PuTTY and SSH2 on OpenVMS - Not

PuTTY and SSH2 on OpenVMS - Not

Post by Alde » Thu, 26 Jun 2003 15:19:19



Greetings all,

Just curious.  Has anyone successfully used public-key authentication to
connect a PuTTY client to the newer HP SSH server (EAK 1.1) on OpenVMS?
  I know I haven't :-(

In my server config file, SSHD2_CONFIG, I have:

   .
   .
   .
   Ciphers 3des
   UserConfigDirectory "%Dash2"               <-- whatever that is ???
   AuthorizationFile authorization
   AllowAgentForwarding yes
   AllowTCPForwarding yes
   AllowedAuthentications publickey
   .
   .
   .

and I have this line in my user SYS$LOGIN:[SSH2]AUTHORIZATION. file:

        Key     DSASSH2_20030418_PUBLIC.PUB

with a matching public key file named DSASSH2_20030418_PUBLIC.PUB in the
SYS$LOGIN:[SSH2] directory.

PuTTY reports this at each login attempt:

        Using username "TBRANSCO".
        Authenticating with public key "dsa-key-20030418" from agent
        No supported authentication methods left to try!

...followed immediately by a Windows dialog reporting that the
connection was closed by the remote host.

I did record a full log of the SSH packet traffic as well using PuTTY
and if anyone can bear to read further, I've pasted it below in its
entirety.  Have I missed the obvious?  Where else can I look for the cause?

