Find the answer to your Linux question:
Results 1 to 5 of 5
Hi guys. I am having some problems. I have OpenSSH on my SUSE machine and I would like to use it for sftp. However SSH works correctly but not sftp. ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. 12-31-2008 #1
    sniper1694
    sniper1694 is offline
    Just Joined!
    Join Date
    Nov 2008
    Posts
    9

    ssh works but not sftp

    Hi guys. I am having some problems.
    I have OpenSSH on my SUSE machine and I would like to use it for sftp. However SSH works correctly but not sftp. I mean sftp works when you use a client like filezilla, but when you
    Code:
    sftp -vvv <user>@<ipaddress>
    it gives

    Code:
    $
sftp -vvv <user>@<ipaddress>
Connecting to <ipaddress>...
OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL 0.9.7d 17 Mar 2004
debug1: Reading configuration data
/QOpenSys/QIBM/ProdData/SC1/OpenSSH/openss
h-3.5p1/etc/ssh_config
debug3: Seeding PRNG from
/QOpenSys/QIBM/ProdData/SC1/OpenSSH/openssh-3.5p1/l
ibexec/ssh-rand-helper
debug1: Rhosts Authentication disabled, originating port will not be
trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to <ipaddress>[<ipaddress>] port 22.
debug1: Connection established.
debug1: identity file /home/SMMSO/.ssh/id_rsa type -1
debug3: Not a RSA1 key file /home/SMMSO/.ssh/id_
debug2: key_type_from_name: unknown key type '-----BEGIN'
debug3: key_read: no key found
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug3: key_read: no space
debug2: key_type_from_name: unknown key type '-----END'
debug3: key_read: no key found
debug1: identity file /home/SMMSO/.ssh/id_dsa type 2
debug1: Remote protocol version 2.0, remote software version WeOnlyDo
2.0.6  
debug1: no match: WeOnlyDo 2.0.6
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.5p1
debug3: RNG is ready, skipping seeding
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit:
diffie-hellman-group-exchange-sha1,diffie-hellman-
group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfo
ur,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se 
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfo             
ur,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se 
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@o
penssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit:
hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@o
penssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit:
diffie-hellman-group1-sha1,diffie-hellman-group14-
sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256
-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysato
r.liu 
.se
debug2: kex_parse_kexinit:
aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256
-cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysato
r.liu 
.se
debug2: kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5,none
debug2: kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5,none
debug2: kex_parse_kexinit: zlib,none
debug2: kex_parse_kexinit: zlib,none
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: dh_gen_key: priv key bits set: 127/256
debug1: bits set: 510/1024
debug1: sending SSH2_MSG_KEXDH_INIT
debug1: expecting SSH2_MSG_KEXDH_REPLY
debug3: check_host_in_hostfile: filename /home/SMMSO/.ssh/known_hosts
debug3: check_host_in_hostfile: filename
/QOpenSys/QIBM/ProdData/SC1/OpenSSH/
openssh-3.5p1/etc/ssh_known_hosts
debug3: check_host_in_hostfile: filename /home/SMMSO/.ssh/known_hosts
debug3: check_host_in_hostfile: filename
/QOpenSys/QIBM/ProdData/SC1/OpenSSH/
openssh-3.5p1/etc/ssh_known_hosts
debug2: no key of type 0 for host <ipaddress>
debug3: check_host_in_hostfile: filename /home/SMMSO/.ssh/known_hosts2
debug3: check_host_in_hostfile: filename
/QOpenSys/QIBM/ProdData/SC1/OpenSSH/
openssh-3.5p1/etc/ssh_known_hosts2
debug3: check_host_in_hostfile: filename /home/SMMSO/.ssh/known_hosts
debug3: check_host_in_hostfile: filename
/QOpenSys/QIBM/ProdData/SC1/OpenSSH/
openssh-3.5p1/etc/ssh_known_hosts
debug2: no key of type 2 for host <ipaddress>
debug2: readpassphrase: not a 5250 return ENOTTY
Host key verification failed.
debug1: Calling cleanup 0x20013a74(0x0)
Connection closed
$
    This is really weird. I can sftp on the localhost or from another linux machine. but when I do it from IBM as 400 it gives me that message.

