Passwordless sftp with ssh 5.9 still asks for password

Andrew Erskine a.erskine@darasoft.com
Tue Nov 29 21:56:00 GMT 2011


Im trying to configure sftp for a enterprise tool I use and the instructions (which I think are out dated as they don’t mention 2008) are as follows which I have followed to the letter – prob is im still asked for a password at the end .. (verbose output at the bottom)
 
To generate authentication keys
1.  Configure the key authentication by entering the following:
ssh-keygen -t dsa
Note: Accept the default key location, C:\Documents and
Settings\nhuser\.ssh\id_dsa, and do not provide a passphrase.
The id_dsa and id_dsa.pub keys appear at the default key locations.
 
2.  Copy the public key, id_dsa.pub, to all remote poller systems in this collection set.
Place the key in the directory, C:\Documents and Settings\nhuser\.ssh.
sftp NH_USER@REMOTE_SITE
sftp>cd .ssh
sftp>put id_dsa.pub
sftp>exit
 
Update Authentication File on a Windows Remote Site
After you copy the public keys to the .ssh subdirectory on each remote site in the
collection set, you must update the authentication file on each remote site.
To update authentication file on each remote site
1.  Log into the remote site as $NH_USER and navigate to the .ssh subdirectory on the
remote site.
2.  List the files in the .ssh subdirectory by entering the command, dir. 
The system displays a file with a .pub extension. This is your public key.
 
3.  Create an authorization file (with no extension) in the .ssh subdirectory on the
remote site.
Name the authorization file authorized_keys2.
4.  Copy the public key into the authorized_keys2 file, using the following command:
copy /b id_dsa.pub authorized_keys2
 
5.  Save the authorization file.
6.  Restart the cygwin Windows service.
7.  Repeat this procedure for each Windows remote system.
 
Test the Secure FTP Connection
Test the secure FTP connection between the central site and the remote polling sites to
verify that the sites do not prompt for a user name or password.
To test the secure FTP connection for SunSSH or OpenSSH
1.  Access a command prompt on the central site.
2.  Enter the following command:
sftp NH_USER@hostname
NH_USER 
Specifies your FTP user name.
hostname 
Specifies the name of the remote polling site system.
The central site should connect to the remote polling site without requiring you to
enter a user name or password. If you are prompted for a user name or password,
the encryption authentication is not set up correctly.
 
My config …
 
D:\cygwin\bin>mkpasswd -d -u ehealth >> ..\etc\passwd
 
D:\cygwin\bin>ssh-keygen -t dsa
Generating public/private dsa key pair.
Enter file in which to save the key (/cygdrive/c/users/ehealth/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /cygdrive/c/users/ehealth/.ssh/id_dsa.
Your public key has been saved in /cygdrive/c/users/ehealth/.ssh/id_dsa.pub.
The key fingerprint is:
11:f2:7d:97:d6:bb:d9:e8:84:b0:c3:86:14:c6:26:8a ehealth@PWEEHPR01
The key's randomart image is:
+--[ DSA 1024]----+
|      . .        |
|       + o     o |
|      . B . . + .|
|   . . + o . o  .|
|  E .   S .    . |
|       . o o . .+|
|        . = . oo.|
|         . . o   |
|              .  |
+-----------------+
 
D:\cygwin\bin>sftp ehealth@2e2ehpr01
The authenticity of host '2e2ehpr01 (2002:2b00:2f8::2b00:2f8)' can't be establis
hed.
ECDSA key fingerprint is 9b:9a:9a:19:38:d3:80:d2:b9:8c:c5:11:68:e7:0b:d4.
Are you sure you want to continue connecting (yes/no)? yes
 
D:\cygwin\bin>sftp ehealth@2e2ehpr01
The authenticity of host '2e2ehpr01 (2002:2b00:2f8::2b00:2f8)' can't be establis
hed.
ECDSA key fingerprint is 9b:9a:9a:19:38:d3:80:d2:b9:8c:c5:11:68:e7:0b:d4.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '2e2ehpr01,2002:2b00:2f8::2b00:2f8' (ECDSA) to the li
st of known hosts.
ehealth@2e2ehpr01's password:
Connected to 2e2ehpr01.
cygwin warning:
  MS-DOS style path detected: D:\nutcroot\usr\lib\terminfo
  Preferred POSIX equivalent is: /cygdrive/d/nutcroot/usr/lib/terminfo
  CYGWIN environment variable option "nodosfilewarning" turns off this warning.
  Consult the user's guide for more details about POSIX paths:
    http://cygwin.com/cygwin-ug-net/using.html#using-pathnames
No entry for terminal type "nutc";
using dumb terminal settings.
No entry for terminal type "nutc";
using dumb terminal settings.
sftp>
sftp> lcd c:/users/ehealth/.ssh
sftp>
sftp> cd .ssh
sftp>
sftp> put id_dsa.pub
Uploading id_dsa.pub to /cygdrive/c/users/ehealth/.ssh/id_dsa.pub
id_dsa.pub                                    100%  607     0.6KB/s   00:00
sftp>
sftp> exit
 
D:\cygwin\bin>sftp ehealth@2e2ehpr01
ehealth@2e2ehpr01's password:
 
D:\cygwin\bin>sftp ehealth@2e2ehpr01
ehealth@2e2ehpr01's password:
 
D:\cygwin\bin>sftp ehealth@2e2ehpr01
ehealth@2e2ehpr01's password:
Connected to 2e2ehpr01.
cygwin warning:
  MS-DOS style path detected: D:\nutcroot\usr\lib\terminfo
  Preferred POSIX equivalent is: /cygdrive/d/nutcroot/usr/lib/terminfo
  CYGWIN environment variable option "nodosfilewarning" turns off this warning.
  Consult the user's guide for more details about POSIX paths:
    http://cygwin.com/cygwin-ug-net/using.html#using-pathnames
No entry for terminal type "nutc";
using dumb terminal settings.
No entry for terminal type "nutc";
using dumb terminal settings.
sftp> lcd c:/users/ehealth/.ssh
sftp> cd .ssh
sftp> put id_dsa.pub
Uploading id_dsa.pub to /cygdrive/c/users/ehealth/.ssh/id_dsa.pub
id_dsa.pub                                    100%  607     0.6KB/s   00:00
sftp>
sftp>
sftp>
sftp> bye
 
D:\cygwin\bin>sftp ehealth@2e2ehpr01
ehealth@2e2ehpr01's password:
 
D:\cygwin\bin>
D:\cygwin\bin>
D:\cygwin\bin>
D:\cygwin\bin>sftp ehealth@2e2ehpr01
ehealth@2e2ehpr01's password:
 
D:\cygwin\bin>
D:\cygwin\bin>
D:\cygwin\bin>
D:\cygwin\bin>
D:\cygwin\bin>sftp ehealth@2e2ehpr01
ehealth@2e2ehpr01's password:
 
D:\cygwin\bin>sftp -v ehealth@2e2ehpr01
OpenSSH_5.9p1, OpenSSL 0.9.8r 8 Feb 2011
debug1: Reading configuration data /etc/ssh_config
debug1: Connecting to 2e2ehpr01 [2002:2b00:2f8::2b00:2f8] port 22.
debug1: Connection established.
debug1: identity file /cygdrive/c/users/ehealth/.ssh/id_rsa type -1
debug1: identity file /cygdrive/c/users/ehealth/.ssh/id_rsa-cert type -1
debug1: identity file /cygdrive/c/users/ehealth/.ssh/id_dsa type 2
debug1: identity file /cygdrive/c/users/ehealth/.ssh/id_dsa-cert type -1
debug1: identity file /cygdrive/c/users/ehealth/.ssh/id_ecdsa type -1
debug1: identity file /cygdrive/c/users/ehealth/.ssh/id_ecdsa-cert type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_5.9
debug1: match: OpenSSH_5.9 pat OpenSSH*
debug1: Enabling compatibility mode for protocol 2.0
debug1: Local version string SSH-2.0-OpenSSH_5.9
debug1: SSH2_MSG_KEXINIT sent
debug1: SSH2_MSG_KEXINIT received
debug1: kex: server->client aes128-ctr hmac-md5 none
debug1: kex: client->server aes128-ctr hmac-md5 none
debug1: sending SSH2_MSG_KEX_ECDH_INIT
debug1: expecting SSH2_MSG_KEX_ECDH_REPLY
debug1: Server host key: ECDSA 9b:9a:9a:19:38:d3:80:d2:b9:8c:c5:11:68:e7:0b:d4
debug1: Host '2e2ehpr01' is known and matches the ECDSA host key.
debug1: Found key in /cygdrive/c/users/ehealth/.ssh/known_hosts:3
debug1: ssh_ecdsa_verify: signature correct
debug1: SSH2_MSG_NEWKEYS sent
debug1: expecting SSH2_MSG_NEWKEYS
debug1: SSH2_MSG_NEWKEYS received
debug1: Roaming not allowed by server
debug1: SSH2_MSG_SERVICE_REQUEST sent
debug1: SSH2_MSG_SERVICE_ACCEPT received
debug1: Authentications that can continue: publickey,password,keyboard-interacti
ve
debug1: Next authentication method: publickey
debug1: Trying private key: /cygdrive/c/users/ehealth/.ssh/id_rsa
debug1: Offering DSA public key: /cygdrive/c/users/ehealth/.ssh/id_dsa
debug1: Authentications that can continue: publickey,password,keyboard-interacti
ve
debug1: Trying private key: /cygdrive/c/users/ehealth/.ssh/id_ecdsa
debug1: Next authentication method: keyboard-interactive
debug1: Authentications that can continue: publickey,password,keyboard-interacti
ve
debug1: Next authentication method: password
ehealth@2e2ehpr01's password:
 
Config on remote server ..
 
 
D:\cygwin\bin>cd c:
 
C:\Users\ehealth>
C:\Users\ehealth>cd .ssh
C:\Users\ehealth\.ssh>ls
id_dsa.pub   known_hosts
 
C:\Users\ehealth\.ssh>edit authorized_keys2
C:\Users\ehealth\SSH~1>ls
authorized_keys2  id_dsa.pub        known_hosts
C:\Users\ehealth\SSH~1>copy /b id_dsa.pub authorized_keys2
Overwrite authorized_keys2? (Yes/No/All): Yes
        1 file(s) copied

Regards
Andy 
Sent from my iPhone


More information about the Cygwin mailing list