Discussion:
SFTP-Server?
(too old to reply)
Christoph Gartmann
2007-12-01 22:00:24 UTC
Permalink
Hello,

we are in the need of a SFTP-server. With Multinet 5.1 I couldn't find anything
in the docs but I realized that there is something incorporated into SSH. But:
is this something beta? Some tests produced somewhat strange results. Thus,
before I go into deeper testing: is this someting supported?

Regards,
Christoph Gartmann
--
Max-Planck-Institut fuer Phone : +49-761-5108-464 Fax: -452
Immunbiologie
Postfach 1169 Internet: ***@immunbio dot mpg dot de
D-79011 Freiburg, Germany
http://www.immunbio.mpg.de/home/menue.html
Richard J Faust
2007-12-02 16:07:29 UTC
Permalink
I'm pretty sure HGFTP has a server if MultiNet doesn't.

Rich




***@nonsense
.immunbio.mpg.de
(Christoph To
Gartmann) info-***@process.com
cc
2007-12-01 16:00
Subject
SFTP-Server?
Please respond to
Info-***@pro
cess.com







Hello,

we are in the need of a SFTP-server. With Multinet 5.1 I couldn't find
anything
in the docs but I realized that there is something incorporated into SSH.
But:
is this something beta? Some tests produced somewhat strange results. Thus,
before I go into deeper testing: is this someting supported?

Regards,
Christoph Gartmann

--
Max-Planck-Institut fuer Phone : +49-761-5108-464 Fax: -452
Immunbiologie
Postfach 1169 Internet: ***@immunbio dot mpg dot de
D-79011 Freiburg, Germany
http://www.immunbio.mpg.de/home/menue.html
Geoff Bryant
2007-12-02 17:05:03 UTC
Permalink
MultiNet support sftp and scp. I don't recall when we introduced sftp;
need to check on that.
Post by Richard J Faust
I'm pretty sure HGFTP has a server if MultiNet doesn't.
Rich
.immunbio.mpg.de
(Christoph To
cc
2007-12-01 16:00
Subject
SFTP-Server?
Please respond to
cess.com
Hello,
we are in the need of a SFTP-server. With Multinet 5.1 I couldn't find anything
is this something beta? Some tests produced somewhat strange results. Thus,
before I go into deeper testing: is this someting supported?
Regards,
Christoph Gartmann
--
Max-Planck-Institut fuer Phone : +49-761-5108-464 Fax: -452
Immunbiologie
D-79011 Freiburg, Germany
http://www.immunbio.mpg.de/home/menue.html
-------------------------------------------------------------
Geoff Bryant ***@process.com
TCPware/MultiNet/PMDF/SSH/PreciseMail Engineering
Process Software http://www.process.com/
959 Concord St.
Framingham, MA 01701 USA
Richard Whalen
2007-12-03 14:26:35 UTC
Permalink
SFTP-server is a fully supported SSH subsystem in MultiNet 5.1.

What sort of unexpected results were you getting?


-----Original Message-----
From: Christoph Gartmann [mailto:***@nonsense.immunbio.mpg.de]
Sent: Saturday, December 01, 2007 5:00 PM
To: info-***@process.com
Subject: SFTP-Server?

Hello,

we are in the need of a SFTP-server. With Multinet 5.1 I couldn't find
anything
in the docs but I realized that there is something incorporated into
SSH. But:
is this something beta? Some tests produced somewhat strange results.
Thus,
before I go into deeper testing: is this someting supported?

Regards,
Christoph Gartmann
--
Max-Planck-Institut fuer Phone : +49-761-5108-464 Fax: -452
Immunbiologie
Postfach 1169 Internet: ***@immunbio dot mpg dot
de
D-79011 Freiburg, Germany
http://www.immunbio.mpg.de/home/menue.html
Christoph Gartmann
2007-12-03 16:31:14 UTC
Permalink
Post by Richard Whalen
SFTP-server is a fully supported SSH subsystem in MultiNet 5.1.
What sort of unexpected results were you getting?
We tried to backup the configuration of our new Cisco VoIP system. We then
get "invalid password" messages on the console although the correct password
is provided. Now as we looked a bit deeper into it, the problem seems to be
on Cisco's side.

Regards,
Christoph Gartmann
--
Max-Planck-Institut fuer Phone : +49-761-5108-464 Fax: -452
Immunbiologie
Postfach 1169 Internet: ***@immunbio dot mpg dot de
D-79011 Freiburg, Germany
http://www.immunbio.mpg.de/home/menue.html
Jeremy Begg
2007-12-03 21:43:35 UTC
Permalink
Hi,
Post by Christoph Gartmann
We tried to backup the configuration of our new Cisco VoIP system. We then
get "invalid password" messages on the console although the correct password
is provided. Now as we looked a bit deeper into it, the problem seems to be
on Cisco's side.
We found that even trying to SSH to the Cisco router (for console access)
produced something similar. It seems their SSH server code is broken -- and
SFTP relies on SSH to set up the secure TCP session.

