HPE Community
Operating System - HP-UX
1828965 Members
1929 Online
109986 Solutions
New Discussion

Re: SSH question

 
SOLVED
Go to solution
de049
Advisor

‎11-04-2008 07:57 AM

‎11-04-2008 07:57 AM

Re: SSH question

Thanks Torsten,

will clean up the file tomorrow.

Apprecaite your input.

Thanks

dwayne
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

‎11-04-2008 07:16 PM

‎11-04-2008 07:16 PM

Re: SSH question

If your vi screen is messed up, you can use control-L to have it redrawn.
0 Kudos
Reply
de049
Advisor

‎11-05-2008 02:20 AM

‎11-05-2008 02:20 AM

Re: SSH question

ok, i am having this command prompt jiberish all the time, wheter via telnet or SSH. I have tried to delete the line that is refered to in the indication but it makes noi difference, the line reappears in the .PROFILE file again after login..

Here's what i get at first login, the the output to CAT .PROFILE command:

# rofile[48]: vt220: not found.t220".

1 # @(#)B.11.11_LR
2
3 # Default (example of) super-user's .profile file
4
5
6 # Do not put "." in PATH; it is a potential security breach.
7 # Example assumes /home/root exists.
8
9 PATH=/usr/sbin:$PATH:/sbin:/home/root
10 if [ ! "$VUE" ]; then
11
12 # Set up the terminal:
13 if [ "$TERM" = "" ]
14 then
15 eval ` tset -s -Q -m ':?hp' `
16 else
17 eval ` tset -s -Q `
18 fi
19 stty erase "^H" kill "^U" intr "^C" eof "^D"
20 stty hupcl ixon ixoff
21 tabs
22
23 echo
24 echo "Value of TERM has been set to \"$TERM\". "
25 export TERM
26
27 EDITOR=vi
28 export EDITOR
29
30 fi # if !VUE
31
32
33 # Set up shell environment:
34
35 set -u # error if undefined variable.
36 trap "echo 'logout root'" 0 # what to do on exit.
37
38
39 # Set up shell variables:
40
41 MAIL=/var/mail/root
42 # don't export, so only login shell checks.
43
44 echo "WARNING: YOU ARE SUPERUSER !!\n"
45 # Inserted by MV38 installation
46 export MV38=/opt/mv38/MV38v11.3.1
47 vt100
48 vt220
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

‎11-05-2008 02:35 AM

‎11-05-2008 02:35 AM

Re: SSH question

>the line reappears in the .profile file again after login.

Delete the lines. Make it read only:
chmod a-w ~/.profile

Use "set -o noclobber" to prevent output redirection from changing the file. (Hmm, it seems this is ignored for ">>".)

Look at your history file, perhaps the bad command is logged?

Reply
de049
Advisor

‎11-05-2008 02:50 AM

‎11-05-2008 02:50 AM

Re: SSH question

ok, deleted the last 3 vt lines, and now instead i get this on my prompt at login:

# RNING: YOU ARE SUPERUSER !!"vt220".

If you look at my PROFILE file above, this is actually part of the text that appears on line 44.

How can io get my command prompt to simply return # at login in as before!!!

Help someone!.
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

‎11-05-2008 03:27 AM

‎11-05-2008 03:27 AM

Re: SSH question

>deleted the last 3 vt lines, and now instead i get this on my prompt at login:

You are either editing it incorrectly in vi or it gets destroyed later.
Can you use more(1) or cat(1) on the file after you edit it?

>How can i get my command prompt to simply return # at login in as before!

You can't until you figure out .profile is being corrupted.

The simple way is to copy Torsten's /usr/newconfig/.profile to root's and make NO changes in it at all.

Try logging in and see if bad.
If not bad, it was vi. If bad, you might need to use tusc or turn on auditing to catch the hacker.
Reply
de049
Advisor

‎11-05-2008 06:05 AM

‎11-05-2008 06:05 AM

Re: SSH question

Dear all,

i was really pleased with the help received yesterday, and although i still believe this can be resolved, i am now in a little trouble after folloiwng your advice.

BAsically, i did everything as advised and now i keep gettting this problem at login. I cannot use a new profile as this existing one contains extra parameters compared to that in the newconmfig folder. I never mentioned that this server hosts one of our management systems and thus i am wary of manipulating its root profile too much.

Last thing i need is to kill the root account on this machine.

Cannot someone advise by looking at the code i pasted from my .profile file?

