Previously we push file using ftp in outside node. Now we try sftp, but connection is not established. I am provide you the debug log. Any idea to solve the issue?
Hi,
I'm in the process of writting some scripts using sftp2 on a HP UX 11.11 machine.
I've found that when I do an 'ls' command , even when in batch mode, it asks for me to 'press any key to continue or q to quit' after a screenful of data. Of course in batch mode this cause the script to hang.... (0 Replies)
Hi,
I have a folder ABC.
I have sftp executing from this folder successfully to other servers using keys which avoids passowrd prompt.
The permissions for the folder are only for user.ie drwx------
But i need another id to access my folder and execute the scripts.
So i changed the access... (2 Replies)
Hi I need to perform the following task using shell script.
establishing a sftp connection to a server.
then get the latest file from there to our own server.
But i am not finding ny suitable command in sftp console to get the latest file.
can anyone help me in this reagrd.
if ny other... (1 Reply)
Hi,
I am doing a FTP from a Unix host to a windows host. I have generated the key in my unix server and added them in the destination host. In the Destination they changed the ip address now i am not able to connect. I can see it is reaching till that server but i am not receiving that server... (2 Replies)
Hi
my sftp batch run connect to the server and transfer the txt file to target server. but when I run again same batch with same file it give error.
Any idea about this error.....
regards
Jamil
edit by bakunin: please do not "hijack" threads. That is: if you have a genuine... (1 Reply)
Hi,
Here is my problem::confused:
Daily my ETL process will create 4 (Four) Flatfiles in unix box. Upon creation of the flatfiles, I need to do "SFTP" the files to a "Remote Server".
Sometimes While doing SFTP, the files get trucated due to it's size.
Now I would like to design a Korn... (3 Replies)
I have written a samll sftp script abc.sh as below
sftp user@remote-server <<EOF
lcd /home/gopi
cd /home/raju
get COA
exit
EOF
Its working. But when i rin the script, it gives the acknowledgement like ,
sftp> lcd /home/gopi
sftp> cd /home/raju
sftp> get COA
Fetching... (3 Replies)
I want to execute shell script with in sftp session for remote server.
like i have a shell script test.sh that is on local server.i want to execute like
sftp user@192.168.56.10
sftp> test.sh ---execute for remote server not for local server.
Please help me for this issue (2 Replies)
I have an sftp script which is uploading file into a directory which is not specified wth the cd command . For example:
sftp sftpserver
>>lcd /abc
>>cd /tmp/bef
>> put /abc/abc.txt /tmp/bef/abc.txt
Uploading file from /abc/abc.txt to /xyz/wxy/tmp/bef/abc.txt
>>quit
The file is getting... (2 Replies)
i have a problem no a dream :)
i have a list and i want to do :
cat lista_olo
for file in `cat list`
do
sftp myuser@myip << EOF
ls -l mydir/$file/
EOF
but there is an error . Syntax error at line 11 : `<' is not matched
How can i do ?
Regards. (1 Reply)
Discussion started by: Francesco_IT
1 Replies
LEARN ABOUT DEBIAN
ssh-vulnkey
SSH-VULNKEY(1) BSD General Commands Manual SSH-VULNKEY(1)NAME
ssh-vulnkey -- check blacklist of compromised keys
SYNOPSIS
ssh-vulnkey [-q | -v] file ...
ssh-vulnkey -a
DESCRIPTION
ssh-vulnkey checks a key against a blacklist of compromised keys.
A substantial number of keys are known to have been generated using a broken version of OpenSSL distributed by Debian which failed to seed
its random number generator correctly. Keys generated using these OpenSSL versions should be assumed to be compromised. This tool may be
useful in checking for such keys.
Keys that are compromised cannot be repaired; replacements must be generated using ssh-keygen(1). Make sure to update authorized_keys files
on all systems where compromised keys were permitted to authenticate.
The argument list will be interpreted as a list of paths to public key files or authorized_keys files. If no suitable file is found at a
given path, ssh-vulnkey will append .pub and retry, in case it was given a private key file. If no files are given as arguments, ssh-vulnkey
will check ~/.ssh/id_rsa, ~/.ssh/id_dsa, ~/.ssh/identity, ~/.ssh/authorized_keys and ~/.ssh/authorized_keys2, as well as the system's host
keys if readable.
If ``-'' is given as an argument, ssh-vulnkey will read from standard input. This can be used to process output from ssh-keyscan(1), for
example:
$ ssh-keyscan -t rsa remote.example.org | ssh-vulnkey -
Unless the PermitBlacklistedKeys option is used, sshd(8) will reject attempts to authenticate with keys in the compromised list.
