BrGui from XP to AIX with ssh (putty)

[raylin]

I try to implement the graphical Br*tools : the BrGui which is a java gui on my XP Workstation to an SAP Server on AIX Server where the br*tools reside with Putty and ssh.
The first time a got the java gui launched but with no command choice (brbackup etc) then I began to debug on the command line level.


when I do the following :
plink -ssh -i priv.ppk ora<sid>@host command

I am always prompted for the password of ora<sid> user
which has the c shell (usr/bin/csh)

when I do the same with a normal user who has too a csh I am not prompted for the password

I have put the same public key of my WS in each $HOME/.ssh/authorized_keys

Any idea ?

 

[hoinz]

Hello,

a common problem with ssh connections (not specific to SAP) is with file permissions for authorized_keys file, or .ssh directory, or $HOME. authorized_keys must not be writable for anybody else, and this also means that nobody may be allowed to move (and replace) it.
Did you check this?

 

[raylin]

the .ssh directory permissions for both users :

drwx------ .ssh

the authorized_keys for both users :

-rw------- 1 orad44 dba authorized_keys

-rw------- 1 bsrl staff authorized_keys

The two users has a c shell and when i ssh from my workstation with the orad44 I am prompted for a password and when I ssh with user bsrl I am not prompted


Z:\>plink -ssh -i "c:\pscp\prv01.ppk" orad44@mbsxsr11 date;hostname
Server refused our key
orad44@mbsxsr11's password:
Thu Feb 22 14:58:24 NFT 2007
mbsxsr11

Z:\>plink -ssh -i "c:\pscp\prv01.ppk" bsrl@mbsxsr11 date;hostname
Thu Feb 22 14:58:05 NFT 2007
mbsxsr11

 

[hoinz]

ok,

you checked part of what I wrote:
You also have to check all the directories in the path of the .ssh directories.
For making it clearer, let's assume the home directory of user orad44 is /oracle/D44, and the .ssh directory is /oracle/D44/.ssh, and /oracle/D44 has these permissions:
-rwxrwxrwx 1 orad44 dba D44
Then this means that anybody could move .shh to .ssh_old, and create a new .ssh with new, fake authorized_keys. Therefore ssh does not allow this.
It will be a similar problem, if /oracle has permissions rwxrwxr-x

hope this helps

 

[raylin]

Yes I could simulate it with user bsrl (I gave grp write perm and then I was prompted for a pwd too)
the D44 in /oracle/D44 has group write permission but the problem is that user d44adm (= <sid>adm )who is in the group dba must have write permission to that directory ...

 

[hoinz]

... user d44adm (= <sid>adm )who is in the group dba must have write permission to that directory ...

I disagree.
In none of our systems user <sid>adm has write permissions to the home directory of user ora<sid>.
And we widely use ssh, by the way.
And as far as I know, user <sid>adm should not be in the group dba either.

If you insist on write permission for user <sid>adm, then there is no way to use ssh without password, sorry.

regards

 

[raylin]

thanks
I changed this write permission on this subdirectory and now the first hurdle is passed : I am no more prompted for a password on the command line level.

But my problem with the BrGui persists :
the java gui is launched on my XP WS , the target host and the logon button can be selected but after that no BR*tools main menu on the left side ...

 

[hoinz]

glad it helped so far;
but I cannot help further; never tried BrGui myself ...

anybody out there?