Regards,

Jeremy Begg
Dan O'Reilly
2007-12-03 21:51:00 UTC
Permalink
Actually, we've found that when attempting to SSH to a Cisco server, you
can add the following lines to your SSH2_DIR:SSH2_CONFIG (note, the config
for the client, not server):

SendKEXGuess NO
allowagentforwarding no
allowx11forwarding no

These should allow you to talk to the router properly using our client
(which, of course, is used by the SFTP client).
Post by Jeremy Begg
Hi,
Post by Christoph Gartmann
We tried to backup the configuration of our new Cisco VoIP system. We then
get "invalid password" messages on the console although the correct password
is provided. Now as we looked a bit deeper into it, the problem seems to be
on Cisco's side.
We found that even trying to SSH to the Cisco router (for console access)
produced something similar. It seems their SSH server code is broken -- and
SFTP relies on SSH to set up the secure TCP session.
Regards,
Jeremy Begg
------
+-------------------------------+----------------------------------------+
| Dan O'Reilly | "There are 10 types of people in this |
| Principal Engineer | world: those who understand binary |
| Process Software | and those who don't." |
| http://www.process.com | |
+-------------------------------+----------------------------------------+
Jeremy Begg
2007-12-03 23:00:00 UTC
Permalink
Hi Dan,
Post by Dan O'Reilly
Actually, we've found that when attempting to SSH to a Cisco server, you
can add the following lines to your SSH2_DIR:SSH2_CONFIG (note, the
SendKEXGuess NO
allowagentforwarding no
allowx11forwarding no
These should allow you to talk to the router properly using our client
(which, of course, is used by the SFTP client).
That's interesting. I'm setting up a new HP Integrity server today and I've
just installed MultiNet V5.2 on it, with all the MultiNet updates, and I've
found a couple of issues directly relating to the above comments. I've
opened the manual to page 30-27 ("Starting the SSH Server for the First Time").

1. The manual says to run this command:
$ COPY MULTINET_SPECIFIC_ROOT:[MULTINET.SSH2]SSHD2_CONFIG.TEMPLATE -
_$ MULTINET_SPECIFIC_ROOT:[MULTINET.SSH2]SSHD2_CONFIG.

The problem is that the SSHD2_CONFIG.TEMPLATE file is not in that
directory; it's in the MULTINET: directory instead.

2. The manual says to run this command:
$ COPY MULTINET_SPECIFIC_ROOT:[MULTINET.SSH2]SSH2_CONFIG.TEMPLATE -
_$ MULTINET_SPECIFIC_ROOT:[MULTINET.SSH2]SSH2_CONFIG.

The problem is that this template file does not exist.

Here's a list of all the .TEMPLATE files shipped with MultiNet 5.2:

rx2660::SYSTEM> d multinet_root:[multinet...]*.template

Directory MULTINET_COMMON_ROOT:[MULTINET]

ACCOUNTING_CONF.TEMPLATE;1 2/48 8-SEP-2003 09:36:29.00
GATED_CONF.TEMPLATE;1 3/16 8-APR-2007 03:54:27.59
NTPD_DST_PROC_COM.TEMPLATE;1 4/16 8-APR-2007 03:54:28.12
NTP_CONF.TEMPLATE;1 8/16 8-APR-2007 03:54:27.99
PSK_TXT.TEMPLATE;1 1/48 20-JAN-2005 08:14:55.80
RACOON_CONF.TEMPLATE;1 2/48 20-JAN-2005 08:15:37.01
SMTP_SERVER_REJECT.TEMPLATE;1 6/16 8-APR-2007 03:48:20.23
SSHD2_CONFIG.TEMPLATE;1 10/48 3-OCT-2003 15:05:41.79
SSHD_CONFIG.TEMPLATE;1 3/48 9-NOV-2001 12:11:07.78

Total of 9 files, 39/304 blocks.

Looking at another couple of systems I have access to, it appears that the
SSH2_CONFIG.TEMPLATE file was omitted from the V5.2 kit. Can I just copy
this file from a MultiNet 5.1 system, or have there been more recent changes
to it?