Kind regards, and thanks for reading,

Alder

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2003.06.24 22:48:07
=~=~=~=~=~=~=~=~=~=~=~=
Event Log: Writing new session log (SSH packets mode) to file:
C:\TEMP\PuTTYLOG\putty.log
Event Log: Looking up host "szeged.erebus.homeip.net"
Event Log: Connecting to 192.168.0.3 port 22
Event Log: Server version: SSH-2.0-2.4.1 SSH Secure Shell OpenVMS V1.0
Event Log: We claim version: SSH-2.0-PuTTY-Release-0.53b
Event Log: Using SSH protocol version 2
Incoming packet type 20 / 0x14 (SSH2_MSG_KEXINIT)
   00000000  71 e4 0c 1a 57 cd ff 00 cb 80 b7 ef 5b 49 98 db
q...W.......[I..
   00000010  00 00 00 1a 64 69 66 66 69 65 2d 68 65 6c 6c 6d
....diffie-hellm
   00000020  61 6e 2d 67 72 6f 75 70 31 2d 73 68 61 31 00 00
an-group1-sha1..
   00000030  00 07 73 73 68 2d 64 73 73 00 00 00 08 33 64 65
..ssh-dss....3de
   00000040  73 2d 63 62 63 00 00 00 08 33 64 65 73 2d 63 62
s-cbc....3des-cb
   00000050  63 00 00 00 78 68 6d 61 63 2d 73 68 61 31 2c 68
c...xhmac-sha1,h
   00000060  6d 61 63 2d 73 68 61 31 2d 39 36 2c 68 6d 61 63
mac-sha1-96,hmac
   00000070  2d 6d 64 35 2c 68 6d 61 63 2d 6d 64 35 2d 39 36
-md5,hmac-md5-96
   00000080  2c 68 6d 61 63 2d 72 69 70 65 6d 64 31 36 30 2c
,hmac-ripemd160,
   00000090  68 6d 61 63 2d 72 69 70 65 6d 64 31 36 30 2d 39
hmac-ripemd160-9
   000000a0  36 2c 73 68 61 31 2d 38 2c 73 68 61 31 2c 6d 64
6,sha1-8,sha1,md
   000000b0  35 2d 38 2c 6d 64 35 2c 72 69 70 65 6d 64 31 36
5-8,md5,ripemd16
   000000c0  30 2d 38 2c 72 69 70 65 6d 64 31 36 30 00 00 00
0-8,ripemd160...
   000000d0  78 68 6d 61 63 2d 73 68 61 31 2c 68 6d 61 63 2d
xhmac-sha1,hmac-
   000000e0  73 68 61 31 2d 39 36 2c 68 6d 61 63 2d 6d 64 35
sha1-96,hmac-md5
   000000f0  2c 68 6d 61 63 2d 6d 64 35 2d 39 36 2c 68 6d 61
,hmac-md5-96,hma
   00000100  63 2d 72 69 70 65 6d 64 31 36 30 2c 68 6d 61 63
c-ripemd160,hmac
   00000110  2d 72 69 70 65 6d 64 31 36 30 2d 39 36 2c 73 68
-ripemd160-96,sh
   00000120  61 31 2d 38 2c 73 68 61 31 2c 6d 64 35 2d 38 2c
a1-8,sha1,md5-8,
   00000130  6d 64 35 2c 72 69 70 65 6d 64 31 36 30 2d 38 2c
md5,ripemd160-8,
   00000140  72 69 70 65 6d 64 31 36 30 00 00 00 09 6e 6f 6e
ripemd160....non
   00000150  65 2c 7a 6c 69 62 00 00 00 09 6e 6f 6e 65 2c 7a
e,zlib....none,z
   00000160  6c 69 62 00 00 00 00 00 00 00 00 00 00 00 00 00
lib.............
Outgoing packet type 20 / 0x14 (SSH2_MSG_KEXINIT)
   00000000  e8 c0 df e0 37 5a ee 81 c7 40 bb 79 92 77 19 05
....7Z...@.y.w..
   00000010  00 00 00 3d 64 69 66 66 69 65 2d 68 65 6c 6c 6d
...=diffie-hellm
   00000020  61 6e 2d 67 72 6f 75 70 2d 65 78 63 68 61 6e 67
an-group-exchang
   00000030  65 2d 73 68 61 31 2c 64 69 66 66 69 65 2d 68 65
e-sha1,diffie-he
   00000040  6c 6c 6d 61 6e 2d 67 72 6f 75 70 31 2d 73 68 61
llman-group1-sha
   00000050  31 00 00 00 0f 73 73 68 2d 72 73 61 2c 73 73 68
1....ssh-rsa,ssh
   00000060  2d 64 73 73 00 00 00 82 33 64 65 73 2d 63 62 63
-dss....3des-cbc
   00000070  2c 61 65 73 32 35 36 2d 63 62 63 2c 72 69 6a 6e
,aes256-cbc,rijn
   00000080  64 61 65 6c 32 35 36 2d 63 62 63 2c 72 69 6a 6e
dael256-cbc,rijn
   00000090  64 61 65 6c 2d 63 62 63 40 6c 79 73 61 74 6f 72
dael-cbc@lysator
   000000a0  2e 6c 69 75 2e 73 65 2c 61 65 73 31 39 32 2d 63
.liu.se,aes192-c
   000000b0  62 63 2c 72 69 6a 6e 64 61 65 6c 31 39 32 2d 63
bc,rijndael192-c
   000000c0  62 63 2c 61 65 73 31 32 38 2d 63 62 63 2c 72 69
bc,aes128-cbc,ri
   000000d0  6a 6e 64 61 65 6c 31 32 38 2d 63 62 63 2c 62 6c
jndael128-cbc,bl
   000000e0  6f 77 66 69 73 68 2d 63 62 63 00 00 00 82 33 64
owfish-cbc....3d
   000000f0  65 73 2d 63 62 63 2c 61 65 73 32 35 36 2d 63 62
es-cbc,aes256-cb
   00000100  63 2c 72 69 6a 6e 64 61 65 6c 32 35 36 2d 63 62
c,rijndael256-cb
   00000110  63 2c 72 69 6a 6e 64 61 65 6c 2d 63 62 63 40 6c
c,rijndael-cbc@l
   00000120  79 73 61 74 6f 72 2e 6c 69 75 2e 73 65 2c 61 65
ysator.liu.se,ae
   00000130  73 31 39 32 2d 63 62 63 2c 72 69 6a 6e 64 61 65
s192-cbc,rijndae
   00000140  6c 31 39 32 2d 63 62 63 2c 61 65 73 31 32 38 2d
l192-cbc,aes128-
   00000150  63 62 63 2c 72 69 6a 6e 64 61 65 6c 31 32 38 2d
cbc,rijndael128-
   00000160  63 62 63 2c 62 6c 6f 77 66 69 73 68 2d 63 62 63
cbc,blowfish-cbc
   00000170  00 00 00 17 68 6d 61 63 2d 73 68 61 31 2c 68 6d
....hmac-sha1,hm
   00000180  61 63 2d 6d 64 35 2c 6e 6f 6e 65 00 00 00 17 68
ac-md5,none....h
