Secure File Transfer Installation. Sender Recipient Attached FIles Pages Date. Development Internal/External None 11 6/23/08



Similar documents
CA ehealth. Remote Poller Guide. r6.1

TS-800. Configuring SSH Client Software in UNIX and Windows Environments for Use with the SFTP Access Method in SAS 9.2, SAS 9.3, and SAS 9.

SSH, SCP, SFTP, Denyhosts. Süha TUNA Res. Assist.

IBM WebSphere Application Server Version 7.0

SSH The Secure Shell

Pro OpenSSH. Michael Stahnke. Apress* =# # w^ l&l ## frsft. *,«.,*

Installation & Configuration Guide for Solaris 8

Secure Shell. The Protocol

Secure Shell Demon setup under Windows XP / Windows Server 2003

Encrypted File Transfer - Customer Testing

SSH! Keep it secret. Keep it safe

Adobe Marketing Cloud Using FTP and sftp with the Adobe Marketing Cloud

SSL Tunnels. Introduction

Using SFTP on the z/os Platform

Linux FTP Server Setup

WinSCP PuTTY as an alternative to F-Secure July 11, 2006

Integrating Apache Web Server with Tomcat Application Server

File transfer clients manual File Delivery Services

Installing Virtual Coordinator (VC) in Linux Systems that use RPM (Red Hat, Fedora, CentOS) Document # 15807A1-103 Date: Aug 06, 2012

SSH Secure Shell. Administrator s Guide

If you prefer to use your own SSH client, configure NG Admin with the path to the executable:

1 Reflection ZFE 5. 2 Security Considerations Troubleshooting the Installation 19. Contents 1

SendMIME Pro Installation & Users Guide

CASHNet Secure File Transfer Instructions

EventTracker Windows syslog User Guide

SAS 9.4 In-Database Products

Contents Set up Cassandra Cluster using Datastax Community Edition on Amazon EC2 Installing OpsCenter on Amazon AMI References Contact

Managed File Transfer

Redpaper. Securing Communications with OpenSSH on IBM i5/os. Front cover. ibm.com/redbooks. Learn how to install, configure, and use SSH with i5/os

Configuring SSH and Telnet

4PSA Total Backup User's Guide. for Plesk and newer versions

CycleServer Grid Engine Support Install Guide. version 1.25

INSTALLING KAAZING WEBSOCKET GATEWAY - HTML5 EDITION ON AN AMAZON EC2 CLOUD SERVER

Securing Windows Remote Desktop with CopSSH

Securing Windows Remote Desktop with CopSSH

Install and configure SSH server

WEB2CS INSTALLATION GUIDE

Decision Support System to MODEM communications

Cloud Storage Quick Start Guide

Single Node Hadoop Cluster Setup

Security Correlation Server Quick Installation Guide

2 Advanced Session... Properties 3 Session profile... wizard. 5 Application... preferences. 3 ASCII / Binary... Transfer

AnzioWin FTP Dialog. AnzioWin version 15.0 and later

Viking VPN Guide Linux/UNIX

TSM for Windows Installation Instructions: Download the latest TSM Client Using the following link:

Single Node Setup. Table of contents

Enterprise Reporting Server v3.5

IBM eserver iseries ITSO Technical Forum 2005

Running a Default Vulnerability Scan

Using sftp in Informatica PowerCenter

AlienVault Unified Security Management (USM) 4.x-5.x. Deploying HIDS Agents to Linux Hosts

HPCC - Hrothgar Getting Started User Guide

Nessus Credential Checks for Unix and Windows

Guide to the Configuration and Use of SFTP Clients for Uploading Digital Treatment Planning Data to ITC

UserGuide ReflectionPKIServicesManager

SETTING UP RASPBERRY PI FOR TOPPY FTP ACCESS. (Draft 5)

Defeating Firewalls : Sneaking Into Office Computers From Home

Installation Guide for WebSphere Application Server (WAS) and its Fix Packs on AIX V5.3L

Installation Guide for FTMS and Node Manager 1.6.0

Guide to the Configuration and Use of SFTP Clients for Uploading Digital Treatment Planning Data to IROC RI

How to install PowerChute Network Shutdown on VMware ESXi 3.5, 4.0 and 4.1

Connectivity using ssh, rsync & vsftpd

SSH and FTP on Ubuntu WNYLUG Neal Chapman 09/09/2009

How To Configure the Oracle ZFS Storage Appliance for Quest Authentication for Oracle Solaris

PN Connect:Enterprise Secure FTP Client Release Notes Version

Running a Default Vulnerability Scan SAINTcorporation.com

Using Internet or Windows Explorer to Upload Your Site

Automated Offsite Backup with rdiff-backup

Monitoring Clearswift Gateways with SCOM

SSH Key Exchange: Windows client to Unix/Linux server

OpenSSH: Secure Shell

File Transfer Examples. Running commands on other computers and transferring files between computers

Overview. Remote access and file transfer. SSH clients by platform. Logging in remotely

How To Set Up A Backupassist For An Raspberry Netbook With A Data Host On A Nsync Server On A Usb 2 (Qnap) On A Netbook (Qnet) On An Usb 2 On A Cdnap (

Install an SSL Certificate onto SilverStream. Sender Recipient Attached FIles Pages Date. Development Internal/External None 5 6/16/08

RSA ACE/Agent 5.2 for UNIX Installation and Configuration Guide

How to upload large files to a JTAC Case

Linux command line. An introduction to the Linux command line for genomics. Susan Fairley

Avira Update Manager User Manual

SERVER HARDENING. Presented by: Daniel Waymel and Corrin Thompson at TexSAW 2014 at the University of Texas at Dallas

File Transfer Protocol

Computer Science and Engineering Linux Cisco VPN Client Installation and Setup Guide

RPC and TI-RPC Test Suite Test Plan Document

Veritas Storage Foundation and High Availability Solutions Getting Started Guide

SSSD and OpenSSH Integration

Configuring MailArchiva with Insight Server

Comsol Multiphysics. Running COMSOL on the Amazon Cloud. VERSION 4.3a

HOST LINKS GSFTP G&R. Gateway between FTP and SFTP.

CHAPTER 7 SSL CONFIGURATION AND TESTING

Configure Backup Server for Cisco Unified Communications Manager

INF-110. GPFS Installation

How To Install Storegrid Server On Linux On A Microsoft Ubuntu 7.5 (Amd64) Or Ubuntu (Amd86) (Amd77) (Orchestra) (For Ubuntu) (Permanent) (Powerpoint

Configuring for SFTP March 2013

Installing a Symantec Backup Exec Agent on a SnapScale Cluster X2 Node or SnapServer DX1 or DX2. Summary

File Transfer Best Practices

XFTP 5 User Guide. The Powerful SFTP/FTP File Transfer Program. NetSarang Computer Inc.

Transcription:

Technical Note Secure File Transfer Installation Sender Recipient Attached FIles Pages Date Development Internal/External None 11 6/23/08 Overview This document explains how to install OpenSSH for Secure File Transfer (SFTP) among Netcool/Proviso components. You must be proficient in your operating system and have a basic understanding of public/private key encryption when working with SFTP. For the purposes of this document, an SFTP client is the node that initiates the SFTP connection and login attempt, while the SFTP server is the node that accepts the connection and permits the login attempt. This distinction is important for generating public/private keys and authorization, as the SFTP server should have the public key of the SFTP client in its authorized hosts file. This process is described in more detail later. For Netcool/Proviso to use SFTP for the remote execution of components and file transfer, OpenSSH must be configured for key-based authentication when connecting from the Proviso account on the client (the host running the Netcool/Proviso process that needs to use SFTP) to the account on the server. In addition, the host keys must be established such that the host key confirmation prompt is not displayed during the connection. This document describes the OpenSSH installation, configuration, and testing process in detail for each platform. The topics are as follows: Enabling SFTP on page 2 Installing OpenSSH on page 2 Configuring OpenSSH on page 7 Testing OpenSSH and SFTP on page 10 Troubleshooting on page 11 Netcool/Provisio SFTP Errors on page 11 Secure File Transfer Installation, 6/23/08 1

