I am trying to using sftp to transfer a file source=gold
target=diamond these are
both aix 5.3 boxes.
I ran ssh_keygen on my source but when I run the following script
cat xxx.sh
#!/bin/sh
echo "OK, starting now..."
sftp phartman@diamond <<EOF
cd /tmp
binary
put xxx
quit
EOF
I get the following message:
Connecting to diamond...
The authenticity of host 'diamond (172.16.2.14)' can't be established.
RSA key fingerprint is 35:cd:be:e4:8a:27:4e:fe:9b:c3:87:89:eb:
52:dc:a7.
Are you sure you want to continue connecting (yes/no)? no
Host key verification failed.
What do I have to do on the target side to make this work. Do I have
put my
~/.ssh directory on target side users directory? That does not make
sense, because what would happen if if I sftp from another source to
that target they
key will not match.
Can somebody tell me how to rectify this problem so I dont get
prompted in my
script and it will work for from multiple source machines. Thanks in
advance to
all that answer.
|
|
0
|
|
|
|
Reply
|
 Stu
|
6/18/2010 3:10:53 PM |
|
Stu wrote:
> I am trying to using sftp to transfer a file source=gold
> target=diamond these are
> both aix 5.3 boxes.
>
> I ran ssh_keygen on my source but when I run the following script
>
> cat xxx.sh
>
> #!/bin/sh
> echo "OK, starting now..."
> sftp phartman@diamond <<EOF
> cd /tmp
> binary
> put xxx
> quit
> EOF
>
>
> I get the following message:
>
> Connecting to diamond...
> The authenticity of host 'diamond (172.16.2.14)' can't be established.
> RSA key fingerprint is 35:cd:be:e4:8a:27:4e:fe:9b:c3:87:89:eb:
> 52:dc:a7.
> Are you sure you want to continue connecting (yes/no)? no
> Host key verification failed.
>
> What do I have to do on the target side to make this work. Do I have
> put my
> ~/.ssh directory on target side users directory? That does not make
> sense, because what would happen if if I sftp from another source to
> that target they
> key will not match.
>
> Can somebody tell me how to rectify this problem so I dont get
> prompted in my
> script and it will work for from multiple source machines. Thanks in
> advance to
> all that answer.
Manually ssh to the target host once, and answer "yes" to accept its key, so
it won't be asked again in the future. Alternatively, use
sftp -o "StrictHostKeyChecking=no" phartman@diamond
etc. to have the key automatically added.
|
|
|
0
|
|
|
|
Reply
|
pk
|
6/18/2010 3:16:16 PM
|
|
On Fri, 18 Jun 2010 08:10:53 -0700 (PDT), Stu <beefstu350@hotmail.com>
wrote:
>I get the following message:
>
>Connecting to diamond...
>The authenticity of host 'diamond (172.16.2.14)' can't be established.
>RSA key fingerprint is 35:cd:be:e4:8a:27:4e:fe:9b:c3:87:89:eb:
>52:dc:a7.
>Are you sure you want to continue connecting (yes/no)? no
>Host key verification failed.
>Can somebody tell me how to rectify this problem so I dont get
>prompted in my script and it will work for from multiple source machines.
Answer yes to the question.
That creates entries in ~/.ssh/known_hosts for the target, and you won't
be prompted again. Copy those entries to ~/.ssh/known_hosts on all
source machines.
Or delete ~/.ssh/known_hosts, and when you answer the question, it will
be re-created, with entries only for the target. Then you can copy the
new ~/.ssh/known_hosts file to all source machines.
--
Web mail, POP3, and SMTP
http://www.beewyz.com/freeaccounts.php
|
|
|
0
|
|
|
|
Reply
|
John
|
6/18/2010 3:25:28 PM
|
|
Stu wrote:
> I am trying to using sftp to transfer a file source=gold
> target=diamond these are
> both aix 5.3 boxes.
>
> I ran ssh_keygen on my source but when I run the following script
>
> cat xxx.sh
>
> #!/bin/sh
> echo "OK, starting now..."
> sftp phartman@diamond <<EOF
> cd /tmp
> binary
> put xxx
> quit
> EOF
>
>
> I get the following message:
>
> Connecting to diamond...
> The authenticity of host 'diamond (172.16.2.14)' can't be established.
> RSA key fingerprint is 35:cd:be:e4:8a:27:4e:fe:9b:c3:87:89:eb:
> 52:dc:a7.
> Are you sure you want to continue connecting (yes/no)? no
> Host key verification failed.
>
> What do I have to do on the target side to make this work. Do I have
> put my
> ~/.ssh directory on target side users directory? That does not make
> sense, because what would happen if if I sftp from another source to
> that target they
> key will not match.
>
> Can somebody tell me how to rectify this problem so I dont get
> prompted in my
> script and it will work for from multiple source machines. Thanks in
> advance to
> all that answer.
Iff you can login to "diamond" locally, i.e. at the console, you can check
the machine's public key at /etc/ssh/ssh_host_rsa_key.pub
or /etc/ssh/ssh_host_dsa_key.pub, using , e.g.
ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub
for the RSA file. This will give you the fingerprint. If you then login
remotely from the other computer you can then accept the key if the
fingerprint in the above message is the same. Of course, if you have access
to the machine in that way, copy the public key file and manually place it
either in ~/.ssh/known_hosts, or /etc/ssh/ssh_known_hosts on each of your
client machines. (check man pages on local machines to ensure correct files
and formats - this info is correct for OpenSSH as provided by Ubuntu; your
milage may vary)
Once you have answered "yes" to the above question, or installed the public
key file manually, the file will be permanently installed and you will not
have to answer the question again.
If you cannot login to diamond locally, ask the SysAdmin for that machine to
give you the fingerprint for the public key.
By the way, you have place your personal public key in
~/.ssh/authorized_keys on "diamond", haven't you?
Andrew
|
|
|
0
|
|
|
|
Reply
|
Andrew
|
6/18/2010 3:47:41 PM
|
|
On Jun 18, 8:47=A0am, Andrew McDermott <a.p.mcderm...@NOSPAM-rl.ac.uk>
wrote:
> Stu wrote:
> > I am trying to using sftp to transfer a file source=3Dgold
> > target=3Ddiamond these are
> > both aix 5.3 boxes.
>
> > I ran ssh_keygen on my source but when I run the following script
>
> > cat xxx.sh
>
> > #!/bin/sh
> > =A0 echo "OK, starting now..."
> > =A0 sftp phartman@diamond <<EOF
> > =A0 cd /tmp
> > =A0 binary
> > =A0 put xxx
> > =A0 quit
> > EOF
>
> > I get the following message:
>
> > Connecting to diamond...
> > The authenticity of host 'diamond (172.16.2.14)' can't be established.
> > RSA key fingerprint is 35:cd:be:e4:8a:27:4e:fe:9b:c3:87:89:eb:
> > 52:dc:a7.
> > Are you sure you want to continue connecting (yes/no)? no
> > Host key verification failed.
>
> > What do I have to do on the target side to make this work. Do I have
> > put my
> > ~/.ssh directory on target side users directory? That does not make
> > sense, because what would happen if if I sftp from another source to
> > that target they
> > key will not match.
>
> > Can somebody tell me how to rectify this problem so I dont get
> > prompted in my
> > script and it will work for from multiple source machines. Thanks in
> > advance to
> > all that answer.
>
> Iff you can login to "diamond" locally, i.e. at the console, you can chec=
k
> the machine's public key at /etc/ssh/ssh_host_rsa_key.pub
> or /etc/ssh/ssh_host_dsa_key.pub, using , e.g.
>
> ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub
>
> for the RSA file. This will give you the fingerprint. If you then login
> remotely from the other computer you can then accept the key if the
> fingerprint in the above message is the same. Of course, if you have acce=
ss
> to the machine in that way, copy the public key file and manually place i=
t
> either in ~/.ssh/known_hosts, or /etc/ssh/ssh_known_hosts on each of your
> client machines. (check man pages on local machines to ensure correct fil=
es
> and formats - this info is correct for OpenSSH as provided by Ubuntu; you=
r
> milage may vary)
>
> Once you have answered "yes" to the above question, or installed the publ=
ic
> key file manually, the file will be permanently installed and you will no=
t
> have to answer the question again.
>
> If you cannot login to diamond locally, ask the SysAdmin for that machine=
to
> give you the fingerprint for the public key.
>
> By the way, you have place your personal public key in
> ~/.ssh/authorized_keys on "diamond", haven't you?
>
> Andrew- Hide quoted text -
>
> - Show quoted text -
The ssh options for verbose are very handy in cases like this. Give it
a go. Once it works, save the verbose file from the working session,
handy ref for when it does finally break down. 2 cents, JB
|
|
|
0
|
|
|
|
Reply
|
johnb850
|
6/18/2010 3:54:17 PM
|
|
On Jun 18, 11:47=A0am, Andrew McDermott <a.p.mcderm...@NOSPAM-rl.ac.uk>
wrote:
> Stu wrote:
> > I am trying to using sftp to transfer a file source=3Dgold
> > target=3Ddiamond these are
> > both aix 5.3 boxes.
>
> > I ran ssh_keygen on my source but when I run the following script
>
> > cat xxx.sh
>
> > #!/bin/sh
> > =A0 echo "OK, starting now..."