   00000190  6d 61 63 2d 73 68 61 31 2c 68 6d 61 63 2d 6d 64
mac-sha1,hmac-md
   000001a0  35 2c 6e 6f 6e 65 00 00 00 0e 6e 6f 6e 65 2c 7a
5,none....none,z
   000001b0  6c 69 62 2c 6e 6f 6e 65 00 00 00 0e 6e 6f 6e 65
lib,none....none
   000001c0  2c 7a 6c 69 62 2c 6e 6f 6e 65 00 00 00 00 00 00
,zlib,none......
   000001d0  00 00 00 00 00 00 00                             .......
Event Log: Doing Diffie-Hellman key exchange
Outgoing packet type 30 / 0x1e (SSH2_MSG_KEXDH_INIT)
   00000000  00 00 00 80 01 ab 8d 6f fd 81 6b eb 71 4b 33 9b
.......o..k.qK3.
   00000010  69 a0 c7 3f b5 0c 35 0c 04 9b 93 ea 80 88 fc 96
i..?..5.........
   00000020  ec 3e 75 6e ee 8b 65 d1 1e ba 17 43 93 25 a1 3e
.>un..e....C.%.>
   00000030  ee 17 05 48 1a 39 ff 07 be c1 dd 2c 4d aa c5 95
...H.9.....,M...
   00000040  11 bd a0 99 4f e8 ef 27 7a 63 65 49 a4 d2 fe ff
....O..'zceI....
   00000050  89 52 a5 ad 1d 58 bd dc 93 a9 6d 91 be db a5 e6
.R...X....m.....
   00000060  04 a8 91 71 05 60 e6 d6 05 7e f6 32 2d b4 d9 38
...q.`...~.2-..8
   00000070  f2 56 ce 9b ef 64 81 43 43 da bf bf 0f 81 74 a7
.V...d.CC.....t.
   00000080  0c 2d 7a a3                                      .-z.
Incoming packet type 31 / 0x1f (SSH2_MSG_KEXDH_REPLY)
   00000000  00 00 01 b3 00 00 00 07 73 73 68 2d 64 73 73 00
........ssh-dss.
   00000010  00 00 81 00 dc 99 f0 bf e6 40 44 83 ab f1 61 96
.........@D...a.
   00000020  31 73 eb 05 06 44 a5 89 91 16 33 f2 e0 1e 08 73
1s...D....3....s
   00000030  17 0d be 47 33 44 06 0a ec 9f 83 71 78 08 64 af
...G3D.....qx.d.
   00000040  13 74 1d 56 7f 45 4b e0 b5 c4 20 b8 c7 1e 36 38  .t.V.EK...
...68
   00000050  c9 e8 10 1e 96 5d e0 e0 5b ee 83 82 5f ac d3 db
.....]..[..._...
   00000060  17 63 5e 1e cb 31 94 ac e0 89 12 5f a7 85 1f 29
.c^..1....._...)
   00000070  a6 cf 32 87 a7 ad 7f 18 1a 08 64 49 c0 50 4e 1f
..2.......dI.PN.
   00000080  95 9b ec 3f ce 0c 72 a2 29 d5 29 5a 5f 2d fa 69
...?..r.).)Z_-.i
   00000090  b8 17 17 73 00 00 00 15 00 ae 8d 26 04 24 1a 44
...s.......&.$.D
   000000a0  12 c7 d8 72 31 c2 36 a2 e9 f2 7a 67 6d 00 00 00
...r1.6...zgm...
   000000b0  81 00 85 36 25 43 42 e3 19 c4 6a 92 3d 9b 88 a1
...6%CB...j.=...
   000000c0  fd ee ea 66 83 ac ec fa ab 34 29 a8 48 85 21 d4
...f.....4).H.!.
   000000d0  93 da 7e 06 78 e8 c4 6d af f2 6e 66 23 73 f7 ef
..~.x..m..nf#s..
   000000e0  3c af 5f ea fa 97 10 63 68 42 8f a6 04 34 8e 4e
<._....chB...4.N
   000000f0  6a 87 b6 e0 60 58 3b b3 91 64 3c 9a 77 80 6b e9
j...`X;..d<.w.k.
   00000100  d2 38 c5 a3 a4 a1 f0 51 f1 e2 ad d4 fb e2 e5 c8
.8.....Q........
   00000110  63 00 1a 9a e3 46 e7 a7 56 20 47 45 90 23 89 88  c....F..V
GE.#..
   00000120  f6 1f 6d 7d 2b 62 ce ba a7 65 81 cc 93 be 9f e4
..m}+b...e......
   00000130  c5 9f 00 00 00 81 00 8f 74 04 40 15 0e 09 e6 4b
........t.@....K
   00000140  cf 7d 66 a9 12 3b 4f 2b 10 a5 00 7e f6 f9 9b bd
.}f..;O+...~....
   00000150  1c b9 65 23 fa fe 79 34 26 52 b9 2a 03 43 bb 4c
..e#..y4&R.*.C.L
   00000160  94 21 ed e2 c6 63 23 31 2d fe 0a 0c 42 3f 23 2a
.!...c#1-...B?#*
   00000170  62 c0 7a f8 15 7f 62 ff c5 dd 5e b6 99 da 01 80
b.z...b...^.....
   00000180  aa dd be 1f 5f 1b 98 99 f0 31 55 7b 0d 47 33 df
...._....1U{.G3.
   00000190  ee ce 2f 28 a0 a7 6d 04 1a 34 bc 2b a9 8d 7a 3d
../(..m..4.+..z=
   000001a0  2f c9 a3 92 0b b3 5b d2 c5 dc 8d 9f 5a 86 f8 16
/.....[.....Z...
   000001b0  d1 33 c2 3c e2 7a ff 00 00 00 80 32 4e 13 26 88
.3.<.z.....2N.&.
   000001c0  13 cc 59 c4 6e 43 ec 1e 3d cb 68 e4 c7 f0 0c 8c
..Y.nC..=.h.....
   000001d0  97 33 34 85 b9 af 8c 69 e7 91 b9 e6 cb 2f 68 48
.34....i...../hH
   000001e0  b2 b6 e3 5c 0e df 7a e9 05 cd 16 71 95 2e e7 28
...\..z....q...(
   000001f0  dc 3b c8 83 f9 5d 9d bb 6f 15 77 e4 2a 99 46 e7
.;...]..o.w.*.F.
   00000200  f4 64 84 d9 29 99 5c de 23 d2 27 27 e8 72 c1 00
.d..).\.#.''.r..
   00000210  a8 fa b1 74 fe eb a1 aa 2a 01 ed a5 6c fb fc 0e
...t....*...l...
   00000220  15 8b c4 5f 3b 0c 23 bc 96 96 90 44 4d 10 5d 4b
..._;.#....DM.]K
   00000230  4b ff 53 5d 09 ee cc b0 ef a2 97 00 00 00 37 00
K.S]..........7.
   00000240  00 00 07 73 73 68 2d 64 73 73 00 00 00 28 a6 4c
...ssh-dss...(.L
   00000250  2e de 1e bc 48 5c 66 49 66 ee b2 c6 f6 de 5e 2b
....H\fIf.....^+
   00000260  c8 2e 9f d6 ae d9 c7 1f c9 ca e5 d5 f0 c5 62 f7
..............b.
   00000270  ee 72 28 c2 2c 78                                .r(.,x
Event Log: Host key fingerprint is:
Event Log: ...

read more »

 
 
 

PuTTY and SSH2 on OpenVMS - Not

Post by Peter 'EPLAN' LANGSTOEG » Thu, 26 Jun 2003 16:39:19



>Just curious.  Has anyone successfully used public-key authentication to
>connect a PuTTY client to the newer HP SSH server (EAK 1.1) on OpenVMS?

Yes. It was a 5min action. (With TCPware it was a 3min action ;-)

I installed TCPIP_SSH (on top of V5.3 ECO2) and had to reboot then.
Then I edited the SSHD2_CONFIG to change

        AllowedAuthentications          hostbased
to
        AllowedAuthentications          hostbased,publickey,password

and that was it (I did not need to change any file with TCPware ;-)

Quote:>    Using username "TBRANSCO".
>    Authenticating with public key "dsa-key-20030418" from agent
>    No supported authentication methods left to try!

This was the message before I added "password "to "AllowedAuthentications"

The problem with the (Protocol error: packet too long: 541091777.) at logging
out is still there. And the doc has a lot of typos. But that's an EAK.

-Peter

PS: I did also enable KeepAlive and VerboseMode
--
Peter "EPLAN" LANGSTOEGER
Network and OpenVMS system specialist

A-1030 VIENNA  AUSTRIA              I'm not a pessimist, I'm a realist

 
 
 

PuTTY and SSH2 on OpenVMS - Not

Post by Simon Tatha » Thu, 26 Jun 2003 17:06:52



> PuTTY reports this at each login attempt:

>    Using username "TBRANSCO".
>    Authenticating with public key "dsa-key-20030418" from agent
>    No supported authentication methods left to try!

The log you've posted shows that PuTTY is receiving confirmation
from the server that it _is_ willing to accept signatures from the
public key you're offering; yet when PuTTY actually provides a
signature, it's refused.

Probably the best next step is to check the system logs at the
server end, in case the server has logged the _reason_ why it didn't
like the signature.
--
Simon Tatham         "Thieves respect property; they only wish the property to

 
 
 

PuTTY and SSH2 on OpenVMS - Not

Post by Richard E Silverma » Thu, 26 Jun 2003 19:24:48


Quote:>    UserConfigDirectory "%Dash2"          <-- whatever that is ???

Was this a typo in your message?  Otherwise, it would make the SSH server
look in the subdirectory SYS$LOGIN:[ASH2], instead of [SSH2].

Don't they supply man pages with this release?  If not, you should get the
SSH2 Unix release from ssh.com for the documentation.

--
  Richard Silverman

 
 
 

PuTTY and SSH2 on OpenVMS - Not

Post by Mans » Thu, 26 Jun 2003 21:35:52


Alder <PGDEHMKOK...@spammotel.com> wrote in message <news:3EF93EE5.4060405@spammotel.com>...
> Greetings all,

> Just curious.  Has anyone successfully used public-key authentication to
> connect a PuTTY client to the newer HP SSH server (EAK 1.1) on OpenVMS?
>   I know I haven't :-(

> In my server config file, SSHD2_CONFIG, I have:

>    .
>    .
>    .
>    Ciphers 3des
>    UserConfigDirectory "%Dash2"          <-- whatever that is ???
>    AuthorizationFile authorization
>    AllowAgentForwarding yes
>    AllowTCPForwarding yes
>    AllowedAuthentications publickey
>    .
>    .
>    .

> and I have this line in my user SYS$LOGIN:[SSH2]AUTHORIZATION. file:

>    Key     DSASSH2_20030418_PUBLIC.PUB

> with a matching public key file named DSASSH2_20030418_PUBLIC.PUB in the
> SYS$LOGIN:[SSH2] directory.

> PuTTY reports this at each login attempt:

>    Using username "TBRANSCO".
>    Authenticating with public key "dsa-key-20030418" from agent
>    No supported authentication methods left to try!

> ...followed immediately by a Windows dialog reporting that the
> connection was closed by the remote host.

> I did record a full log of the SSH packet traffic as well using PuTTY
> and if anyone can bear to read further, I've pasted it below in its
> entirety.  Have I missed the obvious?  Where else can I look for the cause?

> Kind regards, and thanks for reading,

> Alder

> =~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2003.06.24 22:48:07
> =~=~=~=~=~=~=~=~=~=~=~=
> Event Log: Writing new session log (SSH packets mode) to file:
> C:\TEMP\PuTTYLOG\putty.log
> Event Log: Looking up host "szeged.erebus.homeip.net"
> Event Log: Connecting to 192.168.0.3 port 22
> Event Log: Server version: SSH-2.0-2.4.1 SSH Secure Shell OpenVMS V1.0
> Event Log: We claim version: SSH-2.0-PuTTY-Release-0.53b
> Event Log: Using SSH protocol version 2
> Incoming packet type 20 / 0x14 (SSH2_MSG_KEXINIT)
> Event Log: Doing Diffie-Hellman key exchange
> Outgoing packet type 30 / 0x1e (SSH2_MSG_KEXDH_INIT)
> Incoming packet type 31 / 0x1f (SSH2_MSG_KEXDH_REPLY)
> Event Log: Host key fingerprint is:
> Event Log: ssh-dss 1024 0f:63:5a:0d:8b:d7:56:1f:f2:51:d2:38:06:e0:46:e9
> Outgoing packet type 21 / 0x15 (SSH2_MSG_NEWKEYS)
> Incoming packet type 21 / 0x15 (SSH2_MSG_NEWKEYS)
> Event Log: Initialised triple-DES client->server encryption
> Event Log: Initialised triple-DES server->client encryption
> Outgoing packet type 5 / 0x05 (SSH2_MSG_SERVICE_REQUEST)
> Incoming packet type 6 / 0x06 (SSH2_MSG_SERVICE_ACCEPT)
> Outgoing packet type 50 / 0x32 (SSH2_MSG_USERAUTH_REQUEST)
> Incoming packet type 51 / 0x33 (SSH2_MSG_USERAUTH_FAILURE)
> Event Log: Pageant is running. Requesting keys.
> Event Log: Pageant has 1 SSH2 keys
> Event Log: Trying Pageant key #0
> Outgoing packet type 50 / 0x32 (SSH2_MSG_USERAUTH_REQUEST)
> ssh-connection..
> ..publickey.....
>    00000030  73 73 68 2d 64 73 73 00 00 01 b1 00 00 00 07 73
> ssh-dss........s
>    00000040  73 68 2d 64 73 73 00 00 00 81 00 b5 2b 2b 22 92
> sh-dss......++".
> Incoming packet type 60 / 0x3c (SSH2_MSG_USERAUTH_PK_OK)
> Event Log: Sending Pageant's response
> Outgoing packet type 50 / 0x32 (SSH2_MSG_USERAUTH_REQUEST)
> Incoming packet type 51 / 0x33 (SSH2_MSG_USERAUTH_FAILURE)
> Event Log: No supported authentications offered. Disconnecting
> Outgoing packet type 1 / 0x01 (SSH2_MSG_DISCONNECT)

Final message:

> -No supported authentication methods available

The SSH (e.a.k) 1.1 on openVMS has restricted functions.
The full functions will be available with tcpip V5.4
this may be the cause (see your log).

i use the SSH e.a.k 1.1 on OpenVMS with password authentication.
with a putty client, i works fine.

here are the config files:

VMAL06> ty SSH2_CONFIG.

## ssh2_config
## SSH 2.0 Client Configuration File
##

## The "*" is used for all hosts, but you can use other hosts as
## well.
*:

## HP Tru64 UNIX specific
# Secure the r* utilities (no, yes)
#       EnforceSecureRutils             no

## General

 VerboseMode                    yes
#       QuietMode                       yes
#       DontReadStdin                   no
#       BatchMode                       yes
#       Compression                     yes
#       ForcePTTYAllocation             yes
#       GoBackground                    yes
#       EscapeChar                      ~
#       PasswordPrompt                  "%U@%H's password: "
        PasswordPrompt                  "%U's password: "
        AuthenticationSuccessMsg        yes

## Network

 Port                           22
 NoDelay                                no
 KeepAlive                      yes
#       SocksServer                  
#socks://mylo...@socks.ssh.com:1080/203.123.0.0/16,198.74.23.0/24

## Crypto

 Ciphers                                AnyStdCipher
 MACs                           AnyMAC
 StrictHostKeyChecking           no
#       RekeyIntervalSeconds            3600

## User public key authentication

 IdentityFile                   identification
 AuthorizationFile              authorization
 RandomSeedFile                 random_seed

## Tunneling

#       GatewayPorts                    yes
        ForwardX11                      yes
#       ForwardAgent                    yes

# Tunnels that are set up upon logging in

#       LocalForward                    "110:pop3.ssh.com:110"
#       RemoteForward                   "3000:foobar:22"

## SSH1 Compatibility

   Ssh1Compatibility               yes
   Ssh1AgentCompatibility               none
#       Ssh1AgentCompatibility          traditional
#       Ssh1AgentCompatibility          ssh2
#       Ssh1Path                        /usr/local/bin/ssh1

## Authentication
## Hostbased is not enabled by default.

        AllowedAuthentications          hostbased, publickey, password

# For ssh-signer2 (only effective if set in the global configuration
# file, usually /etc/ssh2/ssh2_config)

#       DefaultDomain                   ucx.lkg.dec.com
        SshSignerPath                  
/sys$system/tcpip$ssh_ssh-signer2

## Examples of per host configurations

#alpha*:
#       Host                            alpha.oof.fi
#       User                            user
#       PasswordPrompt                  "%U:s password at %H: "
#       Ciphers                         idea

#foobar:
#       Host                            foo.bar
#       User                            foo_user

VMAL06> ty SSHD2_CONFIG.
## sshd2_config
## SSH 2.4 Server Configuration File
##

## General

 VerboseMode                    yes
#       QuietMode                       yes
        AllowCshrcSourcingWithSubsystems        no
        ForcePTTYAllocation             no
        SyslogFacility                  AUTH
#       SyslogFacility                  LOCAL7

## Network

 Port                           22
 ListenAddress                  0.0.0.0
 RequireReverseMapping          no
 MaxBroadcastsPerSecond         0
#       MaxBroadcastsPerSecond          1
#       NoDelay                         yes
#       KeepAlive                       yes
#       MaxConnections                  50
#       MaxConnections                  0
# 0 == number of connections not limited

## Crypto

 Ciphers                                AnyCipher
#       Ciphers                         AnyStd
#       Ciphers                         AnyStdCipher
#       Ciphers                         3des
        MACs                            AnyMAC
#       MACs                            AnyStd
#       MACs                            AnyStdMAC
#       RekeyIntervalSeconds            3600

## User

 PrintMotd                      yes
 CheckMail                      yes
 UserConfigDirectory            "%Dssh2"
#       UserConfigDirectory             "/etc/ssh2/auth/%U"
        UserKnownHosts                  yes
#       LoginGraceTime                  600
#       PermitEmptyPasswords            no
#       StrictModes                     yes

