Find the answer to your Linux question:
Results 1 to 5 of 5
Hi guys. I am having some problems. I have OpenSSH on my SUSE machine and I would like to use it for sftp. However SSH works correctly but not sftp. ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Nov 2008
    Posts
    9

    ssh works but not sftp


    Hi guys. I am having some problems.
    I have OpenSSH on my SUSE machine and I would like to use it for sftp. However SSH works correctly but not sftp. I mean sftp works when you use a client like filezilla, but when you
    Code:
    sftp -vvv <user>@<ipaddress>
    it gives

    Code:
    $
    sftp -vvv <user>@<ipaddress>
    Connecting to <ipaddress>...
    OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL 0.9.7d 17 Mar 2004
    debug1: Reading configuration data
    /QOpenSys/QIBM/ProdData/SC1/OpenSSH/openss
    h-3.5p1/etc/ssh_config
    debug3: Seeding PRNG from
    /QOpenSys/QIBM/ProdData/SC1/OpenSSH/openssh-3.5p1/l
    ibexec/ssh-rand-helper
    debug1: Rhosts Authentication disabled, originating port will not be
    trusted.
    debug1: ssh_connect: needpriv 0
    debug1: Connecting to <ipaddress>[<ipaddress>] port 22.
    debug1: Connection established.
    debug1: identity file /home/SMMSO/.ssh/id_rsa type -1
    debug3: Not a RSA1 key file /home/SMMSO/.ssh/id_
    debug2: key_type_from_name: unknown key type '-----BEGIN'
    debug3: key_read: no key found
    debug3: key_read: no space
    debug3: key_read: no space
    debug3: key_read: no space
    debug3: key_read: no space
    debug3: key_read: no space
    debug3: key_read: no space
    debug3: key_read: no space
    debug3: key_read: no space
    debug3: key_read: no space
    debug3: key_read: no space
    debug2: key_type_from_name: unknown key type '-----END'
    debug3: key_read: no key found
    debug1: identity file /home/SMMSO/.ssh/id_dsa type 2
    debug1: Remote protocol version 2.0, remote software version WeOnlyDo
    2.0.6  
    debug1: no match: WeOnlyDo 2.0.6
    debug1: Enabling compatibility mode for protocol 2.0
    debug1: Local version string SSH-2.0-OpenSSH_3.5p1
    debug3: RNG is ready, skipping seeding
    debug1: SSH2_MSG_KEXINIT sent
    debug1: SSH2_MSG_KEXINIT received
    debug2: kex_parse_kexinit:
    diffie-hellman-group-exchange-sha1,diffie-hellman-
    group1-sha1
    debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
    debug2: kex_parse_kexinit:
    aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfo
    ur,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se 
    debug2: kex_parse_kexinit:
    aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfo             
    ur,aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se 
    debug2: kex_parse_kexinit:
    hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@o
    penssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit:
    hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@o
    penssh.com,hmac-sha1-96,hmac-md5-96
    debug2: kex_parse_kexinit: none,zlib
    debug2: kex_parse_kexinit: none,zlib
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit: first_kex_follows 0
    debug2: kex_parse_kexinit: reserved 0
    debug2: kex_parse_kexinit:
    diffie-hellman-group1-sha1,diffie-hellman-group14-
    sha1
    debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
    debug2: kex_parse_kexinit:
    aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256
    -cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysato
    r.liu 
    .se
    debug2: kex_parse_kexinit:
    aes128-cbc,3des-cbc,blowfish-cbc,aes192-cbc,aes256
    -cbc,rijndael128-cbc,rijndael192-cbc,rijndael256-cbc,rijndael-cbc@lysato
    r.liu 
    .se
    debug2: kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5,none
    debug2: kex_parse_kexinit: hmac-sha1,hmac-sha1-96,hmac-md5,none
    debug2: kex_parse_kexinit: zlib,none
    debug2: kex_parse_kexinit: zlib,none
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit:
    debug2: kex_parse_kexinit: first_kex_follows 0
    debug2: kex_parse_kexinit: reserved 0
    debug2: mac_init: found hmac-md5
    debug1: kex: server->client aes128-cbc hmac-md5 none
    debug2: mac_init: found hmac-md5
    debug1: kex: client->server aes128-cbc hmac-md5 none
    debug1: dh_gen_key: priv key bits set: 127/256
    debug1: bits set: 510/1024
    debug1: sending SSH2_MSG_KEXDH_INIT
    debug1: expecting SSH2_MSG_KEXDH_REPLY
    debug3: check_host_in_hostfile: filename /home/SMMSO/.ssh/known_hosts
    debug3: check_host_in_hostfile: filename
    /QOpenSys/QIBM/ProdData/SC1/OpenSSH/
    openssh-3.5p1/etc/ssh_known_hosts
    debug3: check_host_in_hostfile: filename /home/SMMSO/.ssh/known_hosts
    debug3: check_host_in_hostfile: filename
    /QOpenSys/QIBM/ProdData/SC1/OpenSSH/
    openssh-3.5p1/etc/ssh_known_hosts
    debug2: no key of type 0 for host <ipaddress>
    debug3: check_host_in_hostfile: filename /home/SMMSO/.ssh/known_hosts2
    debug3: check_host_in_hostfile: filename
    /QOpenSys/QIBM/ProdData/SC1/OpenSSH/
    openssh-3.5p1/etc/ssh_known_hosts2
    debug3: check_host_in_hostfile: filename /home/SMMSO/.ssh/known_hosts
    debug3: check_host_in_hostfile: filename
    /QOpenSys/QIBM/ProdData/SC1/OpenSSH/
    openssh-3.5p1/etc/ssh_known_hosts
    debug2: no key of type 2 for host <ipaddress>
    debug2: readpassphrase: not a 5250 return ENOTTY
    Host key verification failed.
    debug1: Calling cleanup 0x20013a74(0x0)
    Connection closed
    $
    This is really weird. I can sftp on the localhost or from another linux machine. but when I do it from IBM as 400 it gives me that message.