Enabling SFTP The use of SFTP is supported in Netcool/Proviso. Netcool/Proviso SFTP can be enabled for a single component, set of components, or all components as needed. The table below lists the Netcool/Proviso components that support SFTP: Client Server Description Node on which DataChannel resides. All other DataChannel nodes to be installed. Installer can use SFTP to install Netcool/Proviso software to remote locations. Bulk Collector DataMart Inventory Transfer of inventory files. FTE Bulk Collector FTE transfers files from BCOL to CME. FTE DataLoad SNMP collector Transfer of SNMP data. FTE/LDR Remote CME Remote CME only - FTE transfers files from CME to LDR. Note: This document is intended only as a guideline to installing OpenSSH. Netcool/Proviso calls the ssh binary directly and uses the SFTP protocol to transfer files, so the essential Netcool/Proviso requirement is that OpenSSH is used and public key authentication is enabled. The following procedures are examples of one method of installing and configuring OpenSSH. The precise method and final configuration for your site should be decided by your local operating system security administrator. For detailed information about OpenSSH and its command syntax, visit the following URL: http://www.openssh.com/manual.html Installing OpenSSH This section describes the steps necessary to install OpenSSH on the following platforms: AIX Systems on page 2 Solaris Systems on page 4 Note: The following sections refer to the earliest supported version of the required packages. Refer to the OpenSSH documentation for information on updated versions. AIX Systems To install OpenSSH on AIX systems, follow these steps: Step 1: Download the Required Software Packages on page 3. Step 2: Install the Required Packages on page 3. Step 3: Configure OpenSSH Server to Start Up on System Boot on page 3. Secure File Transfer Installation, 6/23/08 2

Step 1: Download the Required Software Packages To download the required packages, do the following: 1. In your browser, enter the following URL: http://www-03.ibm.com/servers/aix/products/aixos/linux/download.html 2. From the AIX Toolbox for Linux Applications page, download the following files according to the instructions to each Netcool/Proviso system where SFTP is to be used: prngd Pseudo Random Number Generation Daemon (prngd-0.9.29-1.aix5.1.ppc.rpm or higher). zlib zlib compression and decompression library (zlib-1.2.2-4.aix5.1.ppc.rpm or higher). 3. From the AIX Toolbox for Linux Applications page, click the AIX Toolbox Cryptographic Content link. 4. Download the following files according to the instructions to each Netcool/Proviso system where SFTP is to be used: openssl-0.9.7g-1.aix5.1.ppc.rpm or higher 5. In your browser, enter the following URL: http://sourceforge.net/projects/openssh-aix 6. From the OpenSSH on AIX page, search for and download the following files according to the instructions to each Netcool/Proviso system where SFTP is to be used: openssh-4.1p1_53.tar.z or higher Step 2: Install the Required Packages To install the required packages, do the following on each Netcool/Proviso system where SFTP is to be used: 1. Log into the system as root. 2. Change your working directory to the location where the software packages have been dowloaded using the following command: # cd /download/location 3. Run the RPM Packaging Manager for each package, in the specified order, using the following commands: # rpm -i zlib # rpm -i prndg # rpm -i openssl 4. Uncompress and untar the openssh tar file by entering the following commands: $ uncompress openssh-4.1p1_53.tar.z $ tar xvf openssh-4.1p1_53.tar 5. Using the System Management Interface Tool (SMIT), install the openssh package. 6. Exit from SMIT. Step 3: Configure OpenSSH Server to Start Up on System Boot After installing the OpenSSH server and client, you must configure the OpenSSH server to start up on system boot. To configure the server to start on system boot, modify the /etc/rc.d/ssshd init script as follows: Secure File Transfer Installation, 6/23/08 3

#! /usr/bin/sh # # start/stop the secure shell daemon case "$1" in 'start') # Start the ssh daemon if [ -x /usr/local/sbin/sshd ]; then echo "starting SSHD daemon" /usr/local/sbin/sshd & fi 'stop') # Stop the ssh daemon kill -9 `ps -eaf grep /usr/local/sbin/sshd grep -v grep awk '{print $2}' xargs` *) echo "usage: sshd {start stop}" Solaris Systems OpenSSH is required for SFTP to work with Netcool/Proviso. The version of SSH installed with the Solaris 9 operating system will not work. Note: The following sections refer to the current version of the required packages. Refer to the OpenSSH documentation for information on updated versions. To install OpenSSH on Solaris systems, follow these steps: Step 1: Download the Required Software Packages on page 4. Step 2: Install the Required Software Packages on page 5. Step 3: Configure OpenSSH Server to Start Up on System Boot on page 6. Step 1: Download the Required Software Packages To download the required packages, do the following: 1. In your browser, enter the following URL: http://www.sunfreeware.com 2. From the Freeware for Solaris page, download the following files according to the instructions to each Netcool/Proviso system where SFTP is to be used: gcc Compiler. Ensure that you download the compiler that corresponds to your version of Solaris, and also ensure that you download the full Solaris package and not just the source code (gcc-3.2.3-sol9-sparclocal.gz or higher). openssh SSH client (openssh-4.5p1-sol-sparc-local.gz or higher). openssl SSL executables and libraries (openssl-0.9.8d-sol9-sparc-local.gz or higher). zlib zlib compression and decompression library (zlib-1.2.3-sol9-sparc-local.gz or higher). Secure File Transfer Installation, 6/23/08 4

Step 2: Install the Required Software Packages To install the required packages, do the following on each Netcool/Proviso system where SFTP is to be used: 1. Log into the system as root. 2. Change your working directory to the location where the software packages have been dowloaded using the following command: # cd /download/location 3. Copy the downloaded software packages to /usr/local/src, or a similar location, using the following commands: # cp gcc-3.2.3-sol9-sparc-local.gz /usr/local/src # cp zlib-1.2.3-sol9-sparc-local.gz /usr/local/src # cp openssl-0.9.8d-sol9-sparc-local.gz /usr/local/src # cp openssh-4.5p1-sol-sparc-local.gz /usr/local/src 4. Change your working directory to /usr/local/src using the following command: # cd /usr/local/src 5. Install the gcc compiler by doing the following: 5-a. Uncompress gcc using the following command: gunzip gcc-3.2.3-sol9-sparc-local.gz 5-b. Add the gcc package using the following command: pkgadd -d gcc-3.2.3-sol9-sparc-local 6. Install the zlib compression library by doing the following: 6-a. Uncompress zlib using the following command: gunzip zlib-1.2.3-sol9-sparc-local.gz 6-b. Add the zlib package using the following command: pkgadd -d zlib-1.2.3-sol9-sparc-local 7. Install the OpenSSL executables and binaries by doing the following: 7-a. Uncompress OpenSSL using the following command: gunzip openssl-0.9.8d-sol9-sparc-local.gz 7-b. Add the OpenSSL package using the following command: pkgadd -d openssl-0.9.8d-sol9-sparc-local 8. Install the OpenSSH client by doing the following: 8-a. Uncompress OpenSSH using the following command: gunzip openssh-4.5p1-sol-sparc-local.gz 8-b. Add the OpenSSH package using the following command: pkgadd -d openssh-4.5p1-sol9-sparc-local 8-c. Create a group and user for sshd using the following commands: groupadd ssh useradd -g sshd sshd 9. (Optional) Remove Sun SSH from the path and link OpenSSH by doing the following: 9-a. Change your working directory to /usr/local/bin using the following command: Secure File Transfer Installation, 6/23/08 5