    I did some googling and found this

    Code:
    sftp and/or scp may fail at connection time if you have shell initialization (.profile, .bashrc, .cshrc, etc) which produces output for non-interactive sessions. This output confuses the sftp/scp client. You can verify if your shell is doing this by executing:

    ssh yourhost /usr/bin/true

If the above command produces any output, then you need to modify your shell initialization.
    For my machine the true is in the bin folder so I tried
    Code:
    ssh localhost /bin/true
    and it doesn't give me any message. So now I am kinda stock and the only way to use the sftp is with filezilla, or from a linux or something but not IBM as 400

    Here is my sshd_config file

    Code:
    # Package generated configuration file
# See the sshd(8) manpage for details

# What ports, IPs and protocols we listen for
Port 22
# Use these options to restrict which interfaces/protocols sshd will bind to
#ListenAddress ::
#ListenAddress 0.0.0.0
Protocol 2
# HostKeys for protocol version 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
#Privilege Separation is turned on for security
UsePrivilegeSeparation yes

# Lifetime and size of ephemeral version 1 server key
KeyRegenerationInterval 3600
ServerKeyBits 768

# Logging
SyslogFacility AUTH
LogLevel INFO

# Authentication:
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes

RSAAuthentication yes
PubkeyAuthentication yes
#AuthorizedKeysFile	%h/.ssh/authorized_keys

# Don't read the user's ~/.rhosts and ~/.shosts files
IgnoreRhosts yes
# For this to work you will also need host keys in /etc/ssh_known_hosts
RhostsRSAAuthentication no
# similar for protocol version 2
HostbasedAuthentication no
# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
#IgnoreUserKnownHosts yes

# To enable empty passwords, change to yes (NOT RECOMMENDED)
PermitEmptyPasswords no

# Change to yes to enable challenge-response passwords (beware issues with
# some PAM modules and threads)
ChallengeResponseAuthentication no

# Change to no to disable tunnelled clear text passwords
#PasswordAuthentication yes

# Kerberos options
#KerberosAuthentication no
#KerberosGetAFSToken no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes

# GSSAPI options
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes

X11Forwarding yes
X11DisplayOffset 10
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
#UseLogin no

#MaxStartups 10:30:60
#Banner /etc/issue.net

# Allow client to pass locale environment variables
AcceptEnv LANG LC_*

Subsystem sftp /usr/lib/openssh/sftp-server

UsePAM yes
    Any Help is appreciated thanks
    Reply With Quote Reply With Quote
  2. 12-31-2008 #2
    cheapscotchron
    cheapscotchron is offline
    Just Joined! cheapscotchron's Avatar
    Join Date
    Dec 2008
    Location
    swamps of jersey
    Posts
    68
    Looks like the key file is in the wrong format.
    Read this link for instructions on how to convert to proper format.

    SourceForge.net: alexandria SSH Key Generation

    edit: Also... the AS400 is an EBCDIC machine. Perhaps it would be best to copy a key file from an ascii box (e.g. your linux server) and put it on the as400. Best way to to this would be by using ftp and specifying BINARY to ensure no ASCII to EBCDIC conversion is done on the fly.

    CSR
    Reply With Quote Reply With Quote
  3. 12-31-2008 #3
    sniper1694
    sniper1694 is offline
    Just Joined!
    Join Date
    Nov 2008
    Posts
    9
    Is there a way to do it the other way instead. I have the public key of the AS 400 was sent to me. is there a way I can put it on the linux instead. I don't have access to the AS 400 anylonger.
    Reply With Quote Reply With Quote
  4. 12-31-2008 #4
    cheapscotchron
    cheapscotchron is offline
    Just Joined! cheapscotchron's Avatar
    Join Date
    Dec 2008
    Location
    swamps of jersey
    Posts
    68
    Maybe. I've never tried that. FTP the AS400 key file to the linux box. I would think you would need the BINARY option on the ftp to ensure you dont convert the key file to ASCII on the ftp. The key files need to be the same on both sides.

    Let me know if it works.

    CSR
    Reply With Quote Reply With Quote
  5. 12-31-2008 #5
    mhanan
    mhanan is offline
    Just Joined! mhanan's Avatar
    Join Date
    Dec 2008
    Location
    San Diego CA
    Posts
    60
    Should be able to.

    I haven't tried it w/ open ssh, but with open vpn I copied the cert files to etc/openvpn.

    To initiate the session:

    open vpn --config /etc/openvpn/client.ovpn

    I would suspect that with open ssh it would be something similar.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules