PuTTY and SSH2 on OpenVMS - Not

From: Manser (nmanser_at_progis.de)
Date: 06/25/03 

Date: 25 Jun 2003 05:35:52 -0700

Alder <PGDEHMKOKIMD@spammotel.com> wrote in message news:<3EF93EE5.4060405@spammotel.com>...
> Greetings all,
>
>
> Just curious. Has anyone successfully used public-key authentication to
> connect a PuTTY client to the newer HP SSH server (EAK 1.1) on OpenVMS?
> I know I haven't :-(
>
> In my server config file, SSHD2_CONFIG, I have:
>
> .
> .
> .
> Ciphers 3des
> UserConfigDirectory "%Dash2" <-- whatever that is ???
> AuthorizationFile authorization
> AllowAgentForwarding yes
> AllowTCPForwarding yes
> AllowedAuthentications publickey
> .
> .
> .
>
> and I have this line in my user SYS$LOGIN:[SSH2]AUTHORIZATION. file:
>
> Key DSASSH2_20030418_PUBLIC.PUB
>
> with a matching public key file named DSASSH2_20030418_PUBLIC.PUB in the
> SYS$LOGIN:[SSH2] directory.
>
> PuTTY reports this at each login attempt:
>
> Using username "TBRANSCO".
> Authenticating with public key "dsa-key-20030418" from agent
> No supported authentication methods left to try!
>
> ...followed immediately by a Windows dialog reporting that the
> connection was closed by the remote host.
>
> I did record a full log of the SSH packet traffic as well using PuTTY
> and if anyone can bear to read further, I've pasted it below in its
> entirety. Have I missed the obvious? Where else can I look for the cause?
>
> Kind regards, and thanks for reading,
>
> Alder
>
> =~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2003.06.24 22:48:07
> =~=~=~=~=~=~=~=~=~=~=~=
> Event Log: Writing new session log (SSH packets mode) to file:
> C:\TEMP\PuTTYLOG\putty.log
> Event Log: Looking up host "szeged.erebus.homeip.net"
> Event Log: Connecting to 192.168.0.3 port 22
> Event Log: Server version: SSH-2.0-2.4.1 SSH Secure Shell OpenVMS V1.0
> Event Log: We claim version: SSH-2.0-PuTTY-Release-0.53b
> Event Log: Using SSH protocol version 2
> Incoming packet type 20 / 0x14 (SSH2_MSG_KEXINIT)
> Event Log: Doing Diffie-Hellman key exchange
> Outgoing packet type 30 / 0x1e (SSH2_MSG_KEXDH_INIT)
> Incoming packet type 31 / 0x1f (SSH2_MSG_KEXDH_REPLY)
> Event Log: Host key fingerprint is:
> Event Log: ssh-dss 1024 0f:63:5a:0d:8b:d7:56:1f:f2:51:d2:38:06:e0:46:e9
> Outgoing packet type 21 / 0x15 (SSH2_MSG_NEWKEYS)
> Incoming packet type 21 / 0x15 (SSH2_MSG_NEWKEYS)
> Event Log: Initialised triple-DES client->server encryption
> Event Log: Initialised triple-DES server->client encryption
> Outgoing packet type 5 / 0x05 (SSH2_MSG_SERVICE_REQUEST)
> Incoming packet type 6 / 0x06 (SSH2_MSG_SERVICE_ACCEPT)
> Outgoing packet type 50 / 0x32 (SSH2_MSG_USERAUTH_REQUEST)
> Incoming packet type 51 / 0x33 (SSH2_MSG_USERAUTH_FAILURE)
> Event Log: Pageant is running. Requesting keys.
> Event Log: Pageant has 1 SSH2 keys
> Event Log: Trying Pageant key #0
> Outgoing packet type 50 / 0x32 (SSH2_MSG_USERAUTH_REQUEST)
> ssh-connection..
> ..publickey.....
> 00000030 73 73 68 2d 64 73 73 00 00 01 b1 00 00 00 07 73
> ssh-dss........s
> 00000040 73 68 2d 64 73 73 00 00 00 81 00 b5 2b 2b 22 92
> sh-dss......++".
> Incoming packet type 60 / 0x3c (SSH2_MSG_USERAUTH_PK_OK)
> Event Log: Sending Pageant's response
> Outgoing packet type 50 / 0x32 (SSH2_MSG_USERAUTH_REQUEST)
> Incoming packet type 51 / 0x33 (SSH2_MSG_USERAUTH_FAILURE)
> Event Log: No supported authentications offered. Disconnecting
> Outgoing packet type 1 / 0x01 (SSH2_MSG_DISCONNECT)

Final message:

> -No supported authentication methods available

The SSH (e.a.k) 1.1 on openVMS has restricted functions.
The full functions will be available with tcpip V5.4
this may be the cause (see your log).
  
i use the SSH e.a.k 1.1 on OpenVMS with password authentication.
with a putty client, i works fine.

here are the config files:

VMAL06> ty SSH2_CONFIG.

## ssh2_config
## SSH 2.0 Client Configuration File
##

## The "*" is used for all hosts, but you can use other hosts as
## well.
*:

## HP Tru64 UNIX specific
# Secure the r* utilities (no, yes)
# EnforceSecureRutils no

## General

 VerboseMode yes
# QuietMode yes
# DontReadStdin no
# BatchMode yes
# Compression yes
# ForcePTTYAllocation yes
# GoBackground yes
# EscapeChar ~
# PasswordPrompt "%U@%H's password: "
        PasswordPrompt "%U's password: "
        AuthenticationSuccessMsg yes

## Network

 Port 22
 NoDelay no
 KeepAlive yes
# SocksServer
#socks://mylogin@socks.ssh.com:1080/203.123.0.0/16,198.74.23.0/24

## Crypto

 Ciphers AnyStdCipher
 MACs AnyMAC
 StrictHostKeyChecking no
# RekeyIntervalSeconds 3600

## User public key authentication

 IdentityFile identification
 AuthorizationFile authorization
 RandomSeedFile random_seed

## Tunneling

# GatewayPorts yes
        ForwardX11 yes
# ForwardAgent yes

# Tunnels that are set up upon logging in

# LocalForward "110:pop3.ssh.com:110"
# RemoteForward "3000:foobar:22"

## SSH1 Compatibility

   Ssh1Compatibility yes
   Ssh1AgentCompatibility none
# Ssh1AgentCompatibility traditional
# Ssh1AgentCompatibility ssh2
# Ssh1Path /usr/local/bin/ssh1

## Authentication
## Hostbased is not enabled by default.

        AllowedAuthentications hostbased, publickey, password

# For ssh-signer2 (only effective if set in the global configuration
# file, usually /etc/ssh2/ssh2_config)

# DefaultDomain ucx.lkg.dec.com
        SshSignerPath
/sys$system/tcpip$ssh_ssh-signer2

## Examples of per host configurations

#alpha*:
# Host alpha.oof.fi
# User user
# PasswordPrompt "%U:s password at %H: "
# Ciphers idea

#foobar:
# Host foo.bar
# User foo_user

VMAL06> ty SSHD2_CONFIG.
## sshd2_config
## SSH 2.4 Server Configuration File
##

## General

 VerboseMode yes
# QuietMode yes
        AllowCshrcSourcingWithSubsystems no
        ForcePTTYAllocation no
        SyslogFacility AUTH
# SyslogFacility LOCAL7

## Network

 Port 22
 ListenAddress 0.0.0.0
 RequireReverseMapping no
 MaxBroadcastsPerSecond 0
# MaxBroadcastsPerSecond 1
# NoDelay yes
# KeepAlive yes
# MaxConnections 50
# MaxConnections 0
# 0 == number of connections not limited

## Crypto

 Ciphers AnyCipher
# Ciphers AnyStd
# Ciphers AnyStdCipher
# Ciphers 3des
        MACs AnyMAC
# MACs AnyStd
# MACs AnyStdMAC
# RekeyIntervalSeconds 3600

## User

 PrintMotd yes
 CheckMail yes
 UserConfigDirectory "%Dssh2"
# UserConfigDirectory "/etc/ssh2/auth/%U"
        UserKnownHosts yes
# LoginGraceTime 600
# PermitEmptyPasswords no
# StrictModes yes

## User public key authentication

 HostKeyFile hostkey
 PublicHostKeyFile hostkey.pub
 RandomSeedFile random_seed
 IdentityFile identification
 AuthorizationFile authorization
 AllowAgentForwarding yes

## Tunneling

 AllowX11Forwarding yes
 AllowTcpForwarding yes
# AllowTcpForwardingForUsers sjl, cowboyneal@slashdot.org
# DenyTcpForwardingForUsers "2[:isdigit:]*4, peelo"
# AllowTcpForwardingForGroups priviliged_tcp_forwarders
# DenyTcpForwardingForGroups coming_from_outside

## Authentication
## Hostbased and PAM are not enabled by default.

# BannerMessageFile /etc/ssh2/ssh_banner_message
# BannerMessageFile /etc/issue.net
        PasswordGuesses 3
# AllowedAuthentications publickey
# AllowedAuthentications publickey,pam-1@ssh.com
# AllowedAuthentications hostbased,publickey,password
        AllowedAuthentications password
# RequiredAuthentications publickey,password
# SshPAMClientPath ssh-pam-client

## Host restrictions

        AllowHosts localhost, *
# DenyHosts evil.org, aol.com
# AllowSHosts trusted.host.org
# DenySHosts not.quite.trusted.org
# IgnoreRhosts no
# IgnoreRootRHosts no
# (the above, if not set, is defaulted to the value of IgnoreRHosts)

## User restrictions

# AllowUsers
"sj*,s[:isdigit:]##,s(jl|amza)"
# DenyUsers skuuppa,warezdude,31373
# DenyUsers don@untrusted.org
# AllowGroups staff,users
# DenyGroups guest
# PermitRootLogin nopwd
        PermitRootLogin yes

## SSH1 compatibility

# Ssh1Compatibility
# Sshd1Path

## Chrooted environment

# ChRootUsers ftp, guest
# ChRootGroups guest

## subsystem definitions

        subsystem-sftp
/sys$system/tcpip$ssh_sftp-server2

hope this helps.

By the way i habe some problems usinng the putty client, especially
when editing files, the cursor points to wrong locations in the file,
so that working with the editor is extremly difficult.
Have you exprienced this ?

reguards,

Nazim Manser

Relevant Pages

  • PuTTY and SSH2 on OpenVMS - Not
    ... Has anyone successfully used public-key authentication to ... > Event Log: Pageant is running. ... i use the SSH e.a.k 1.1 on OpenVMS with password authentication. ... ## SSH 2.0 Client Configuration File ...
    (comp.os.vms)
  • Re: Using RSA key _and_ password
    ... OpenSSH should be able to do this. ... "As a second authentication method, ssh supports RSA based ... The scheme is based on public-key cryptography: ...
    (SSH)
  • Re: Authentication problem
    ... attempts, so you can see who the server thinks is trying to logon, and why ... Controller's event log. ... for the OfficeAdmin group, then I removed the "allow anonymous access" ... : "basic authentication" schemas. ...
    (microsoft.public.inetserver.iis.security)
  • Re: Authentication restrictions per account?
    ... A simple entry in a config file under your .ssh directory ... > authentication methods for my own account. ... I set up a public-key and logged back in with the ... The public-key authentication worked just fine. ...
    (comp.security.ssh)
  • Re: Access denied ( From one site to another, that is in another server)
    ... Hi, Bassel, ... An error occurred during the processing of a configuration file ... > server. ... > | Integrated Authentication ...
    (microsoft.public.dotnet.framework.aspnet.security)