Thanks,

Jeremy Begg

+---------------------------------------------------------+
| VSM Software Services Pty. Ltd. |
| http://www.vsm.com.au/ |
| "OpenVMS Systems Management & Programming" |
| Web & Email Hosting |
|---------------------------------------------------------|
| P.O.Box 402, Walkerville, | E-Mail: ***@vsm.com.au |
| South Australia 5081 | Phone: +61 8 8221 5188 |
|---------------------------| Mobile: 0414 422 947 |
| A.C.N. 068 409 156 | FAX: +61 8 8221 7199 |
+---------------------------------------------------------+
Phillip R Smith
2007-12-04 00:53:05 UTC
Permalink
Are these available on the command line?

I rely on X11 forwarding and I'd expect that others do too, so just
setting these lines isn't something that you'd want to do in general
I assume...

-Ross-
Post by Dan O'Reilly
Actually, we've found that when attempting to SSH to a Cisco
server, you can add the following lines to your
SendKEXGuess NO
allowagentforwarding no
allowx11forwarding no
These should allow you to talk to the router properly using our
client (which, of course, is used by the SFTP client).
Post by Christoph Gartmann
Hi,
Post by Christoph Gartmann
We tried to backup the configuration of our new Cisco VoIP
system. We then
Post by Christoph Gartmann
get "invalid password" messages on the console although the
correct password
Post by Christoph Gartmann
is provided. Now as we looked a bit deeper into it, the problem
seems to be
Post by Christoph Gartmann
on Cisco's side.
We found that even trying to SSH to the Cisco router (for console access)
produced something similar. It seems their SSH server code is broken -- and
SFTP relies on SSH to set up the secure TCP session.
Regards,
Jeremy Begg
------
+-------------------------------
+----------------------------------------+
| Dan O'Reilly | "There are 10 types of people in this |
| Principal Engineer | world: those who understand binary |
| Process Software | and those who
don't." |
| http://www.process.com
| |
+-------------------------------
+----------------------------------------+
Dan O'Reilly
2007-12-04 02:42:06 UTC
Permalink
They are available from the command line, but you can use what's called a
"stanza" in your SSH2_CONFIG file. For example:

lima.beans.com:
sendkexguess no
allowagentforwarding no
allowx11forwarding no
pinto.beans.com:
sendkexguess no
allowagentforwarding no
allowx11forwarding no

In this example, the 2 systems lima and pinto both use specific
options. For all other systems, either defaults or other specified values
are used.

Just FYI, if you REALLY want to do it from the command line:

$ ssh lima.beans.com
/option=(sendkexguess=no,allowagentforwarding=no,allowx11forwarding=no)
Post by Phillip R Smith
Are these available on the command line?
I rely on X11 forwarding and I'd expect that others do too, so just
setting these lines isn't something that you'd want to do in general
I assume...
-Ross-
Post by Dan O'Reilly
Actually, we've found that when attempting to SSH to a Cisco
server, you can add the following lines to your
SendKEXGuess NO
allowagentforwarding no
allowx11forwarding no
These should allow you to talk to the router properly using our
client (which, of course, is used by the SFTP client).
Post by Christoph Gartmann
Hi,
Post by Christoph Gartmann
We tried to backup the configuration of our new Cisco VoIP
system. We then
Post by Christoph Gartmann
get "invalid password" messages on the console although the
correct password
Post by Christoph Gartmann
is provided. Now as we looked a bit deeper into it, the problem
seems to be
Post by Christoph Gartmann
on Cisco's side.
We found that even trying to SSH to the Cisco router (for console access)
produced something similar. It seems their SSH server code is broken -- and
SFTP relies on SSH to set up the secure TCP session.
Regards,
Jeremy Begg
------
+------------------------------- +----------------------------------------+
| Dan O'Reilly | "There are 10 types of people in this |
| Principal Engineer | world: those who understand binary |
| Process Software | and those who
don't." |
| http://www.process.com
| |
+------------------------------- +----------------------------------------+
------
+-------------------------------+----------------------------------------+
| Dan O'Reilly | "There are 10 types of people in this |
| Principal Engineer | world: those who understand binary |
| Process Software | and those who don't." |
| http://www.process.com | |
+-------------------------------+----------------------------------------+
Bob Koehler
2007-12-05 18:38:39 UTC
Permalink
Post by Christoph Gartmann
Hello,
we are in the need of a SFTP-server. With Multinet 5.1 I couldn't find anything
is this something beta? Some tests produced somewhat strange results. Thus,
before I go into deeper testing: is this someting supported?
The beta version came out years ago and has long since been replaced
by a production version. SSH, SFTP client and server, and such, have
been available as a patch or ship with versions back at least to
Multinet 4.4 .

Loading...