The output from ssh-vulnkey looks like this:
/etc/ssh/ssh_host_key:1: COMPROMISED: RSA1 2048 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx root@host
/home/user/.ssh/id_dsa:1: Not blacklisted: DSA 1024 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx /home/user/.ssh/id_dsa.pub
/home/user/.ssh/authorized_keys:3: Unknown (blacklist file not installed): RSA 1024 xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx user@host
Each line is of the following format (any lines beginning with ``#'' should be ignored by scripts):
filename:line: status: type size fingerprint comment
It is important to distinguish between the possible values of status:
COMPROMISED
These keys are listed in a blacklist file, normally because their corresponding private keys are well-known. Replacements must be
generated using ssh-keygen(1).
Not blacklisted
A blacklist file exists for this key type and size, but this key is not listed in it. Unless there is some particular reason to
believe otherwise, this key may be used safely. (Note that DSA keys used with the broken version of OpenSSL distributed by Debian
may be compromised in the event that anyone captured a network trace, even if they were generated with a secure version of OpenSSL.)
Unknown (blacklist file not installed)
No blacklist file exists for this key type and size. You should find a suitable published blacklist and install it before deciding
whether this key is safe to use.
The options are as follows:
-a Check keys of all users on the system. You will typically need to run ssh-vulnkey as root to use this option. For each user,
ssh-vulnkey will check ~/.ssh/id_rsa, ~/.ssh/id_dsa, ~/.ssh/identity, ~/.ssh/authorized_keys and ~/.ssh/authorized_keys2. It will
also check the system's host keys.
-q Quiet mode. Normally, ssh-vulnkey outputs the fingerprint of each key scanned, with a description of its status. This option sup-
presses that output.
-v Verbose mode. Normally, ssh-vulnkey does not output anything for keys that are not listed in their corresponding blacklist file
(although it still produces output for keys for which there is no blacklist file, since their status is unknown). This option causes
ssh-vulnkey to produce output for all keys.
EXIT STATUS
ssh-vulnkey will exit zero if any of the given keys were in the compromised list, otherwise non-zero.
BLACKLIST FILE FORMAT
The blacklist file may start with comments, on lines starting with ``#''. After these initial comments, it must follow a strict format:
o All the lines must be exactly the same length (20 characters followed by a newline) and must be in sorted order.
o Each line must consist of the lower-case hexadecimal MD5 key fingerprint, without colons, and with the first 12 characters removed
(that is, the least significant 80 bits of the fingerprint).
The key fingerprint may be generated using ssh-keygen(1):
$ ssh-keygen -l -f /path/to/key
This strict format is necessary to allow the blacklist file to be checked quickly, using a binary-search algorithm.
FILES
~/.ssh/id_rsa
If present, contains the protocol version 2 RSA authentication identity of the user.
~/.ssh/id_dsa
If present, contains the protocol version 2 DSA authentication identity of the user.
~/.ssh/identity
If present, contains the protocol version 1 RSA authentication identity of the user.
~/.ssh/authorized_keys
If present, lists the public keys (RSA/DSA) that can be used for logging in as this user.
~/.ssh/authorized_keys2
Obsolete name for ~/.ssh/authorized_keys. This file may still be present on some old systems, but should not be created if it is
missing.
/etc/ssh/ssh_host_rsa_key
If present, contains the protocol version 2 RSA identity of the system.
/etc/ssh/ssh_host_dsa_key
If present, contains the protocol version 2 DSA identity of the system.
/etc/ssh/ssh_host_key
If present, contains the protocol version 1 RSA identity of the system.
/usr/share/ssh/blacklist.TYPE-LENGTH
If present, lists the blacklisted keys of type TYPE (``RSA'' or ``DSA'') and bit length LENGTH. The format of this file is described
above. RSA1 keys are converted to RSA before being checked in the blacklist. Note that the fingerprints of RSA1 keys are computed
differently, so you will not be able to find them in the blacklist by hand.
/etc/ssh/blacklist.TYPE-LENGTH
Same as /usr/share/ssh/blacklist.TYPE-LENGTH, but may be edited by the system administrator to add new blacklist entries.
SEE ALSO ssh-keygen(1), sshd(8)AUTHORS
Colin Watson <cjwatson@ubuntu.com>
Florian Weimer suggested the option to check keys of all users, and the idea of processing ssh-keyscan(1) output.
BSD May 12, 2008 BSD