Re: sftp question

From: Chris Clymer (cclymer_at_gmail.com)
Date: 09/20/05

  • Next message: Miro Dietiker, MD Systems: "AW: sftp question"
    Date: Tue, 20 Sep 2005 01:17:58 -0400
    To: Joseph Vaughn <vaughn@chemmail.chem.fsu.edu>, secureshell@securityfocus.com
    
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    I'm not familiar with Sun's specific versions of SSH/SFTP...are these
    different than OpenSSH? Regardless, I would be surprised if what you
    had didn't support SSH keys, which are a better way to go then passwords
    anyways.

    There are lots of howto's out there, heres one:
    http://www.securityfocus.com/infocus/1810

    This is in fact a password-less login, more secure than a password
    login, and I use it everyday to login to most of my machines :) Some
    people even keep their ssh keys on a USB key and mount it when they need
    to login.

    Also...perhaps what you truly want is to use SCP in conjunction with keys?

    Joseph Vaughn wrote:
    > Hello
    >
    > I hope someone can help me with the following problem.
    >
    >
    >
    >
    > Background: We are using SUN hosts running Solaris9. For more than 15
    > years we have had our users launch a Cshell script to create a tar
    > file. It also does ftp data transfer in the background for archiving
    > on remote Macintosh computers. The users just type the name of the
    > script on the command line and then he/she enters a file name. The
    > process uses .netrc which contains the remote password. Permissions are
    > set so that the users cannot read the contents of .netrc.
    > So, the user does not know the password on the archiving host. Of
    > course ftp has huge security problems. So, I am trying to create a
    > similar process using sftp. I have tried to do this using SUN's
    > Solaris9 ssh-keygen, ssh-agent, ssh-add, etc. I have tried
    > "passwordless" sftp setups I have found on websites. This description
    > is improper. They don't require your normal password, but they do
    > require a new "passphrase" (ie a new password).
    >
    >
    > My question: Help?! Can you tell me how to get Solaris9's version of
    > sftp/ssh to work in such a fashion as I described above. That is, sftp
    > launched with a Cshell script and have the password/passphrase entered
    > in the background perhaps by another shell script, which is called by
    > the first one.
    >
    >
    > Regards.
    >
    >
    > Joseph Vaughn

    - --
              Chris Clymer - Chris@ChrisClymer.com
    PGP: E546 19B6 D1EC 47A7 CAA0 8623 C807 398C CD27 15B8

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.7 (GNU/Linux)
    Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

    iD8DBQFDL5uGyAc5jM0nFbgRAm59AJ9OBn6rQUNcTl6g6SSW/7rgDQBTKwCggS/L
    PsPO5i4+eacXyySNVBSkKGU=
    =2s6N
    -----END PGP SIGNATURE-----

    
    


  • Next message: Miro Dietiker, MD Systems: "AW: sftp question"

    Relevant Pages

    • RE: OPIE considered insecure
      ... I've been reading this thread with great interest. ... server is ssh keys only, which is all well and good, to login I bounce to a ... node that allows passwords and then to my server, ...
      (FreeBSD-Security)
    • Re: ssh
      ... unlocking your ssh keys at login ... The premises of ssh-agent is ...
      (Debian-User)
    • Re: ssh
      ... unlocking your ssh keys at login ... because I'm too lazy to research it, why is this any better than a ...
      (Debian-User)
    • Re: HowTo change password on multiple machines (fast)
      ... to automate process of changing passwords without "expect" program. ... If you can login with ssh keys do you really need to change your password? ...
      (alt.os.linux)