## User public key authentication

 HostKeyFile                    hostkey
 PublicHostKeyFile              hostkey.pub
 RandomSeedFile                 random_seed
 IdentityFile                   identification
 AuthorizationFile              authorization
 AllowAgentForwarding           yes

## Tunneling

 AllowX11Forwarding             yes
 AllowTcpForwarding             yes
#       AllowTcpForwardingForUsers      sjl, cowboyn...@slashdot.org
#       DenyTcpForwardingForUsers       "2[:isdigit:]*4, peelo"
#       AllowTcpForwardingForGroups     priviliged_tcp_forwarders
#       DenyTcpForwardingForGroups      coming_from_outside

## Authentication
## Hostbased and PAM are not enabled by default.

#       BannerMessageFile               /etc/ssh2/ssh_banner_message
#       BannerMessageFile               /etc/issue.net
        PasswordGuesses                 3
#       AllowedAuthentications          publickey
#       AllowedAuthentications          publickey,pa...@ssh.com
#       AllowedAuthentications          hostbased,publickey,password
        AllowedAuthentications          password
#       RequiredAuthentications         publickey,password
#       SshPAMClientPath                ssh-pam-client

## Host restrictions

        AllowHosts                      localhost, *
#       DenyHosts                       evil.org, aol.com
#       AllowSHosts                     trusted.host.org
#       DenySHosts                      not.quite.trusted.org
#       IgnoreRhosts                    no
#       IgnoreRootRHosts                no
# (the above, if not set, is defaulted to the value of IgnoreRHosts)

## User restrictions

#       AllowUsers                    
"sj*,s[:isdigit:]##,s(jl|amza)"
#       DenyUsers                       skuuppa,warezdude,31373
#       DenyUsers                       d...@untrusted.org
#       AllowGroups                     staff,users
#       DenyGroups                      guest
#       PermitRootLogin                 nopwd
        PermitRootLogin                 yes

## ...

read more »

 
 
 

PuTTY and SSH2 on OpenVMS - Not

Post by Alde » Fri, 27 Jun 2003 00:09:05




Quote:

> > -No supported authentication methods available

> The SSH (e.a.k) 1.1 on openVMS has restricted functions.
> The full functions will be available with tcpip V5.4
> this may be the cause (see your log).

> i use the SSH e.a.k 1.1 on OpenVMS with password authentication.
> with a putty client, i works fine.

I agree.  Password auth. works fine on my setup as well.  FWIW, I use the
same public-private key pair on the client to connect with a Multinet SSH2
server, which should eliminate the possibility of having a malformed key.

Thanks, Manser.

Alder

 
 
 

PuTTY and SSH2 on OpenVMS - Not

Post by Alde » Fri, 27 Jun 2003 00:12:04


Thanks, Simon.

I'll do that and post back the results as soon as I can regain access to the
server.  I was looking at those logs last night, but can't recall any
specifics from them at the moment.

Cheers,
Alder



> > PuTTY reports this at each login attempt:

> > Using username "TBRANSCO".
> > Authenticating with public key "dsa-key-20030418" from agent
> > No supported authentication methods left to try!

> The log you've posted shows that PuTTY is receiving confirmation
> from the server that it _is_ willing to accept signatures from the
> public key you're offering; yet when PuTTY actually provides a
> signature, it's refused.

> Probably the best next step is to check the system logs at the
> server end, in case the server has logged the _reason_ why it didn't
> like the signature.
> --
> Simon Tatham         "Thieves respect property; they only wish the
property to


it."
 
 
 

PuTTY and SSH2 on OpenVMS - Not

Post by Alde » Fri, 27 Jun 2003 08:07:20




Quote:

> By the way i habe some problems usinng the putty client, especially
> when editing files, the cursor points to wrong locations in the file,
> so that working with the editor is extremly difficult.
> Have you exprienced this ?

Sorry, Manzer, I missed this the first time around.  I have not experienced
this particular problem, but it sounds like a VT emulation issue.  All I can
suggest is to fiddle with the settings in PuTTY's Terminal|Keyboard dialog
until you get close to something useful.

Regards,

Alder

 
 
 

PuTTY and SSH2 on OpenVMS - Not

Post by Alde » Fri, 27 Jun 2003 10:42:38




>>PuTTY reports this at each login attempt:

>>        Using username "TBRANSCO".
>>        Authenticating with public key "dsa-key-20030418" from agent
>>        No supported authentication methods left to try!

