Originally posted by: styerd

I'm trying to setup passwordless ssh access to my HMC. On the HMC is "OpenSSH_4.2p1, OpenSSL 0.9.8a 11 Oct 2005" on my server "SSH Tectia Server 4.3.7 on powerpc-ibm-aix5.1.0.0". I can ssh with a password without a problem. I have a procedure to convert ssh keys between the versions but I need to scp over the public key file and convert it on the HMC before adding it to .ssh/authorized_keys2. Yes, perhaps I could walk it over with a USB drive but it would be nice if "scp" would work. I'm sure I'll want it for other things.

I see this after the password challenge ...
debug: Ssh2AuthKbdInteractiveClient/authc-kbd-interactive.c:268: Sending response packet.
debug: Ssh2/ssh2.c:774: Returning user input stream to original values.
debug: Ssh2Common/sshcommon.c:768: num_channels now 1
debug: SshTtyFlags/sshttyflags.c:294: Not a tty. (fd = 0)
debug: Ssh2ChannelSession/sshchsession.c:2829: Requesting subsystem sftp
debug: Ssh2Common/sshcommon.c:733: num_channels now 0
debug: Got session close with exit_status=1

I see web comments about stdout from bashrc causing issues but this is an HMC that IBM helped us set up just a couple weeks ago, there are no changes from the initial install and it doesn't look like there is any output there anyway. I see this when connecting with ssh ... it's probably typical ...
Keyboard-interactive:
Authentication successful.
Last login: Fri May 7 12:31:57 2010 from 131.23.1.2

Any suggestions?

Originally posted by: j.gann

the hmc is an appliance, not a unix server. the only 1 reason I see for copying files there is config files for "chsyscfg -f ...", and these i put into /tmp which never failed for years now.

regarding authorzized keys: on recent hmc releases you copy your existing pubkey with "mkauthkeys -a "ssh-dss lkajsdlfkj...."

from your debug log: looks like your scp client wants to talk sftp....

Joachim Gann

Originally posted by: Pave1

Hi

to estabilish ssh-key based access to the HMC you might follow part of chapter "Install procedure" from here:
http://www.ibm.com/developerworks/wikis/display/virtualization/lpar2rrd+tool

It works quite well, you can access and copy files to the HMC. You will have rights to home dir of the user where you stores the ssh keys or to public dirs like /tmp (perhaps also to /var/tmp). Lpar2rrd tool uses both ssh & scp options for years ...

Cheers,
Pavel

Originally posted by: Kosala

I think the recommended way to do this is to use the mkauthkey command in HCM. You have to copy paste the public key to the command line, with argument -a.

Or

I have used SCP in the reverse way, where from the HMC, launch a scp to pull the public key from a remote server, and then move the public key over authorized_keys2 file. But this will allow you to add only one key... which is not desirable for me.

Originally posted by: styerd

Well I gave up trying to interface Tectia SSH to OpenSSH and instead had OpenSSH installed on the client. Scp now works fine. I've followed the simple procedure of setting up SSH public keys for passwordless SSH access ...

client: ssh-keygen -P "" -f ~/.ssh/id_rsa
client: scp ~/.ssh/id_rsa.pub hscroot@<ip>:/tmp
hscroot@hmc: mkauthkeys -a `cat /tmp/id_rsa.pub`

But still SSH asks for a password. But, I see that the client id_rsa.pub file matches the line in the HMCs .ssh/authorize_keys2 except the blanks between the leading "ssh-rsa" and between the trailing "<id>@client" and the "key" have been removed. It's all become one big long line without any blanks.

Turns out I'm just missing a set of double quotes ...
mkauthkeys -a "`cat /tmp/id_rsa.pub`"
And now it all works! Duh.

I guess I'll go back and try Tectia again.