Colin: I seem to have tracked down the issue here. I downloaded a product called Tunnelier and installed it on our UniData server (this is an SSH and SFTP client for Windows). I use this because several of our business partners use WinSSHD as a SFTP host on their Windows servers, and both products are provided by the same company at http://www.bitvise.com/. When we connect with the SFTP server a host key is exchanged and the Tunnelier client tries to check if this host key is already in the host key database, located in the HKEY Current User subkey in the client's Windows registry. The problem seems to be that the logged in user into UniData can't read this registry entry (either can't find it or is not allowed read access). -- UniData ECL -- :!sftpc -profile="E:\Backups\Scripts\WinSSHD.tlp" -hostKeyFile="E:\Backups\Scripts\id_rsa.pub" -cmdFile="E:\Backups\test.txt" Starting first key exchange. Server version string: SSH-2.0-1.35 sshlib: WinSSHD 3.11 New host key received. Algorithm: ssh-dss, Size: 1024 bits, bla, bla, bla... Warning: Host key lookup failed. Reason: RegCreateKeyExA() failed: Windows error: 5: Access is denied. The received host key is unknown and needs to be manually verified and saved into Tunnelier's database before connecting to the server in unattended mode. Connect to the server interactively using Tunnelier, verify the presented host key and save it. This program will then be able to connect to the server unattended. Host key verification must be done from the same Windows account under which this program is run. ERROR: Session terminated on client's behalf: SSH_DISCONNECT_HOST_KEY_NOT_VERIFIABLE host key verification failed -- DOS Shell -- E:\>sftpc -profile="E:\Backups\Scripts\WinSSHD.tlp" -hostKeyFile="E:\Backups\Scripts\id_rsa.pub" -cmdFile="E:\Backups\test.txt" Connecting to SSH2 server some.server.com:port#. Connected. Starting first key exchange. Server version string: SSH-2.0-1.35 sshlib: WinSSHD 3.11 New host key received. Algorithm: ssh-dss, Size: 1024 bits, bla, bla, bla... First key exchange completed. Key exchange: bla, bla, bla... Attempting 'password' authentication. Authentication completed. Opening SFTP session... SFTP opened successfully. Using SFTP version 2. sftp> quit Session terminated on user's request. There's no difference in the commands. The Tunnelier command-line interface allows a work-around so I can get this process to run properly in unattended mode. However, it seems to me there is a user context problem from within the UniData shell when executing O/S commands...I couldn't find any mention of this in the 44 UniData .pdf manuals I have. Also, all kinds of wierd problems occured because sometimes I could get the host key read from ECL but couldn't get it read from a phantom. No matter what, any time I rebooted UniData and Windows the problem appeared again and unattended communication failed; whether at ECL or via a phantom. I wonder why this is the case and what other limitations exist with user context, designed or otherwise, that would affect O/S commands. Bill
_____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Bill Haskett Sent: Wednesday, February 13, 2008 12:05 PM To: u2-users@listserver.u2ug.org Subject: RE: [U2] UD what user is a phantom using Colin: [snipped] Currently I'm logging every command executed by this originally phantomed service, and the log says the user (@LOGNAME) is me, even on the phantom'd phantom. So something is amiss (or could use some further explanation). Thanks again, Bill _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Colin Alfke Sent: Wednesday, February 13, 2008 7:57 AM To: u2-users@listserver.u2ug.org Subject: RE: [U2] UD what user is a phantom using Bill; Normally our phantoms here return a user = "system." We haven't tried firing phantoms from phantoms or starting UniData as another user. I have seen some strange security related things with phantoms - it's like the user isn't quite logged in. You can try looking at @LOGNAME in UniData and see what it reports (I think there is another one for group or administrator) or setting up a .bat file in windows to run that does an echo %USERNAME% and capturing the output or redirecting it to a file. hth Colin Alfke Calgary, Canada ------- u2-users mailing list u2-users@listserver.u2ug.org To unsubscribe please visit http://listserver.u2ug.org/
