Im trying to configure sftp for a enterprise tool I use and the instructions (which I think are out dated as they don’t mention 2008) are as follows which I have followed to the letter – prob is im still asked for a password at the end .. (verbose output at the bottom) To generate authentication keys 1. Configure the key authentication by entering the following: ssh-keygen -t dsa Note: Accept the default key location, C:\Documents and Settings\nhuser\.ssh\id_dsa, and do not provide a passphrase. The id_dsa and id_dsa.pub keys appear at the default key locations. 2. Copy the public key, id_dsa.pub, to all remote poller systems in this collection set. Place the key in the directory, C:\Documents and Settings\nhuser\.ssh. sftp NH_USER@REMOTE_SITE sftp>cd .ssh sftp>put id_dsa.pub sftp>exit Update Authentication File on a Windows Remote Site After you copy the public keys to the .ssh subdirectory on each remote site in the collection set, you must update the authentication file on each remote site. To update authentication file on each remote site 1. Log into the remote site as $NH_USER and navigate to the .ssh subdirectory on the remote site. 2. List the files in the .ssh subdirectory by entering the command, dir. The system displays a file with a .pub extension. This is your public key. 3. Create an authorization file (with no extension) in the .ssh subdirectory on the remote site. Name the authorization file authorized_keys2. 4. Copy the public key into the authorized_keys2 file, using the following command: copy /b id_dsa.pub authorized_keys2 5. Save the authorization file. 6. Restart the cygwin Windows service. 7. Repeat this procedure for each Windows remote system. Test the Secure FTP Connection Test the secure FTP connection between the central site and the remote polling sites to verify that the sites do not prompt for a user name or password. To test the secure FTP connection for SunSSH or OpenSSH 1. Access a command prompt on the central site. 2. Enter the following command: sftp NH_USER@hostname NH_USER Specifies your FTP user name. hostname Specifies the name of the remote polling site system. The central site should connect to the remote polling site without requiring you to enter a user name or password. If you are prompted for a user name or password, the encryption authentication is not set up correctly. My config … D:\cygwin\bin>mkpasswd -d -u ehealth >> ..\etc\passwd D:\cygwin\bin>ssh-keygen -t dsa Generating public/private dsa key pair. Enter file in which to save the key (/cygdrive/c/users/ehealth/.ssh/id_dsa): Enter passphrase (empty for no passphrase): Enter same passphrase again: Your identification has been saved in /cygdrive/c/users/ehealth/.ssh/id_dsa. Your public key has been saved in /cygdrive/c/users/ehealth/.ssh/id_dsa.pub. The key fingerprint is: 11:f2:7d:97:d6:bb:d9:e8:84:b0:c3:86:14:c6:26:8a ehealth@PWEEHPR01 The key's randomart image is: +--[ DSA 1024]----+ | . . | | + o o | | . B . . + .| | . . + o . o .| | E . S . . | | . o o . .+| | . = . oo.| | . . o | | . | +-----------------+ D:\cygwin\bin>sftp ehealth@2e2ehpr01 The authenticity of host '2e2ehpr01 (2002:2b00:2f8::2b00:2f8)' can't be establis hed. ECDSA key fingerprint is 9b:9a:9a:19:38:d3:80:d2:b9:8c:c5:11:68:e7:0b:d4. Are you sure you want to continue connecting (yes/no)? yes D:\cygwin\bin>sftp ehealth@2e2ehpr01 The authenticity of host '2e2ehpr01 (2002:2b00:2f8::2b00:2f8)' can't be establis hed. ECDSA key fingerprint is 9b:9a:9a:19:38:d3:80:d2:b9:8c:c5:11:68:e7:0b:d4. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '2e2ehpr01,2002:2b00:2f8::2b00:2f8' (ECDSA) to the li st of known hosts. ehealth@2e2ehpr01's password: Connected to 2e2ehpr01. cygwin warning: MS-DOS style path detected: D:\nutcroot\usr\lib\terminfo Preferred POSIX equivalent is: /cygdrive/d/nutcroot/usr/lib/terminfo CYGWIN environment variable option "nodosfilewarning" turns off this warning. Consult the user's guide for more details about POSIX paths: http://cygwin.com/cygwin-ug-net/using.html#using-pathnames No entry for terminal type "nutc"; using dumb terminal settings. No entry for terminal type "nutc"; using dumb terminal settings. sftp> sftp> lcd c:/users/ehealth/.ssh sftp> sftp> cd .ssh sftp> sftp> put id_dsa.pub Uploading id_dsa.pub to /cygdrive/c/users/ehealth/.ssh/id_dsa.pub id_dsa.pub 100% 607 0.6KB/s 00:00 sftp> sftp> exit D:\cygwin\bin>sftp ehealth@2e2ehpr01 ehealth@2e2ehpr01's password: D:\cygwin\bin>sftp ehealth@2e2ehpr01 ehealth@2e2ehpr01's password: D:\cygwin\bin>sftp ehealth@2e2ehpr01 ehealth@2e2ehpr01's password: Connected to 2e2ehpr01. cygwin warning: MS-DOS style path detected: D:\nutcroot\usr\lib\terminfo Preferred POSIX equivalent is: /cygdrive/d/nutcroot/usr/lib/terminfo CYGWIN environment variable option "nodosfilewarning" turns off this warning. Consult the user's guide for more details about POSIX paths: http://cygwin.com/cygwin-ug-net/using.html#using-pathnames No entry for terminal type "nutc"; using dumb terminal settings. No entry for terminal type "nutc"; using dumb terminal settings. sftp> lcd c:/users/ehealth/.ssh sftp> cd .ssh sftp> put id_dsa.pub Uploading id_dsa.pub to /cygdrive/c/users/ehealth/.ssh/id_dsa.pub id_dsa.pub 100% 607 0.6KB/s 00:00 sftp> sftp> sftp> sftp> bye D:\cygwin\bin>sftp ehealth@2e2ehpr01 ehealth@2e2ehpr01's password: D:\cygwin\bin> D:\cygwin\bin> D:\cygwin\bin> D:\cygwin\bin>sftp ehealth@2e2ehpr01 ehealth@2e2ehpr01's password: D:\cygwin\bin> D:\cygwin\bin> D:\cygwin\bin> D:\cygwin\bin> D:\cygwin\bin>sftp ehealth@2e2ehpr01 ehealth@2e2ehpr01's password: D:\cygwin\bin>sftp -v ehealth@2e2ehpr01 OpenSSH_5.9p1, OpenSSL 0.9.8r 8 Feb 2011 debug1: Reading configuration data /etc/ssh_config debug1: Connecting to 2e2ehpr01 [2002:2b00:2f8::2b00:2f8] port 22. debug1: Connection established. debug1: identity file /cygdrive/c/users/ehealth/.ssh/id_rsa type -1 debug1: identity file /cygdrive/c/users/ehealth/.ssh/id_rsa-cert type -1 debug1: identity file /cygdrive/c/users/ehealth/.ssh/id_dsa type 2 debug1: identity file /cygdrive/c/users/ehealth/.ssh/id_dsa-cert type -1 debug1: identity file /cygdrive/c/users/ehealth/.ssh/id_ecdsa type -1 debug1: identity file /cygdrive/c/users/ehealth/.ssh/id_ecdsa-cert type -1 debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9 debug1: match: OpenSSH_5.9 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_5.9 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client aes128-ctr hmac-md5 none debug1: kex: client->server aes128-ctr hmac-md5 none debug1: sending SSH2_MSG_KEX_ECDH_INIT debug1: expecting SSH2_MSG_KEX_ECDH_REPLY debug1: Server host key: ECDSA 9b:9a:9a:19:38:d3:80:d2:b9:8c:c5:11:68:e7:0b:d4 debug1: Host '2e2ehpr01' is known and matches the ECDSA host key. debug1: Found key in /cygdrive/c/users/ehealth/.ssh/known_hosts:3 debug1: ssh_ecdsa_verify: signature correct debug1: SSH2_MSG_NEWKEYS sent debug1: expecting SSH2_MSG_NEWKEYS debug1: SSH2_MSG_NEWKEYS received debug1: Roaming not allowed by server debug1: SSH2_MSG_SERVICE_REQUEST sent debug1: SSH2_MSG_SERVICE_ACCEPT received debug1: Authentications that can continue: publickey,password,keyboard-interacti ve debug1: Next authentication method: publickey debug1: Trying private key: /cygdrive/c/users/ehealth/.ssh/id_rsa debug1: Offering DSA public key: /cygdrive/c/users/ehealth/.ssh/id_dsa debug1: Authentications that can continue: publickey,password,keyboard-interacti ve debug1: Trying private key: /cygdrive/c/users/ehealth/.ssh/id_ecdsa debug1: Next authentication method: keyboard-interactive debug1: Authentications that can continue: publickey,password,keyboard-interacti ve debug1: Next authentication method: password ehealth@2e2ehpr01's password: Config on remote server .. D:\cygwin\bin>cd c: C:\Users\ehealth> C:\Users\ehealth>cd .ssh C:\Users\ehealth\.ssh>ls id_dsa.pub known_hosts C:\Users\ehealth\.ssh>edit authorized_keys2 C:\Users\ehealth\SSH~1>ls authorized_keys2 id_dsa.pub known_hosts C:\Users\ehealth\SSH~1>copy /b id_dsa.pub authorized_keys2 Overwrite authorized_keys2? (Yes/No/All): Yes 1 file(s) copied
Regards Andy Sent from my iPhone