> The log you've posted shows that PuTTY is receiving confirmation
> from the server that it _is_ willing to accept signatures from the
> public key you're offering; yet when PuTTY actually provides a
> signature, it's refused.

> Probably the best next step is to check the system logs at the
> server end, in case the server has logged the _reason_ why it didn't
> like the signature.

I've got the server logs now, but I don't see any "reason" for the
failure.  Looks like just a different way to say "choke".

.
.
.
debug: Running event loop
debug: Ssh2Transport/TRCOMMON.C:643: Remote version:
SSH-2.0-PuTTY-Release-0.53b
debug: Ssh2Transport/TRCOMMON.C:1167: c_to_s: cipher 3des-cbc, mac
  - hmac-sha1, compression none
debug: Ssh2Transport/TRCOMMON.C:1170: s_to_c: cipher 3des-cbc, mac
- hmac-sha1, compression none
debug: Sshd2/SSHD2.C:428: user 'TBRANSCO' service 'ssh-connection'
- client_ip '192.168.0.1' client_port '1792' completed ''
debug: Sshd2/SSHD2.C:558: output: publickey
WARNING: Public key operation failed for tbransco.
debug: Ssh2Common/SSHCOMMON.C:153: DISCONNECT received: No supported
- authentication methods available
debug: Sshd2/SSHD2.C:176: locally_generated = FALSE
debug: Exiting event loop
   TCPIP$SSH    job terminated at 25-JUN-2003 18:27:19.33

Regards,

Alder

 
 
 

PuTTY and SSH2 on OpenVMS - Not

Post by Irving F. Snur » Sun, 29 Jun 2003 04:37:05


We've had trouble editing with putty.  Without tinkering atall it
supports keypad editing, for those of us with EDT fingers, and that was
nice.  I can log into VMS from a PC and edit with EDT just
like a DECTERM window.  However, whenever I paste into puttty, from one
putty screen to another, I get just enough errors to drive me crazy. A
semicolon will be missing, or part of a word.
So if I paste a 30-line function, when I compile I'll get about ten
compilation errors.  That's not true
with TeraTerm, which seems to work just fine.  If it only supported SSH2...

    regards, Bill Manwaring, IUCF






>>By the way i habe some problems usinng the putty client, especially
>>when editing files, the cursor points to wrong locations in the file,
>>so that working with the editor is extremly difficult.
>>Have you exprienced this ?

>Sorry, Manzer, I missed this the first time around.  I have not experienced
>this particular problem, but it sounds like a VT emulation issue.  All I can
>suggest is to fiddle with the settings in PuTTY's Terminal|Keyboard dialog
>until you get close to something useful.

>Regards,

>Alder

 
 
 

PuTTY and SSH2 on OpenVMS - Not

Post by Bob Koehl » Sun, 29 Jun 2003 06:25:51



Quote:

> We've had trouble editing with putty.

   Have you been able to get Insert recognized for Find?  Every time
   I hit Insert when editting via Putty I get a message about nothing
   being defined for that key.
 
 
 

PuTTY and SSH2 on OpenVMS - Not

Post by Doc.Cyphe » Sun, 29 Jun 2003 23:44:15



Quote:>We've had trouble editing with putty.  Without tinkering atall it
>supports keypad editing, for those of us with EDT fingers, and that was
>nice.  I can log into VMS from a PC and edit with EDT just
>like a DECTERM window.  However, whenever I paste into puttty, from one
>putty screen to another, I get just enough errors to drive me crazy. A
>semicolon will be missing, or part of a word.
>So if I paste a 30-line function, when I compile I'll get about ten
>compilation errors.  That's not true
>with TeraTerm, which seems to work just fine.  If it only supported SSH2...

Set up a tunnel in PuTTY to the telnet port on the server. :)

Then you can use any telnet-capable terminal emulator securely.

Some work setting up the machine/firewall to block other inbound telnet
connections will be required.

Doc.
--
OpenVMS.         Eight out of ten hackers prefer *other* operating systems.

 
 
 

PuTTY and SSH2 on OpenVMS - Not

Post by Alde » Mon, 30 Jun 2003 04:54:22




>>We've had trouble editing with putty.

>    Have you been able to get Insert recognized for Find?  Every time
>    I hit Insert when editting via Putty I get a message about nothing
>    being defined for that key.

Works for me in EVE.

Try this:

$ SET TERMINAL/DEVICE_TYPE=VT400/DEC_CRT=4

...then change the PuTTY Keyboard setting for "Change the sequences sent
by The Function keys and keypad" to VT400.

Best of luck,

Alder