cd /usr/bin 9-b. Move the Sun SSH files and link the OpenSSH files using the following commands: # mv ssh ssh.sun # mv ssh-add ssh-add.sun # mv ssh-agent ssh-agent.sun # mv ssh-keygen ssh-keygen.sun # ln -s /usr/local/bin/ssh ssh # ln -s /usr/local/bin/ssh-add ssh-add # ln -s /usr/local/bin/ssh-agent ssh-agent # ln -s /usr/local/bin/ssh-keygen ssh-keygen # ln -s /usr/local/bin/ssh-keyscan ssh-keyscan Step 3: Configure OpenSSH Server to Start Up on System Boot After installing the OpenSSH server and client, you must configure the OpenSSH server to start up on system boot. To configure the server to start on system boot, do the following: 1. Modify the /etc/init.d/sshd/init script as follows: #! /bin/sh # # start/stop the secure shell daemon case "$1" in 'start') # Start the ssh daemon if [ -x /usr/local/sbin/sshd ]; then echo "starting SSHD daemon" /usr/local/sbin/sshd & fi 'stop') # Stop the ssh daemon /usr/bin/pkill -x sshd *) echo "usage: /etc/init.d/sshd {start stop}" 2. Check that /etc/rc3.d/s89sshd exists (or any sshd startup script exists) and is a soft link to /etc/init.d/sshd. If not, create it using the following command: ln -s /etc/init.d/sshd /etc/rc3.d/s89sshd Secure File Transfer Installation, 6/23/08 6

Configuring OpenSSH This section describes how to configure the OpenSSH server and client. Configuring the OpenSSH Server To configure the OpenSSH Server, follow these steps on each Netcool/Proviso system where SFTP is to be used: 1. Log into the system as root. 2. Change your working directory to the location where the OpenSSH Server was installed (/usr/local/etc/sshd_config by default) using the following command: # cd /usr/local/etc/sshd_config 3. Using the text editor of your choice, open the sshd_config file. The following is an example of the sshd_config file: #*************************************************************************** # sshd_config # This is the sshd server system-wide configuration file. See sshd(8) # for more information. # The strategy used for options in the default sshd_config shipped with # OpenSSH is to specify options with their default value where # possible, but leave them commented. Uncommented options change a # default value. Port 22 Protocol 2 ListenAddress 0.0.0.0 HostKey /usr/local/etc/ssh_host_dsa_key SyslogFacility AUTH LogLevel INFO PubkeyAuthentication yes AuthorizedKeysFile.ssh/authorized_keys RhostsAuthentication no RhostsRSAAuthentication no HostbasedAuthentication no PasswordAuthentication yes ChallengeResponseAuthentication no Subsystem sftp /usr/local/libexec/sftp-server #**************************************************************** 4. Locate the Protocol parameter. For security purposes, it is recommended that this parameter is set to Protcol 2 as follows: Protocol 2 5. Locate the HostKeys for protocol version 2 parameter and ensure it is set as follows: HostKey /usr/local/etc/ssh_host_dsa_key Secure File Transfer Installation, 6/23/08 7

6. Locate the PubkeyAuthentication parameter and ensure it is set as follows: PubkeyAuthentication yes 7. Locate the PasswordAuthentication parameter and ensure it is set as follows: PasswordAuthentication yes Secure File Transfer Installation 8. Locate the Subsystem parameter and ensure that the SFTP subsystem and path are correct. Using defaults, the Subsystem parameter appears as follows: Subsystem sftp /usr/local/libexec/sftp-server Configuring OpenSSH Client The OpenSSH client should require no configuration if it used in its default form. The default location for the OpenSSH client file is /usr/local/etc/ssh_config. Generating Public and Private Keys By default, OpenSSH generates public and private keys, but they will be attached to the root user. You must generate public and private keys with the Netcool/Proviso user for the SFTP functions to work in Netcool/Proviso. To generate public and private keys: 1. Log in as pvuser on the node that will be the SFTP client. This node is referred to as SFTPclient in these instructions, but you must replace SFTPclient with the name of your node. 2. Create an.ssh directory in the Netcool/Proviso user s home directory, set permissions to x/r/w for owner (700), then change to the directory using the following commands: $ mkdir ~/.ssh $ chmod 700 ~/.ssh $ cd ~/.ssh 3. Generate a DSA public and private key with no passphrase (DSA encryption is used as an example). The following example shows a Unix server called SFTPclient: $ /usr/local/bin/ssh-keygen -t dsa -f SFTPclient -P "" Generating public/private dsa key pair. Your identification has been saved in SFTPclient. Your public key has been saved in SFTPclient.pub. The key fingerprint is: 77:67:2f:34:d4:2c:66:db:9b:1f:9a:36:fe:c7:07:c6 pvuser@sftpclient 4. The previous command generates two files, SFTPclient (the private key) and SFTPclient.pub (the public key). Copy the private key to id_dsa in the ~/.ssh directory by entering the following command: $ cp -p ~/.ssh/sftpclient ~/.ssh/id_dsa id_dsa will be used to identify the node when it contacts other nodes. 5. To permit Netcool/Proviso components on SFTPclient to communicate, you must append the contents of the SFTPclient.pub key file to the file authorized_keys in the ~/.ssh directory by using the following commands: cd ~/.ssh cat SFTPclient.pub >> authorized_keys 6. Log on to the other node that will be the SFTP server. This node is referred to as SFTPserver in these instructions, but you must replace SFTPserver with the name of your node. Secure File Transfer Installation, 6/23/08 8