The vt entries i erased are gone now, but i still get this message appearing on my command prompt at login.

please help
0 Kudos
Reply
de049
Advisor

‎11-05-2008 06:40 AM

‎11-05-2008 06:40 AM

Re: SSH question

Please find below the existing .profile and the .profile found in the /usr/newconfig/ folder.

Maybe someone can help.

1. Current:
# @(#)B.11.11_LR

# Default (example of) super-user's .profile file


# Do not put "." in PATH; it is a potential security breach.
# Example assumes /home/root exists.

PATH=/usr/sbin:$PATH:/sbin:/home/root
if [ ! "$VUE" ]; then

# Set up the terminal:
if [ "$TERM" = "" ]
then
eval ` tset -s -Q -m ':?hp' `
else
eval ` tset -s -Q `
fi
stty erase "^H" kill "^U" intr "^C" eof "^D"
stty hupcl ixon ixoff
tabs

echo
echo "Value of TERM has been set to \"$TERM\". "
export TERM

EDITOR=vi
export EDITOR

fi # if !VUE


# Set up shell environment:

set -u # error if undefined variable.
trap "echo 'logout root'" 0 # what to do on exit.


# Set up shell variables:

MAIL=/var/mail/root
# don't export, so only login shell checks.

echo "WARNING: YOU ARE SUPERUSER !!\n"
# Inserted by MV38 installation
export MV38=/opt/mv38/MV38v11.3.1



2. copy in usr/Newconfig/:
# @(#)B.11.11_LR

# Default (example of) super-user's .profile file


# Do not put "." in PATH; it is a potential security breach.
# Do not put "/usr/local/bin" in PATH; it is a potential security breach.
# Example assumes /home/root exists.
set +u

PATH=/usr/sbin:$PATH:/sbin:/home/root

# Be sure that VUE does not invoke tty commands

if [ ! "$VUE" ]; then

# Set up the terminal:
if [ "$TERM" = "" ]
then
eval ` tset -s -Q -m ':?hp' `
else
eval ` tset -s -Q `
fi
stty erase "^H" kill "^U" intr "^C" eof "^D"
stty hupcl ixon ixoff
tabs

echo
echo "Value of TERM has been set to \"$TERM\". "
export TERM

EDITOR=vi
export EDITOR

fi # if !VUE


# Set up shell environment:

set -u # error if undefined variable.
trap "echo 'logout root'" 0 # what to do on exit.


# Set up shell variables:

MAIL=/var/mail/root
# don't export, so only login shell checks.

echo "WARNING: YOU ARE SUPERUSER !!\n"



Hope this clears things a little. I think it all started failing after running the "echo vt100 >> ~/.profile" command.

even after i ran the above echo command, if i do an "echo $TERM", i get this : vt220
0 Kudos
Reply
Torsten.
Acclaimed Contributor

‎11-05-2008 06:55 AM

‎11-05-2008 06:55 AM

Re: SSH question

Both files look very much the same exept the last line

# Inserted by MV38 installation
export MV38=/opt/mv38/MV38v11.3.1

You may have by chance any unprintable chars in this file, so I would suggest to save the current file, copy the fresh file into position and add the line from above.

BTW
"echo $TERM" should always print the value that is negotiated between the terminal and the system, this is the way it works.

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
Reply
de049
Advisor

‎11-05-2008 07:01 AM

‎11-05-2008 07:01 AM

Re: SSH question

ok, so how do you recommend i copy the newer file over.

where do i copy it to? it may be a silly question but i need to get this 110% right else i'll get fired :)
0 Kudos
Reply
Torsten.
Acclaimed Contributor

‎11-05-2008 07:25 AM

‎11-05-2008 07:25 AM

Re: SSH question

First find out where your home dir is. Usually directly in /, but sometimes it is configured to be in /root or anything.

# echo $HOME
/

# grep root /etc/passwd
root:1p2p3p4p:0:3::/:/sbin/sh

For me it is directly in / (root).

How about owner and permissions?

# ll /.profile
-r--r--r-- 1 bin bin 965 Nov 14 2000 .profile

Now move it away

# mv /.profile /myoldprofile

Bring the fresh copy into place

# cp -p /usr/newconfig/.profile /

Check file, owner and perms

# ll /.profile
-r--r--r-- 1 bin bin 965 Nov 14 2000 /.profile

Now add your custom line via vi:

# vi /.profile

(input and G)
(input and A)
(input )
(now type your line)

(type : wq! )

Now keep in this session (!!), use telnet and open a new session to check.