    I did some googling and found this

    Code:
    sftp and/or scp may fail at connection time if you have shell initialization (.profile, .bashrc, .cshrc, etc) which produces output for non-interactive sessions. This output confuses the sftp/scp client. You can verify if your shell is doing this by executing:
    
        ssh yourhost /usr/bin/true
    
    If the above command produces any output, then you need to modify your shell initialization.
    For my machine the true is in the bin folder so I tried
    Code:
    ssh localhost /bin/true
    and it doesn't give me any message. So now I am kinda stock and the only way to use the sftp is with filezilla, or from a linux or something but not IBM as 400

    Here is my sshd_config file

    Code:
    # Package generated configuration file
    # See the sshd(8) manpage for details
    
    # What ports, IPs and protocols we listen for
    Port 22
    # Use these options to restrict which interfaces/protocols sshd will bind to
    #ListenAddress ::
    #ListenAddress 0.0.0.0
    Protocol 2
    # HostKeys for protocol version 2
    HostKey /etc/ssh/ssh_host_rsa_key
    HostKey /etc/ssh/ssh_host_dsa_key
    #Privilege Separation is turned on for security
    UsePrivilegeSeparation yes
    
    # Lifetime and size of ephemeral version 1 server key
    KeyRegenerationInterval 3600
    ServerKeyBits 768
    
    # Logging
    SyslogFacility AUTH
    LogLevel INFO
    
    # Authentication:
    LoginGraceTime 120
    PermitRootLogin yes
    StrictModes yes
    
    RSAAuthentication yes
    PubkeyAuthentication yes
    #AuthorizedKeysFile	%h/.ssh/authorized_keys
    
    # Don't read the user's ~/.rhosts and ~/.shosts files
    IgnoreRhosts yes
    # For this to work you will also need host keys in /etc/ssh_known_hosts
    RhostsRSAAuthentication no
    # similar for protocol version 2
    HostbasedAuthentication no
    # Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
    #IgnoreUserKnownHosts yes
    
    # To enable empty passwords, change to yes (NOT RECOMMENDED)
    PermitEmptyPasswords no
    
    # Change to yes to enable challenge-response passwords (beware issues with
    # some PAM modules and threads)
    ChallengeResponseAuthentication no
    
    # Change to no to disable tunnelled clear text passwords
    #PasswordAuthentication yes
    
    # Kerberos options
    #KerberosAuthentication no
    #KerberosGetAFSToken no
    #KerberosOrLocalPasswd yes
    #KerberosTicketCleanup yes
    
    # GSSAPI options
    #GSSAPIAuthentication no
    #GSSAPICleanupCredentials yes
    
    X11Forwarding yes
    X11DisplayOffset 10
    PrintMotd no
    PrintLastLog yes
    TCPKeepAlive yes
    #UseLogin no
    
    #MaxStartups 10:30:60
    #Banner /etc/issue.net
    
    # Allow client to pass locale environment variables
    AcceptEnv LANG LC_*
    
    Subsystem sftp /usr/lib/openssh/sftp-server
    
    UsePAM yes
    Any Help is appreciated thanks

  2. #2
    Just Joined! cheapscotchron's Avatar
    Join Date
    Dec 2008
    Location
    swamps of jersey
    Posts
    68
    Looks like the key file is in the wrong format.
    Read this link for instructions on how to convert to proper format.

    SourceForge.net: alexandria SSH Key Generation

    edit: Also... the AS400 is an EBCDIC machine. Perhaps it would be best to copy a key file from an ascii box (e.g. your linux server) and put it on the as400. Best way to to this would be by using ftp and specifying BINARY to ensure no ASCII to EBCDIC conversion is done on the fly.

    CSR

  3. #3
    Just Joined!
    Join Date
    Nov 2008
    Posts
    9
    Is there a way to do it the other way instead. I have the public key of the AS 400 was sent to me. is there a way I can put it on the linux instead. I don't have access to the AS 400 anylonger.

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined! cheapscotchron's Avatar
    Join Date
    Dec 2008
    Location
    swamps of jersey
    Posts
    68
    Maybe. I've never tried that. FTP the AS400 key file to the linux box. I would think you would need the BINARY option on the ftp to ensure you dont convert the key file to ASCII on the ftp. The key files need to be the same on both sides.

    Let me know if it works.

    CSR

  6. #5
    Just Joined! mhanan's Avatar
    Join Date
    Dec 2008
    Location
    San Diego CA
    Posts
    60
    Should be able to.

    I haven't tried it w/ open ssh, but with open vpn I copied the cert files to etc/openvpn.

    To initiate the session:

    open vpn --config /etc/openvpn/client.ovpn

    I would suspect that with open ssh it would be something similar.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •