You need to generate a key for your user on the unix machine using the
following command:
ssh-keygen -t rsa
accept the defaults
copy the contents of the file created by this (id_rsa.pub) to the remote
host and place it in the users authorized_keys file for the user. The
authorized_keys file should be in the same directory that the keys for that
user are located.
-----Original Message-----
From: Alfonso Valls [mailto:alfonso.valls@db.com]
Sent: Tuesday, January 25, 2005 11:46 AM
To: secureshell@securityfocus.com
Subject: sftp between UNIX box and NT Server using SFTP Root.
Hello,
I don't know, if this is the forum to raise a question about the openSSH and
a communication problem that we have using the "sftp" to a SFTP Root Gateway
Server. Here below you got the explanation of our problem:
We would like to communicate a LINUX and/or UNIX platform to a NT Server
(automatically) in a secure way: Sending files from a UNIX/Linux platform to
NT Servers. For security restrictions, etc is not possible to use Samba and
there is only allowed the use of a secure file transfers (sftp).
Specifications:
a) UNIX BOX based in Solaris 2.6 and using: OpenSSH_3.8.1p1, OpenSSL 0.9.6m
17 Mar 2004 or
Linux Box (OpenSSH_3.4p1, SSH protocols 1.5/2.0, OpenSSL 0x0090607f)
b) NT Server is accessible through a NT Gateway with a SFTP Root based in a
( VShell Secure Shell server).
Communication should be (per specs): UNIX/LINUX -> GatewayNT Serverwith
the SFTP Root Software -> RemoteNTServer
To ways:
a) With an authentication using public keys. See note at the end of
this email
b) Using the "sftp" from Linux/UNIX to the NT Gateway. The reason we
want to use this method is because the Gateway NT Server; using the sftp and
providing the password allow us to access to specific share resources in NT
(needs authentication).
Problem:
Everything works fine using from UNIX the "sftp" Se example below:
sftp user@gatewayNTserver
Connecting to gatrewayntserver...
Unauthorised Access Warning:
Access to this computer is prohibited unless authorised.
Accessing programs or data unrelated to your job is
prohibited.user@gatentwayserver's password:
Enter the password when prompted.
but the password for the "user" is required/mandatory. Is there anyway to
included the password automatically in the "sftp" statement? Like:
sftp user:password@gatewayNTServer?
We need to include the "sftp statement inside a unix/linux script (ksh) as
part of a batch process and it's not possible to implement a solution using
the "sftp" because we can not find out a solution to provide the password
automatically. is there any way to do this? I have seen some similar
solution with VANDYKE Software like: (This is not the same but includes in a
sftp the user and password together.
Download from remote host:
SFXCL sftp://[<user>[:<password>]@]<host
address>[:<port>]/<source path> <destination path>
Upload to remote host:
SFXCL <source path> sftp://[<user>[:<password>]@]<host
address>[:<port>]/<destination path>
Note:
Using Public Key Only authentication instead of password authentication will
only grant access to the HOST only (\\REMOTENTSERVER\SHARE$). In order to
access a remote share on another server the username/password must be
supplied as this is required to authenticate to the remote NT file system.
It's possible to configure the gateway to use the public key from the Unix
host BUT as we need to transfer files to the remote host
\\RemoteNTServer\resource$ we will need to supply a password.
Let me know if it's not well explained but the question is How we can
include the password automatically in the "sftp" (OpenSSH). We don't see any
version of the OpenSSH with this option.
Thanks!
Alfonso Valls López
-------------------------------------------------------------------------
GFT Spain
Tel: +34 96 310 2423
Mobile: +34 699 981670
e-mail: Alfonso.Valls@db.com
-------------------------------------------------------------------------
--
Diese E-Mail enthält vertrauliche und/oder rechtlich geschützte
Informationen. Wenn Sie nicht der richtige Adressat sind oder diese E-Mail
irrtümlich erhalten haben, informieren Sie bitte sofort den Absender und
vernichten Sie diese Mail. Das unerlaubte Kopieren sowie die unbefugte
Weitergabe dieser Mail ist nicht gestattet.
This e-mail may contain confidential and/or privileged information. If you
are not the intended recipient (or have received this e-mail in error)
please notify the sender immediately and destroy this e-mail. Any
unauthorized copying, disclosure or distribution of the material in this
e-mail is strictly forbidden.
IMPORTANT: The security of electronic mail sent through the Internet
is not guaranteed. Legg Mason therefore recommends that you do not
send confidential information to us via electronic mail, including social
security numbers, account numbers, and personal identification numbers.
Delivery, and timely delivery, of electronic mail is also not
guaranteed. Legg Mason therefore recommends that you do not send
time-sensitive
or action-oriented messages to us via electronic mail, including
authorization to "buy" or "sell" a security or instructions to conduct any
other financial transaction. Such requests, orders or instructions will
not be processed until Legg Mason can confirm your instructions or
obtain appropriate written documentation where necessary.