7. Repeat Step 1 through Step 5 on the SFTPserver node, replacing SFTPclient with SFTPserver. 8. Copy (via FTP, scp, or a similar utility) the public key from SFTPclient to SFTPserver and append the contents of the key file to the file authorized_keys in the ~/.ssh directory. If you cut and paste lines, be careful not to introduce carriage returns where there should be none. Use the following FTP session as an example : SFTPserver:~/.ssh> ftp SFTPclient Connected to SFTPclient. 220 SFTPclient FTP server (SunOS 5.8) ready. Name (SFTPclient:pvuser): pvuser 331 Password required for pvuser. Password: 230 User pvuser logged in. ftp> bin 200 Type set to I. ftp> get.ssh/sftpclient.pub 200 PORT command successful. 150 Binary data connection for.ssh/sftpclient.pub 226 Binary Transfer complete. local:.ssh/sftpclient.pub remote:.ssh/sftpclient.pub ftp> quit 221 Goodbye. SFTPserver:~/.ssh> cat SFTPclient.pub >> authorized_keys 9. (Optional) If you want to set up bidirectional SFTP, repeat Step 8, but from the SFTserver node to the SFTPclient node. Note: This is not needed for Netcool/Proviso. Use the following FTP session as an example: SFTPclient:~/.ssh> ftp SFTPserver Connected to SFTPserver. 220 SFTPserver FTP server (SunOS 5.8) ready. Name (SFTPserver:pvuser): pvuser 331 Password required for pvuser. Password: 230 User pvuser logged in. ftp> bin 200 Type set to I. ftp> get.ssh/sftpserver.pub 200 PORT command successful. 150 Binary data connection for.ssh/sftpserver.pub 226 Binary Transfer complete. local:.ssh/sftpserver.pub remote:.ssh/sftpserver.pub ftp> quit 221 Goodbye. SFTPclient:~/.ssh> cat SFTPserver.pub >> authorized_keys 10. When finished, the SFTPclient and SFTPserver should look similar to the following: SFTPclient:~/.ssh> ls -al ~/.ssh total 10 drwx------ 2 pvuser pvuser 512 Nov 25 16:56. drwxr-xr-x 28 pvuser pvuser 1024 Nov 25 15:25.. -rw------- 1 pvuser pvuser 883 Nov 25 15:21 id_dsa -rw-r--r-- 1 pvuser pvuser 836 Nov 25 16:33 known_hosts SFTPserver:~/.ssh> ls -al ~/.ssh total 10 Secure File Transfer Installation, 6/23/08 9

drwx------ 2 pvuser pvuser 512 Nov 25 16:56. drwxr-xr-x 28 pvuser pvuser 1024 Nov 25 15:25.. -rw------- 1 pvuser pvuser 883 Nov 25 15:21 id_dsa -rw-r--r-- 1 pvuser pvuser 836 Nov 25 16:33 known_hosts The important files are: authorized_keys, which contains the public keys of the nodes that are authorized to connect to this node id_dsa, which contains the private key of the node it is on known_hosts, which contains the public keys of the node that you want to connect to For security, the private key (id_dsa) should be -rw------. Likewise, the public key Node<number>.pub, authorized_keys, and known_hosts should be -rw-r--r--. The directory itself should be -rwx-----. Note: The directory that contains the.ssh directory may also need to be writable by owner. 11. The first time you connect using SSH or SFTP to the other node, it will ask if the public key fingerprint is correct, and then save that fingerprint in known_hosts. Optionally, you can manually populate the client s known_hosts file with the server s public host key (by default, /usr/local/etc/ssh_host_dsa_key.pub). For large-scale deployments, a more efficient and reliable procedure is: 11-a. From one host, ssh to each SFTP server and accept the fingerprint. This builds a master known_hosts file with all the necessary hosts. 11-b. Copy that master file to every other SFTP client. Note: If the known_hosts file has not been populated and secure file transfer (SFTP) is attempted through Netcool/Proviso, SFTP will fail with vague errors. Testing OpenSSH and SFTP For the following tests, the commands should work without asking for a password. If you are prompted for a password, public/private key encryption is not working. Make sure you specify the full path to the ssh and sshd binaries. Otherwise, you might use another previously installed SSH client or server. To test OpenSSH and SFTP, do the following: 1. On both nodes, kill any existing sshd processes and start the sshd process from the packages you just installed, by entering the following commands: pkill -9 sshd /usr/local/sbin/sshd & Note that the path may differ frrom the above, depending on the installation. 2. From SFTPclient, run the following command: /usr/local/bin/ssh SFTPserver 3. From SFTPclient, run the following command: /usr/local/bin/sftp SFTPserver 4. (Optional) If you set up bidirectional SFTP, run the following command from SFTPserver: /usr/local/bin/ssh SFTPclient Secure File Transfer Installation, 6/23/08 10

5. (Optional) If you set up bidirectional SFTP, run the following command from SFTPserver: /usr/local/bin/sftp SFTPclient Secure File Transfer Installation 6. If all tests allow you to log in without specifying a password, follow the Netcool/Proviso instructions on how to enable SFTP in each Netcool/Proviso component. Make sure to specify the full path to SSH in the Netcool/Proviso configuration files. In addition, make sure the user that Netcool/Proviso is run as is the same as the user that you used to generate keys. Troubleshooting If you find that OpenSSH is not working properly with public keys, do the following: 1. Check the ~/known_hosts file on the node acting as the SSH client and make sure the client's hostname and IP information is present and correct. 2. Check the ~/authorized_keys file on the node acting as the SSH server and make sure that the client s public key is present and correct. Make sure the permissions are -rw-r--r--. 3. Check the ~/id.dsa file on the node acting as the SSH client and make sure that the client s private key is present and correct. Make sure the permissions are -rw-------. 4. Check the ~/.ssh directory on both nodes to ensure that the permissions on the directories are -rwx------. 5. Check for syntax errors (common ones are misspelling authorized_keys and known_hosts without the s at the end). In addition, if you copied and pasted keys into known hosts or authorized keys files, you probably have introduced carriage returns in the middle of a single, very long line. 6. Check the ~ (home directory) permissions to make sure they are only writable by owner. 7. If those are correct, kill the sshd process and restart in debug mode as follows: pkill -9 sshd /usr/local/sbin/sshd -d 8. Test SSH again in verbose mode on the other node by entering the following command: /usr/local/bin/ssh -v SFTPserver 9. Read the debugging information on both client and server and troubleshoot from there. 10. Check the log file /var/adm/messages for additional troubleshooting information. Netcool/Provisio SFTP Errors In the Netcool/Proviso log files, you might see the following errors: [DC10120] FTPERR error: incompatible version, result: sftp status: SSH2_FX_FAILURE:: incompatible version, log: This error indicates that the SSH server (sshd) is SSH2 rather than OpenSSH. OpenSSH is required for Netcool/Proviso to function correctly. [DC10120] FTPERR error: bad version msg, result: sftp status: SSH2_FX_NO_CONNECTION:: connection not established - check ssh configuration, log: This error indicates that the SSH configuration is incorrect or the wrong version of the SSH server (sshd) is running. OpenSSH is required for Netcool/Proviso to function correctly. Secure File Transfer Installation, 6/23/08 11

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information