LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 06-16-2015, 12:17 PM   #1
hat1208
LQ Newbie
 
Registered: Jul 2013
Posts: 16

Rep: Reputation: Disabled
sftp from Redhat linux to a window machine using public key authorization


I have a client that I need to sftp a nightly production file to from a Redhat linux box. We think that we have established the public key on the receiving machine. When I try to execute the sftp command on my linux box I receive the following output with the -vvv option to the sftp command:

[dp3] [Gloversville] /home/dp3?sftp -vvv -oPort=5522 -oIdentityFile=/home/dp3/.s
sh/id_rsa.pub -b /home/bin/b3153.bin pcf17@ftp2.pcfcorp.com
Connecting to ftp2.pcfcorp.com...
OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug2: ssh_connect: needpriv 0
debug1: Connecting to ftp2.pcfcorp.com [192.43.246.17] port 5522.
debug1: Connection established.
debug1: identity file /home/dp3/.ssh/id_rsa.pub type -1
debug1: identity file /home/dp3/.ssh/id_rsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2
debug1: match: OpenSSH_6.2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-gro
up1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@open
ssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@open
ssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp
521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diff
ie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour12
8,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc
,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour12
8,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc
,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,um
ac-64-etm@openssh.com,umac-128-etm@o...tm@openssh.com,hma
c-sha2-512-etm@openssh.com,hmac-ripe...tm@openssh.com,hmac-sha1-96-etm@opens
sh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-1
28@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh
.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,um
ac-64-etm@openssh.com,umac-128-etm@o...tm@openssh.com,hma
c-sha2-512-etm@openssh.com,hmac-ripe...tm@openssh.com,hmac-sha1-96-etm@opens
sh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-1
28@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh
.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 133/256
debug2: bits set: 1004/2048
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /home/dp3/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug3: check_host_in_hostfile: filename /home/dp3/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug3: check_host_in_hostfile: filename /home/dp3/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug2: no key of type 0 for host ftp2.pcfcorp.com
debug3: check_host_in_hostfile: filename /home/dp3/.ssh/known_hosts2
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts2
debug3: check_host_in_hostfile: filename /home/dp3/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug2: no key of type 2 for host ftp2.pcfcorp.com
Host key verification failed.
debug1: Calling cleanup 0x8062c30(0x0)
Couldn't read packet: Connection reset by peer

could anyone help me with this? It is most appreciated
 
Old 06-16-2015, 12:30 PM   #2
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,355

Rep: Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989
What sftp server are you running on Windows? How did you copy the public key over to the Windows machine?
 
Old 06-16-2015, 12:44 PM   #3
hat1208
LQ Newbie
 
Registered: Jul 2013
Posts: 16

Original Poster
Rep: Reputation: Disabled
The windows machine is controlled by the client. I have no way of knowing how or what they did. I sent them the rsa key that i generated on my Redhat box and a couple days later they informed me that the key had been installed.
 
Old 06-16-2015, 12:49 PM   #4
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,355

Rep: Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989
Quote:
Originally Posted by hat1208 View Post
I have a client that I need to sftp a nightly production file to from a Redhat linux box. We think that we have established the public key on the receiving machine. When I try to execute the sftp command on my linux box I receive the following output with the -vvv option to the sftp command:

$ sftp -vvv -oPort=5522 -oIdentityFile=/home/dp3/.ssh/id_rsa.pub -b /home/bin/b3153.bin pcf17@ftp2.pcfcorp.com
The public key gets placed in the client's authorized keys file. This is what you should have sent them.
The private key is sent in your ssh/sftp command, you're sending the public key.
 
Old 06-16-2015, 01:10 PM   #5
hat1208
LQ Newbie
 
Registered: Jul 2013
Posts: 16

Original Poster
Rep: Reputation: Disabled
I tried that didn't work. I think I copied the public key into the known_hosts file. Should that be the private key in that file? I have the .ssh directory set up as read only, should that have the execute permission set? Here is the output of latest attempt:

[dp3] [Gloversville] /home/dp3?sftp -vvv -oPort=5522 -oIdentityFile=/home/dp3/.s
sh/id_rsa -b /home/bin/b3153.bin pcf17@ftp2.pcfcorp.com
Connecting to ftp2.pcfcorp.com...
OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug2: ssh_connect: needpriv 0
debug1: Connecting to ftp2.pcfcorp.com [192.43.246.17] port 5522.
debug1: Connection established.
debug1: identity file /home/dp3/.ssh/id_rsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2
debug1: match: OpenSSH_6.2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-gro
up1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@open
ssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@open
ssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp
521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diff
ie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour12
8,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc
,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour12
8,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc
,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,um
ac-64-etm@openssh.com,umac-128-etm@o...tm@openssh.com,hma
c-sha2-512-etm@openssh.com,hmac-ripe...tm@openssh.com,hmac-sha1-96-etm@opens
sh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-1
28@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh
.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,um
ac-64-etm@openssh.com,umac-128-etm@o...tm@openssh.com,hma
c-sha2-512-etm@openssh.com,hmac-ripe...tm@openssh.com,hmac-sha1-96-etm@opens
sh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-1
28@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh
.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 133/256
debug2: bits set: 1037/2048
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /home/dp3/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug3: check_host_in_hostfile: filename /home/dp3/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug3: check_host_in_hostfile: filename /home/dp3/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug2: no key of type 0 for host ftp2.pcfcorp.com
debug3: check_host_in_hostfile: filename /home/dp3/.ssh/known_hosts2
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts2
debug3: check_host_in_hostfile: filename /home/dp3/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug2: no key of type 2 for host ftp2.pcfcorp.com
The authenticity of host 'ftp2.pcfcorp.com (192.43.246.17)' can't be established
.
RSA key fingerprint is 3d:ae:d6:bb:90:58:5e:b3:5e:7b:a9:7b:52:0a:2a:88.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/home/dp3/.ssh/known_hosts).
debug2: bits set: 1041/2048
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interacti
ve
debug3: start over, passed a different list publickey,password,keyboard-interact
ive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/dp3/.ssh/id_rsa
debug3: no such identity: /home/dp3/.ssh/id_rsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:
 
Old 06-16-2015, 01:54 PM   #6
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,355

Rep: Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989
Quote:
Originally Posted by hat1208 View Post
I tried that didn't work. I think I copied the public key into the known_hosts file. Should that be the private key in that file? I have the .ssh directory set up as read only, should that have the execute permission set?
1) Don't touch your known_hosts file. That's not where keys go, it has nothing to do with keys or authentication, just leave it alone. You may have corrupted it by trying to add your public key into it, so you might as well just delete it and let ssh repopulate it as needed.

2) .ssh is a directory, so yes it must have execute permission, and it needs write permission in order to update known_hosts. Run this: "chmod 700 ~/.ssh"
 
Old 06-16-2015, 02:03 PM   #7
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,355

Rep: Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989
passwordless ssh keys are really very simple to set up:

1) run "ssh-keygen -t dsa" on computer 1, press enter until you're back at the command prompt

2) copy the newly generated ~/.ssh/id_dsa.pub on computer 1 into computer 2's ~/.ssh/authorized_keys file

3) update the permissions on computer 2, if necessary: "chmod 600 ~/.ssh/authorized_keys; chmod 700 ~/.ssh; chmod 750 ~"

4) ssh/sftp from computer 1 to computer 2 like normal. If you kept your private key in the default location "~/.ssh/id_dsa", then there's no need to specify the key to use on the command line with -i or IdentityFile


Since you're not in control of computer 2, you have to hope that they did steps 2b and 3 properly. You just need to worry about 1, 2a, and 4, which are trivially easy.

Last edited by suicidaleggroll; 06-16-2015 at 02:04 PM.
 
Old 06-16-2015, 02:05 PM   #8
Sefyir
Member
 
Registered: Mar 2015
Distribution: Linux Mint
Posts: 429

Rep: Reputation: 184Reputation: 184
Quote:
Originally Posted by suicidaleggroll View Post
1) Don't touch your known_hosts file. That's not where keys go, it has nothing to do with keys or authentication, just leave it alone. You may have corrupted it by trying to add your public key into it, so you might as well just delete it and let ssh repopulate it as needed.
When you connect to a server for the first time it will send out its fingerprint for its public key. If you accept it, it is stored in the known hosts.
If at any point in the future, the fingerprint is different from the one stored in the known hosts, then ssh lets you know it has changed.
Could be the owner changed the key without letting you know to the connection being actively man-in-middled.
It's automatic so yes, leave it alone.
 
Old 06-16-2015, 02:15 PM   #9
hat1208
LQ Newbie
 
Registered: Jul 2013
Posts: 16

Original Poster
Rep: Reputation: Disabled
suicidaleggroll,

That worked, although it is prompting me for a password. I removed the known_hosts and known_hosts2 files from the .ssh directory and they have not repopulated. Here is the result of latest attempt:

[dp3] [Gloversville] /home/bin?sftp -vvv -oPort=5522 -oIdentityFile=/home/dp3/.s
sh/id_rsa -b /home/bin/b3153.bin pcf17@ftp2.pcfcorp.com
Connecting to ftp2.pcfcorp.com...
OpenSSH_3.6.1p2, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug2: ssh_connect: needpriv 0
debug1: Connecting to ftp2.pcfcorp.com [192.43.246.17] port 5522.
debug1: Connection established.
debug1: identity file /home/dp3/.ssh/id_rsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_6.2
debug1: match: OpenSSH_6.2 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_3.6.1p2
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug2: kex_parse_kexinit: diffie-hellman-group-exchange-sha1,diffie-hellman-gro
up1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,
aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@open
ssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5,hmac-sha1,hmac-ripemd160,hmac-ripemd160@open
ssh.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit: none,zlib
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: kex_parse_kexinit: ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp
521,diffie-hellman-group-exchange-sha256,diffie-hellman-group-exchange-sha1,diff
ie-hellman-group14-sha1,diffie-hellman-group1-sha1
debug2: kex_parse_kexinit: ssh-rsa,ssh-dss,ecdsa-sha2-nistp256
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour12
8,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc
,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: aes128-ctr,aes192-ctr,aes256-ctr,arcfour256,arcfour12
8,aes128-gcm@openssh.com,aes256-gcm@openssh.com,aes128-cbc,3des-cbc,blowfish-cbc
,cast128-cbc,aes192-cbc,aes256-cbc,arcfour,rijndael-cbc@lysator.liu.se
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,um
ac-64-etm@openssh.com,umac-128-etm@o...tm@openssh.com,hma
c-sha2-512-etm@openssh.com,hmac-ripe...tm@openssh.com,hmac-sha1-96-etm@opens
sh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-1
28@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh
.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: hmac-md5-etm@openssh.com,hmac-sha1-etm@openssh.com,um
ac-64-etm@openssh.com,umac-128-etm@o...tm@openssh.com,hma
c-sha2-512-etm@openssh.com,hmac-ripe...tm@openssh.com,hmac-sha1-96-etm@opens
sh.com,hmac-md5-96-etm@openssh.com,hmac-md5,hmac-sha1,umac-64@openssh.com,umac-1
28@openssh.com,hmac-sha2-256,hmac-sha2-512,hmac-ripemd160,hmac-ripemd160@openssh
.com,hmac-sha1-96,hmac-md5-96
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit: none,zlib@openssh.com
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit:
debug2: kex_parse_kexinit: first_kex_follows 0
debug2: kex_parse_kexinit: reserved 0
debug2: mac_init: found hmac-md5
debug1: kex: server->client aes128-cbc hmac-md5 none
debug2: mac_init: found hmac-md5
debug1: kex: client->server aes128-cbc hmac-md5 none
debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP
debug2: dh_gen_key: priv key bits set: 123/256
debug2: bits set: 1032/2048
debug1: SSH2_MSG_KEX_DH_GEX_INIT sent
debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY
debug3: check_host_in_hostfile: filename /home/dp3/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug3: check_host_in_hostfile: filename /home/dp3/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug3: check_host_in_hostfile: filename /home/dp3/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug2: no key of type 0 for host ftp2.pcfcorp.com
debug3: check_host_in_hostfile: filename /home/dp3/.ssh/known_hosts2
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts2
debug3: check_host_in_hostfile: filename /home/dp3/.ssh/known_hosts
debug3: check_host_in_hostfile: filename /etc/ssh/ssh_known_hosts
debug2: no key of type 2 for host ftp2.pcfcorp.com
The authenticity of host 'ftp2.pcfcorp.com (192.43.246.17)' can't be established
.
RSA key fingerprint is 3d:ae:d6:bb:90:58:5e:b3:5e:7b:a9:7b:52:0a:2a:88.
Are you sure you want to continue connecting (yes/no)? yes
Failed to add the host to the list of known hosts (/home/dp3/.ssh/known_hosts).
debug2: bits set: 1044/2048
debug1: ssh_rsa_verify: signature correct
debug2: kex_derive_keys
debug2: set_newkeys: mode 1
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug2: set_newkeys: mode 0
debug1: SSH2_MSG_NEWKEYS received
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug2: service_accept: ssh-userauth
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interacti
ve
debug3: start over, passed a different list publickey,password,keyboard-interact
ive
debug3: preferred publickey,keyboard-interactive,password
debug3: authmethod_lookup publickey
debug3: remaining preferred: keyboard-interactive,password
debug3: authmethod_is_enabled publickey
debug1: Next authentication method: publickey
debug1: Trying private key: /home/dp3/.ssh/id_rsa
debug3: no such identity: /home/dp3/.ssh/id_rsa
debug2: we did not send a packet, disable method
debug3: authmethod_lookup keyboard-interactive
debug3: remaining preferred: password
debug3: authmethod_is_enabled keyboard-interactive
debug1: Next authentication method: keyboard-interactive
debug2: userauth_kbdint
debug2: we sent a keyboard-interactive packet, wait for reply
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 1
Password:
debug3: packet_send2: adding 32 (len 23 padlen 9 extra_pad 64)
debug2: input_userauth_info_req
debug2: input_userauth_info_req: num_prompts 0
debug3: packet_send2: adding 48 (len 10 padlen 6 extra_pad 64)
debug1: Authentication succeeded (keyboard-interactive).
debug1: fd 5 setting O_NONBLOCK
debug2: fd 6 is O_NONBLOCK
debug1: channel 0: new [client-session]
debug3: ssh_session2_open: channel_new: 0
debug2: channel 0: send open
debug1: Entering interactive session.
debug2: callback start
debug2: ssh_session2_setup: id 0
debug1: Sending subsystem: sftp
debug1: channel 0: request subsystem
debug2: callback done
debug1: channel 0: open confirm rwindow 0 rmax 32768
debug2: channel 0: rcvd adjust 2097152
debug2: Remote version: 3
debug2: Init extension: "posix-rename@openssh.com"
debug2: Init extension: "statvfs@openssh.com"
debug2: Init extension: "fstatvfs@openssh.com"
debug2: Init extension: "hardlink@openssh.com"
debug3: Sent message fd 4 T:16 I:1
debug3: SSH_FXP_REALPATH . -> /
sftp> cd Incoming
debug3: Sent message fd 4 T:16 I:2
debug3: SSH_FXP_REALPATH /Incoming -> /Incoming
debug3: Sent message fd 4 T:17 I:3
debug3: Received stat reply T:105 I:3
sftp> lcd /home/ftpcir/co03/uplde
sftp> put NHSTS20150604.TXT
debug3: Looking up NHSTS20150604.TXT
debug3: Sent message SSH2_FXP_OPEN I:4 P:/Incoming/NHSTS20150604.TXT
Uploading NHSTS20150604.TXT to /Incoming/NHSTS20150604.TXT
debug3: Sent message SSH2_FXP_WRITE I:5 O:0 S:32768
debug3: SSH2_FXP_STATUS 0
debug3: In write loop, ack for 5 32768 bytes at 0
debug3: Sent message SSH2_FXP_WRITE I:6 O:32768 S:32768
debug3: Sent message SSH2_FXP_WRITE I:7 O:65536 S:32768
debug3: Sent message SSH2_FXP_WRITE I:8 O:98304 S:1571
debug3: SSH2_FXP_STATUS 0
debug3: In write loop, ack for 6 32768 bytes at 32768
debug2: channel 0: rcvd adjust 98452
debug3: SSH2_FXP_STATUS 0
debug3: In write loop, ack for 7 32768 bytes at 65536
debug3: SSH2_FXP_STATUS 0
debug3: In write loop, ack for 8 1571 bytes at 98304
debug3: Sent message SSH2_FXP_CLOSE I:5
debug3: SSH2_FXP_STATUS 0
sftp> exit
debug1: channel 0: read<=0 rfd 5 len 0
debug1: channel 0: read failed
debug1: channel 0: close_read
debug1: channel 0: input open -> drain
debug1: channel 0: ibuf empty
debug1: channel 0: send eof
debug1: channel 0: input drain -> closed
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
debug1: channel 0: rcvd eof
debug1: channel 0: output open -> drain
debug1: channel 0: obuf empty
debug1: channel 0: close_write
debug1: channel 0: output drain -> closed
debug1: channel 0: rcvd close
debug3: channel 0: will not send data after close
debug1: channel 0: almost dead
debug1: channel 0: gc: notify user
debug1: channel 0: gc: user detached
debug1: channel 0: send close
debug1: channel 0: is dead
debug1: channel 0: garbage collecting
debug1: channel_free: channel 0: client-session, nchannels 1
debug3: channel_free: status: The following connections are open:\015
#0 client-session (t4 r0 i3/0 o3/0 fd -1/-1)\015

debug3: channel_close_fds: channel 0: r -1 w -1 e 7
debug1: fd 0 clearing O_NONBLOCK
debug2: fd 1 is not O_NONBLOCK
debug1: Transferred: stdin 0, stdout 0, stderr 0 bytes in 1.0 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 0.0
debug1: Exit status 0
 
Old 06-16-2015, 02:35 PM   #10
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,355

Rep: Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989
1) Please put your output in [code][/code] tags to keep the thread readable.

2) Your ssh output is complaining that it can't add the host to known_hosts, did you change the permissions on ~/.ssh like I suggested?

3) Your ssh output is complaining that you do not have an id_rsa key. Do you? Did you ever run "ssh-keygen"? What is in your .ssh folder? What file did you send to the client?
 
Old 06-16-2015, 02:46 PM   #11
hat1208
LQ Newbie
 
Registered: Jul 2013
Posts: 16

Original Poster
Rep: Reputation: Disabled
suicidaleggroll,

drwx------ 2 root users 4096 Jun 16 14:07 .ssh

Contents:

[dp3] [Gloversville] /home/dp3/.ssh?ls -la
total 24
drwx------ 2 root users 4096 Jun 16 14:07 .
drwxrwxrwx 11 dp3 datapro 4096 Jun 16 14:09 ..
-rw------- 1 dp3 datapro 226 Jun 9 13:29 authorized_keys
-rw-r--r-- 1 root root 107 Jun 16 13:43 config
-rw------- 1 dp3 datapro 887 Jun 3 11:11 id_rsa
-rw-r--r-- 1 dp3 datapro 226 Jun 3 11:11 id_rsa.pub
[dp3] [Gloversville] /home/dp3/.ssh?

The file is a fixed length text file with subscriber data in it. You can see the name in the debug NHSTS20150604.TXT.
 
Old 06-16-2015, 02:57 PM   #12
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,355

Rep: Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989
Why does dp3's .ssh directory and config file belong to root? That's why your sftp command can't use the known_hosts file or private key, dp3 can't access its own .ssh directory.

I don't care about the file you uploaded through sftp, I'm talking about the key file you sent them to add to their authorized keys file.

Last edited by suicidaleggroll; 06-16-2015 at 02:59 PM.
 
Old 06-16-2015, 02:59 PM   #13
hat1208
LQ Newbie
 
Registered: Jul 2013
Posts: 16

Original Poster
Rep: Reputation: Disabled
I sent them the id_rsa.pub file
 
Old 06-16-2015, 03:00 PM   #14
hat1208
LQ Newbie
 
Registered: Jul 2013
Posts: 16

Original Poster
Rep: Reputation: Disabled
When I had .ssh owned by me the ssh would complain about security.
 
Old 06-16-2015, 03:06 PM   #15
suicidaleggroll
LQ Guru
 
Registered: Nov 2010
Location: Colorado
Distribution: OpenSUSE, CentOS
Posts: 5,355

Rep: Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989Reputation: 1989
Probably because your home directory has 777 permissions.

Does your home directory need to be 777? Before you respond, the answer is "no". There is a better way of doing whatever it is you're trying to do there. Change your home directory back to what it's supposed to be (750), and change the owner of your .ssh and .ssh/config files back to dp3.

Last edited by suicidaleggroll; 06-16-2015 at 03:07 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] sftp asking for password authentication but my public key is passwordless slepthien Linux - Newbie 9 03-07-2014 09:49 AM
Trying to get SFTP to use public key authentication Phaethar Linux - Software 1 12-07-2013 03:46 AM
chrooted sftp on centos 6.4 and public key auth garba Linux - Security 1 10-08-2013 01:52 PM
password less sftp connectivity using public key kashifchughtai Linux - Newbie 7 06-24-2013 09:49 PM
SFTP without password and without public/ private key iamakshay Programming 2 10-19-2009 05:35 PM


All times are GMT -5. The time now is 01:32 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration