc/ssh_config
debug1: Connecting to sngcon01 [135.160.20.14] port 22.
debug1: Connection established.
debug1: identity file /home/neth/.ssh/identity type -1
debug1: identity file /home/neth/.ssh/id_rsa type -1
debug1: identity file /home/neth/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version 4.4.2.3 SSH Secure Shell
debug1: no match: 4.4.2.3 SSH Secure Shell
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.8.1p1
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-cbc hmac-md5 none
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
The authenticity of host 'sngcon01 (135.160.20.14)' can't be established.
DSA key fingerprint is 22:26:b3:05:d9:2d:58:42:a6:c2:98:be:fe:49:5f:15.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'sngcon01,135.160.20.14' (DSA) to the list of known hosts.
debug1: ssh_dss_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
Read from socket failed: Connection aborted

Could any one help in this matter.

Please use plain text.
Honored Contributor
Doug O'Leary
Posts: 812
Registered: ‎05-25-2005
Message 2 of 2 (489 Views)

Re: Compatibilty between SSH Tectia Server 4.4.2 and OpenSSH_3.8.1p1

Hey;

I'm not familiar with the ssh s/w you installed on the hp server. It *may* be an official ssh version 2 implementation. If it is, the keys are incompatible between the two w/o some preprocessing.

On the HP system, "cat id_dsa_1024_a.pub". If the key looks something like:

---- BEGIN SSH2 PUBLIC KEY ----
Comment: "1024-bit DSA, converted from OpenSSH by root@gsumonitor.govst.edu"
AAAAB3NzaC1kc3MAAACBAJaQsBA5ZnXZyFeHFRdh6Ksa6llW5Gcv+C24UfV3g12Pjb+r1u
N37NIFuHRPbi8bXlD3c6MQ8zPQB1+NRGmCrJ9N8LcDnzgQoKo6+anrbrGoPxJPL86QR9I6
bdGitzj5cECLMT14gsMVxDzWwtXMkai8yCRElgo2Gw8iBuXmn0ErAAAAFQD4vEF+MI+lsF
UlsR/Jg+CabcdqwerXcPct0pS2RboFQ4m4sEWVMF8PjVbk+uxWNkWp9WLSld1wt
RLjHpkn9ksh9D9tn6qqUdHaRTfk2w/08ARlG//Psg2xwoT2ueNCjMpCG1P+sEvyENZ70Rg
La+NSPS0oCwj3vbxwNmpVcRkhmL4qhUbylGSQ+/gbOxKgOpaK7MAAAAIBzJbRgaZ7f/JII
nkhHk7tEiqIWCVq/RUo1qz0Y9ldI8W3scvrm7AHnZUj6h95ufeVuUqrt2n0EHpRNv2rlI2
mqERPVgotoBuXWIoc7+AbRW29QBg+EaKuZh02EeP/cXCHsYmT8WN6322K6Zwonb72aIgf8
VwrY2oRwlCBUqty0Jg==
---- END SSH2 PUBLIC KEY ----

you'll need to convert the tectia public keys from ssh v2 format to openssh so they can be used on the windows box and then convert the openssh public keys to ssh v2 format. Use the openssh version of ssh-keygen to do this conversion:

### ssh v2 -> openssh format - import:
ssh-keygen -i -f ${ssh_v2_key} > ${openssh_format_key}

### openssh -> ssh v2 format - export:
ssh-keygen -e -f ${openssh_format} > ${ssh_v2_key}

Assuming, this is the issue, if you're planning on going from the windows box to the HP box, realize the set up of ssh v2 keys is very different than it is on openssh. You'll have to read the documentation that came with the tectia s/w as it's been *years* since I played w/ssh v2 compliant keys. I can probably find the procedures I wrote, if necessary though. Let me know if you want to try.

So, long winded reply. Summary: First thing verify the format of the tectia keys by cat'ing them out. If they're ssh v2, they need to be converted to openssh format. If they're not ssh v2 format, then I'm on the wrong track.

HTH;

Doug

------
Senior UNIX Admin
O'Leary Computers Inc
linkedin: http://www.linkedin.com/dkoleary
Resume: http://www.olearycomputers.com/resume.html
Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation