Using Public Keys To Authenticate Remote Users - HP NonStop SSH 544701-014 Reference Manual

drwxr-xr-x 5 m.horst
-rw-r--r-- 1 m.horst
-rwxr-xr-x 1 m.horst
drwxr-xr-x 2 m.horst
drwxr-xr-x 3 m.horst
226 Transfer complete.
1766 bytes received in
ftp>
Due to the nature of the FTP protocol the forwarding of an FTP session is more complex than for example a telnet
session (an FTP session usually consists of a data and a control channel, each established in a different direction). The
remote SSH daemon must support the forwarding of FTP sessions (not all SSH daemon implementations are able to
handle FTP forwarding).
Similar to the example under
with the NonStop SSH Client", the -R option can be used to forward an FTP connection from a remote host to the local
host.
To Connect a Remote SCP Client to the NonStop Server
The SCPOSS object must be available in OSS name space under the name scp and must be found via the PATH
environment variable. This can be achieved by creating a symbolic link to the installation location, e.g.
ln -s /G/system/zssh/scposs /usr/bin/scp
The environment variable ENV must be set via user attribute SHELL-ENVIRONMENT to ensure the PATH
environment variable gets set appropriately. This can be achieved, e.g. by altering the user as follows (/etc/profile is just
an example and often not a good choice):
ALTER USER test.us, SHELL-ENVIRONMENT /etc/profile
Ensure that shell scripts executed via ENV do not produce any output on stdout.
After the preparation is done you can connect with an SCP client on a remote system to SSH2 listening on the NonStop
server as follows:
test@np-dev02:~/testsftp> rm bigtxt
test@np-dev02:~/testsftp> scp test.us@10.0.0.196:bigtxt .
test.us@10.0.0.196's password:
bigtxt
test@np-dev02:~/testsftp> ls bigtxt
bigtxt

Using Public Keys to Authenticate Remote Users

This section describes how SSH2 can authenticate remote users using public keys. This involves creating a public key
for the user on the remote system, and making the public key known to SSH2 on the NonStop server. After performing
the steps described below, you should be able to connect to the NonStop server with your remote SSH or SFTP client
using only the public key, without entering the NonStop user's password (you may still be prompted for the private key
passphrase, though).
For additional information on public key authentication, please refer to the
"SSH Protocol Reference" chapter.
To Generate a Key Pair on an OpenSSH System
On the remote system, use the following command of OpenSSH (for details of key generation, please refer to the
OpenSSH documentation):
>ssh-keygen -t dsa -C "comf.mh@10.0.0.199"
Generating public/private dsa key pair.
Enter file in which to save the key (/home/m.horst/.ssh/id_dsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
HP NonStop SSH Reference Manual
users 168 Jun 19
users 990000 Jan 19 15:00 ktest2
users 1000000 Jan 19 14:58 ktestbig
users 80 Jun 19
users 192 Nov 23 08:13 sshtest
0.05 seconds (34.49 Kbytes/s)
"Forwarding Remote Port to Local
2003 Documents
2003 public_html
Port" in section "To Establish a Port Forwarding Tunnel
100% 640KB 640.0KB/s
"Public Key Authentication" section in the
Installation & Quick Start • 43
00:00