> > =A0 sftp phartman@diamond <<EOF
> > =A0 cd /tmp
> > =A0 binary
> > =A0 put xxx
> > =A0 quit
> > EOF
>
> > I get the following message:
>
> > Connecting to diamond...
> > The authenticity of host 'diamond (172.16.2.14)' can't be established.
> > RSA key fingerprint is 35:cd:be:e4:8a:27:4e:fe:9b:c3:87:89:eb:
> > 52:dc:a7.
> > Are you sure you want to continue connecting (yes/no)? no
> > Host key verification failed.
>
> > What do I have to do on the target side to make this work. Do I have
> > put my
> > ~/.ssh directory on target side users directory? That does not make
> > sense, because what would happen if if I sftp from another source to
> > that target they
> > key will not match.
>
> > Can somebody tell me how to rectify this problem so I dont get
> > prompted in my
> > script and it will work for from multiple source machines. Thanks in
> > advance to
> > all that answer.
>
> Iff you can login to "diamond" locally, i.e. at the console, you can chec=
k
> the machine's public key at /etc/ssh/ssh_host_rsa_key.pub
> or /etc/ssh/ssh_host_dsa_key.pub, using , e.g.
>
> ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key.pub
>
> for the RSA file. This will give you the fingerprint. If you then login
> remotely from the other computer you can then accept the key if the
> fingerprint in the above message is the same. Of course, if you have acce=
ss
> to the machine in that way, copy the public key file and manually place i=
t
> either in ~/.ssh/known_hosts, or /etc/ssh/ssh_known_hosts on each of your
> client machines. (check man pages on local machines to ensure correct fil=
es
> and formats - this info is correct for OpenSSH as provided by Ubuntu; you=
r
> milage may vary)
>
> Once you have answered "yes" to the above question, or installed the publ=
ic
> key file manually, the file will be permanently installed and you will no=
t
> have to answer the question again.
>
> If you cannot login to diamond locally, ask the SysAdmin for that machine=
to
> give you the fingerprint for the public key.
>
> By the way, you have place your personal public key in
> ~/.ssh/authorized_keys on "diamond", haven't you?
>
> Andrew- Hide quoted text -
>
> - Show quoted text -
All:
Thanks all great solutions. I just need to know why I am being asked
for a password in my
script. Is there anyway to avoid that?
Connecting to diamond...
The authenticity of host 'diamond (172.16.2.14)' can't be established.
RSA key fingerprint is 35:cd:be:e4:8a:27:4e:fe:9b:c3:87:89:eb:
52:dc:a7.
Are you sure you want to continue connecting (yes/no)? y
Please type 'yes' or 'no': yes
Warning: Permanently added 'diamond,172.16.2.14' (RSA) to the list of
known hosts.
phartman@diamond's password:
|
|
|
0
|
|
|
|
Reply
|
Stu
|
6/18/2010 4:08:17 PM
|
|
Stu wrote:
> Thanks all great solutions. I just need to know why I am being asked
> for a password in my
> script. Is there anyway to avoid that?
>
> Connecting to diamond...
> The authenticity of host 'diamond (172.16.2.14)' can't be established.
> RSA key fingerprint is 35:cd:be:e4:8a:27:4e:fe:9b:c3:87:89:eb:
> 52:dc:a7.
> Are you sure you want to continue connecting (yes/no)? y
> Please type 'yes' or 'no': yes
> Warning: Permanently added 'diamond,172.16.2.14' (RSA) to the list of
> known hosts.
> phartman@diamond's password:
This is a different, albeit related, matter. To be able to login without
being asked for a password, you need to use public key authentication.
First of all, the ssh server on the target machine must support it (I can't
think of a reason why it shouldn't though). Then, you need to have a keypair
(a private key and its corresponding public key) on the machine you're
connecting from; these are usually found under ~/.ssh (where ~ is the home
directory of the user who needs to connect).
Of these two keys, you need to get the data contained in the *public* key
file into the file ~/.ssh/authorized_keys on the remote machine (~ is the
home directory of the user you will connect as on the remote box).
Once you've done that, you should be able to connect without being asked for
a password.
Ah no, there's a final matter: to be completely passwordless, the *private*
key file on the local machine must not be password protected (the password
is usually set when the heypair is generated).
|
|
|
0
|
|
|
|
Reply
|
pk
|
6/18/2010 5:05:05 PM
|
|
Stu <beefstu350@hotmail.com> writes:
> Thanks all great solutions. I just need to know why I am being asked
> for a password in my
> script. Is there anyway to avoid that?
I don't think you are reading the responses.
It's NOT a password.
sftp is asking if the host is the proper device, or an impostor.
Solution:
Run sftp once on the command line, and without your script.
When it asks you if you are talking to the right host, say
yes.
