I am trying to complete ssh2 connection between HP-UX and CoreFTP. The host key authentication fails with signature didn't match. See below output. I can connect to this CoreFTP from my Windows desktop, and connect to a multitude of other servers from the HP-UX system as well, but have encountered this error on this particular connection.
Has anyone encountered this and have a resolution. Thx.
Last edited by Scott; 08-10-2013 at 02:29 AM..
Reason: Code tags
Guys
How do i add RSA key for a host ?
I was able to connect to a host some time back but now its not connectable ,via SSH.
Message i get is :
abhi@myHost:~/.ssh> ssh eatcid@yourHost
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION... (3 Replies)
Hi,
I am running a script to scp a file from one server to another.
I have created the public/private key and copied the public key to the other server and appended it to authorized_key file.
But i am getting the error message saying "Host Key verification failed" Connection lost.
It works well... (3 Replies)
Hi,
I am encountering below mentioned exception when I execute my Java program that is supposed to SFTP the file from one server over to another.
Can you please tell me some pointers to resolve this issue?
Exception
HostName- 10.1.1.1 ; userName- bmsftp
log4j:WARN No appenders could be... (0 Replies)
Experts,
We are trying to make a key-based authentication from Server A to Server B.
Server A is installed with openshh. Server B runs "Sun_SSH_1.1".
Server A's rsa2 public key has been added into the server B's authorized_keys.
We are sure that permission settings of the files and folders in... (1 Reply)
Hey all, I have a request from a third party that will be setting my firm up for an account so we can sftp files to their server in a Production environment. I know where the public keys are located on our Red Hat Linux envronment. I was going to ftp the keys from the Linux environment over to my... (2 Replies)
Hey all,
I have a script that I use for some automated installs. Unfortunately for the script to work the server that it's running from needs to have host-key authentication setup to the target server. If it isn't setup beforehand and the script is executed the install partially completes and... (1 Reply)
It seems I can do ssh <IP> but not ssh <hostname>
If I try to ssh to hostname I get the error - No DSA host key is known for host1 and you have requested strict checking.
Host key verification failed.
Where do I set up the DSA keys? Is it ssh_known_hosts?
Assume afterwards I can... (3 Replies)
I had generated a ssh2 key on my AIX box, to receive files from other AIX and Linux systems.
Key Name: id_ssh2_server.pub
However this ssh2 key (both public and private keys) has been overwritten, while I was generating another ssh2 key. Now the earlier configured target systems are not able... (3 Replies)
Hi,
I got instructions from Security audit team for Solaris-10 server. They mentioned - "The sshd configuration on the host supported weak host keys and allowed password authentication on Solaris server. Enable stronger keys (2048 or 4096 bit)".
I am not clear enough, what they mean by weak... (7 Replies)
Discussion started by: solaris_1977
7 Replies
LEARN ABOUT ULTRIX
request-key.conf
REQUEST-KEY.CONF(5) Linux Key Management Utilities REQUEST-KEY.CONF(5)NAME
request-key.conf - Instantiation handler configuration file
DESCRIPTION
This file is used by the /sbin/request-key program to determine which program it should run to instantiate a key.
request-key works scans through the file a line at a time until it finds a match, which it will then use. If it doesn't find a match, it'll
return an error and the kernel will automatically negate the key.
Any blank line or line beginning with a hash mark '#' is considered to be a comment and ignored.
All other lines are assumed to be command lines with a number of white space separated fields:
<op> <type> <description> <callout-info> <prog> <arg1> <arg2> ...
The first four fields are used to match the parameters passed to request-key by the kernel. op is the operation type; currently the only
supported operation is "create".
type, description and callout-info match the three parameters passed to keyctl request2 or the request_key() system call. Each of these may
contain one or more asterisk '*' characters as wildcards anywhere within the string.
Should a match be made, the program specified by <prog> will be exec'd. This must have a fully qualified path name. argv[0] will be set
from the part of the program name that follows the last slash '/' character.
If the program name is prefixed with a pipe bar character '|', then the program will be forked and exec'd attached to three pipes. The
callout information will be piped to it on it's stdin and the intended payload data will be retrieved from its stdout. Anything sent to
stderr will be posted in syslog. If the program exits 0, then /sbin/request-key will attempt to instantiate the key with the data read from
stdout. If it fails in any other way, then request-key will attempt to execute the appropriate 'negate' operation command.
The program arguments can be substituted with various macros. Only complete argument substitution is supported - macro substitutions can't
be embedded. All macros begin with a percent character '%'. An argument beginning with two percent characters will have one of them dis-
carded.
The following macros are supported:
%o Operation type
%k Key ID
%t Key type
%d Key description
%c Callout information
%u Key UID
%g Key GID
%T Requestor's thread keyring
%P Requestor's process keyring
%S Requestor's session keyring
There's another macro substitution too that permits the interpolation of the contents of a key:
%{<type>:<description>}
This performs a lookup for a key of the given type and description on the requestor's keyrings, and if found, substitutes the contents for
the macro. If not found an error will be logged and the key under construction will be negated.
EXAMPLE
A basic file will be installed in the /etc. This will contain two debugging lines that can be used to test the installation:
create user debug:* negate /bin/keyctl negate %k 30 %S
create user debug:loop:* * |/bin/cat
create user debug:* * /usr/share/keyutils/request-key-debug.sh %k %d %c %S
negate * * * /bin/keyctl negate %k 30 %S
This is set up so that something like:
keyctl request2 user debug:xxxx negate
will create a negative user-defined key, something like:
keyctl request2 user debug:yyyy spoon
will create an instantiated user-defined key with "Debug spoon" as the payload, and something like:
keyctl request2 user debug:loop:zzzz abcdefghijkl
will create an instantiated user-defined key with the callout information as the payload.
FILES
/etc/request-key.conf
SEE ALSO keyctl(1), request-key.conf(5)Linux 11 July 2005 REQUEST-KEY.CONF(5)