Dear All,
I need to decrypt with private key most of the time and this works for RSA. At times I need to decrypt with public key (data is encrypted with private key). This does not seem to work via VB.Net. Is there support for such an activity in Java on Linux or Windows ? Please advise.
... (3 Replies)
Hi all
Ive setup a VSFTPD server and im forcing SSL encryption. I have made a key and it works perfectly.
I have a client who wants to connect but is using software that needs the key to be added before he can connect.
Does he need me to send the key i created and that the VSFTPD.conf... (0 Replies)
Hey all, I have a request from a third party that will be setting my firm up for an account so we can sftp files to their server in a Production environment. I know where the public keys are located on our Red Hat Linux envronment. I was going to ftp the keys from the Linux environment over to my... (2 Replies)
Hi, I've used the following way to set ssh public key authentication and it is working fine on Solaris 10, RedHat Linux and SuSE Linux servers without any problem. But I got error 'Server refused our key' on Solaris 8 system. Solaris 8 uses SSH2 too. Why? Please help. Thanks.
... (1 Reply)
I generated a public key that we are using for ssh and sftp but I noticed that I am still being asked for a password when I run my script. is there something I need to put in my script?
Our linux guy said he placed keys on both servers. (2 Replies)
Hi Guys,
I am trying to import the public of vendor to my system. I am getting below error while importing public key. can anyone please help me with this??
laranakejt4:/u/raja/.pgp $ pgp --import secure.asc
0x1545A56A52:import key (4007:key failed signature check)
secure.asc:import key... (0 Replies)
Hi Guys,
I am trying to import the public of vendor to my system. I am getting below error while importing public key. can anyone please help me with this??
laranakejt4:/u/raja/.pgp $ pgp --import secure.asc
0x1545A56A52:import key (4007:key failed signature check)
secure.asc:import key... (2 Replies)
Hi,
we have private and public key, encrypt file using public and want to decrypt using private key. can you please advise below commands are correct or other remedy if unix have?
encrypt -a arcfour -k publickey.asc -i TESTFILE.csv -o TESTFILE00.csv
decrypt -a arcfour -k privatekey.asc... (2 Replies)
Hi All,
While using ssh command and not able to decrypt the files . if run manually and it working fine . that means connect to server and running the pgp command.
ssh devtesting@198.120.190.34 'cd /home/test/load; pgp --decrypt --passphrase "pstestingThe" --input *'
Cloud please help... (10 Replies)
Discussion started by: bmk123
10 Replies
LEARN ABOUT DEBIAN
fetchfile
FETCHFILE(7) Miscellaneous Information Manual FETCHFILE(7)NAME
O-SAFT / fetchfile
DESCRIPTION
Introduction
With the server protocol extension O-SAFT (Offer Simple Asynchronous File Transfer) and the matching client fetchfile there is an easy
method of retrieving files from a SAFT server. This is a direct analogy to the SMTP and POP or APOP protocol suite in the world of e-mail
transfer.
Overview:
- How does O-SAFT/fetchfile work?
- What to do on the client side?
- What to do on the server side?
- How about security issues?
How does O-SAFT/fetchfile work?
O-SAFT is an extension to the existing SAFT protocol and allows athenticated clients to retrieve files from a (remote) server. The imple-
mention is the server sendfiled and the client fetchfile.
O-SAFT uses a dedicated pgp key pair to authenticate the fetchfile session. The private key will be kept on the client side, the public
key must tbe present at the server side. For security reasons this will NOT be your regular e-mail pgp key pair, but a separate pair of pgp
keys, uniquely assigned for fetchfile transfers. You will have to create a pair of pgp keys for this purpose befor using the fetchfile
client for the first time (see below).
Fetchfile can provide a directory listing of available files from the server, retrieve files or delete files. After retrieving a file, it
will be placed in the regular spool directory, not in the current directory! You will have to use the receive command to transfer the files
from the spool directory to your current directory afterwards.
If there already exists a regular sendfile spool directory /var/spool/sendfile on the client side it will be used, otherwise a
$HOME/.sfspool will be created. Fetchfile will be running without using root permissions on the client side.
What to do on the client side?
You must have pgp-2.6.x installed and the binaries must be available through your $PATH environment variable.
First, and ONLY ONCE before using fetchfile the very first time, you have to create a fetchfile pgp key pair (only pgp-2.6.x is sup-
ported!):
fetchfile -I
Please only hit 'ENTER' when being asked for a pass phrase! This will create a special non-passphrase protected key pair for O-SAFT.
After this initialization you will have a file /var/spool/sendfile/$USER/config/public.pgp resp. $HOME/.sfspool/public.pgp
Please send this file to root@SAFT-server, who has to save this public key file into the appropiate user configuration directory.
Example:
sendfile -c 'my O-SAFT puplic key' /var/spool/sendfile/$USER/config/public.pgp root@bofh.belwue.de
(This prelimary action will enable you to use the SAFT server and will prevent othes from abusing your name or SAFT-account on the server.)
After preparing the pgp keys an both sides, you can invoke fetchfile on a regular basis:
fetchfile -l
list files on the server
fetchfile -a
retrieve all files from server
fetchfile -daf *aol.com
delete all files from the AOL domain
There is a detailed description of all capabilities in the fetchfile(1) man page.
For configuring the server SAFT account by the client user there are two options:
fetchfile -Cw=config
fetchfile -Cw=restrictions
Using this the two local configuration files will be transfered from the local current directory to the SAFT server. The details of the
configuration can be found in the sendfile(1) man page.
With using
fetchfile -Cr=config
fetchfile -Cr=restrictions
the files will be retrieved back and will be displayed to STDOUT.
What to do on the server side?
pgp-2.6.x must be installed. The system adminsitrator needs to run sfdconf -e config add set the following option:
fetchfile = on
The system administrator must create a user account (if it does not yet exist). This account does not need an interactive login shell and
does not need a valid password; the login shell could be /bin/false. The only purpose is to enable the sendfiled to check out the user and
to create a local spool directory (this method is well known for creating POP mail accounts).
The client user will create the initial pgp key pair and the public key (public.pgp) will be sent to the system administrator of the
server. This key has to be placed into the config directory for the particular user. Assuming the user name is bozo, the system adminis-
trator will have to type the following (under root permissions):
receive -f bozo@* -b bozo public.pgp
su bozo
cd /var/spool/sendfile/bozo/config
receive public.pgp
(the first receive resends the file public.pgp from the sender bozo@* to the
local user bozo)
How about security issues?
O-SAFT uses a tcp challenge/response authentication with a pgp signature. This opens the possibility that the session can be attacked
through tcp hijacking. We are well aware of this, but tcp hijacking is not easy and only possible if the attacker has direct access to the
transport media (e.g. listening on the same ethernet cable/segment) and has access to a set of pretty nice cracker tools. With regular
operating system supplied software it is not possible to attack a session.
SEE ALSO sendfile(1), fetchfile(1), sendfiled(8).
AUTHOR
Ulli Horlacher - framstag@rus.uni-stuttgart.de
translated by andreas@citecs.de
3rd Berkeley DistributionFETCHFILE(7)