From then on your script will work.
|
|
|
0
|
|
|
|
Reply
|
Maxwell
|
6/19/2010 11:01:08 AM
|
|
Maxwell Lol wrote:
> Stu <beefstu350@hotmail.com> writes:
>
>> Thanks all great solutions. I just need to know why I am being asked
>> for a password in my
>> script. Is there anyway to avoid that?
>
> I don't think you are reading the responses.
>
> It's NOT a password.
er:
Connecting to diamond...
The authenticity of host 'diamond (172.16.2.14)' can't be established.
RSA key fingerprint is 35:cd:be:e4:8a:27:4e:fe:9b:c3:87:89:eb:
52:dc:a7.
Are you sure you want to continue connecting (yes/no)? y
Please type 'yes' or 'no': yes
Warning: Permanently added 'diamond,172.16.2.14' (RSA) to the list of
known hosts.
phartman@diamond's password:
|
|
|
0
|
|
|
|
Reply
|
pk
|
6/19/2010 11:35:22 AM
|
|
On 2010-06-19, pk <pk@pk.invalid> wrote:
> Maxwell Lol wrote:
>
>> Stu <beefstu350@hotmail.com> writes:
>>
>>> Thanks all great solutions. I just need to know why I am being asked
>>> for a password in my
>>> script. Is there anyway to avoid that?
>>
>> I don't think you are reading the responses.
>>
>> It's NOT a password.
>
> er:
>
> Connecting to diamond...
> The authenticity of host 'diamond (172.16.2.14)' can't be established.
> RSA key fingerprint is 35:cd:be:e4:8a:27:4e:fe:9b:c3:87:89:eb:
> 52:dc:a7.
> Are you sure you want to continue connecting (yes/no)? y
> Please type 'yes' or 'no': yes
> Warning: Permanently added 'diamond,172.16.2.14' (RSA) to the list of
> known hosts.
> phartman@diamond's password:
>
Try the command "ssh-copy-id". And if your user names are different on
the local and remote hosts, you can add an entry to the local ~/.ssh/config.
--
[It is] best to confuse only one issue at a time.
-- K&R
|
|
|
0
|
|
|
|
Reply
|
Bill
|
6/19/2010 2:50:51 PM
|
|
pk <pk@pk.invalid> writes:
> Maxwell Lol wrote:
>
>> Stu <beefstu350@hotmail.com> writes:
>>
>>> Thanks all great solutions. I just need to know why I am being asked
>>> for a password in my
>>> script. Is there anyway to avoid that?
>>
>> I don't think you are reading the responses.
>>
>> It's NOT a password.
>
> er:
he is trying to create a script using ssh.
>
> Connecting to diamond...
> The authenticity of host 'diamond (172.16.2.14)' can't be established.
> RSA key fingerprint is 35:cd:be:e4:8a:27:4e:fe:9b:c3:87:89:eb:
> 52:dc:a7.
> Are you sure you want to continue connecting (yes/no)? y
> Please type 'yes' or 'no': yes
> Warning: Permanently added 'diamond,172.16.2.14' (RSA) to the list of
> known hosts.
That part is NOT a password.
> phartman@diamond's password:
The second part is, but if he upts his private key in the remote site,
it won't ask for this anymore.
|
|
|
0
|
|
|
|
Reply
|
Maxwell
|
6/20/2010 8:17:00 PM
|
|
Stu wrote:
> On Jun 18, 11:47 am, Andrew McDermott <a.p.mcderm...@NOSPAM-rl.ac.uk>
> wrote:
>> Stu wrote:
>> > I am trying to using sftp to transfer a file source=gold
>> > target=diamond these are
>> > both aix 5.3 boxes.
>>
>> > I ran ssh_keygen on my source but when I run the following script
>> By the way, you have place your personal public key in
>> ~/.ssh/authorized_keys on "diamond", haven't you?
>>
> Thanks all great solutions. I just need to know why I am being asked
> for a password in my
> script. Is there anyway to avoid that?
>
> Connecting to diamond...
> The authenticity of host 'diamond (172.16.2.14)' can't be established.
> RSA key fingerprint is 35:cd:be:e4:8a:27:4e:fe:9b:c3:87:89:eb:
> 52:dc:a7.
> Are you sure you want to continue connecting (yes/no)? y
> Please type 'yes' or 'no': yes
> Warning: Permanently added 'diamond,172.16.2.14' (RSA) to the list of
> known hosts.
> phartman@diamond's password:
I re-iterate my question:
>> By the way, you have place your personal public key in
>> ~/.ssh/authorized_keys on "diamond", haven't you?
Andrew
|
|
|
0
|
|
|
|
Reply
|
Andrew
|
6/21/2010 8:25:40 AM
|
|
|
11 Replies
2230 Views
(page loaded in 0.227 seconds)
|
Search |
Post Question |
Groups |
Stream |
About |
Register
15043 articles. 
25 followers. 