Hope this helps!
Regards
Torsten.

__________________________________________________
There are only 10 types of people in the world -
those who understand binary, and those who don't.
__________________________________________________
No support by private messages. Please ask the forum!

If you feel this was helpful please click the KUDOS! thumb below!   
Reply
de049
Advisor

‎11-06-2008 12:49 AM

‎11-06-2008 12:49 AM

Re: SSH question

Hi, i am going to follow your recommendations now, but i'm confused with the following instructions:

(input and G)
(input and A)
(input )
(now type your line)

I assume its just a ay of setting the cursor focus within vi to the last section of the file?

Please explain what these commands will do and if the commands are actually pressing SHIFT and letter G simultaneously whilst in vi. Sorry, i'm not a unix whiz, but thanks to you guys i might become one soon :)

thanks guys
0 Kudos
Reply
Danny Petterson - DK
Trusted Contributor

‎11-06-2008 12:59 AM

‎11-06-2008 12:59 AM

Re: SSH question

(input and G)
(input and A)
(input )
(now type your line)

Hi!

Pretty sure its:
First:
vi .profile

Then:
SHIFT+g (at the same time - sends you to the end of the file)
SKIFT+A (Appends text in the end of the file)
press ENTER (goes to the next line)

Now:
Enter your line

And:
Press ESC
Type :wq! (all four characters - means write and quit now)

That should be sufficent explanation?

Good luck
Yours
Danny
Reply
de049
Advisor

‎11-06-2008 01:04 AM

‎11-06-2008 01:04 AM

Re: SSH question

Danny,

thats smashing! :)

Will update with findings shortly.
0 Kudos
Reply
de049
Advisor

‎11-06-2008 02:23 AM

‎11-06-2008 02:23 AM

Re: SSH question

ok,

done changes as advised. All looks nice and clean.

however, i still get this when i log into another session via telnet.

# RNING: YOU ARE SUPERUSER !!"vt220".

Here's the new, fresh .profile file. Looks like this is NOT where the problem lies.

I have just tried via PUTTY and its all ok.

Looks like the Reflections software client i am using is playing around.

Guys, let me not waste any more of your time on this.

Thanks a million to all invloved for a great support and eductaional session at the same time.

;-)
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

‎11-06-2008 04:26 AM

‎11-06-2008 04:26 AM

Re: SSH question

Did we ever figure out whether it was your vi editing skills with an improper terminal emulator that is messing up .profile or some hacker script that is destroying it?

I.e. after you edit the file, can you use "tail -10 .profile" so see if it has what you want?

If it does, there is no way we are going to be able to find who is destroying your file.


You can of course just give up and put sufficient padding at the end of your .profile and just ignore this problem:

44 echo "WARNING: YOU ARE SUPERUSER !!\n"
45 # Inserted by MV38 installation
46 export MV38=/opt/mv38/MV38v11.3.1

Add to the end:

# add garbage to the end of the file to fool the unknown hacker

exit 0

# lots of stuff added to the end of the file
# lots of stuff added to the end of the file
# lots of stuff added to the end of the file
# lots of stuff added to the end of the file
# lots of stuff added to the end of the file
# lots of stuff added to the end of the file
# lots of stuff added to the end of the file
# End of padding


Note this message is scary: # Inserted by MV38 installation
It implies some installation script is editing .profile??
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎11-06-2008 05:00 AM

‎11-06-2008 05:00 AM

Re: SSH question

Shalom,

Wow Dwayne, huge thread.

Commenting on the last entry.

I generally don't like reflections for systems administration.

I use putty from windows put prefer a powerful Linux workstation running in GUI mode.

I connect to my systems, Linux and HP-UX using ssh hostname or for GUI ssh -X hostname

This gives me a much more reliable administration environment than the tools you have been using.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Bill Hassell
Honored Contributor

‎11-06-2008 08:02 PM

‎11-06-2008 08:02 PM

Re: SSH question

> echo vt100 >> ~/.profile

You are correct. The above command messed up your .profile script. All it does is to append "vt100" to the end of your .profile -- causing an execution error. Replace your .profile with a clean copy of from /usr/newconfig/etc/skel/.profile and add the two lines:

# Inserted by MV38 installation
export MV38=/opt/mv38/MV38v11.3.1

Now the default .profile has been broken for more than 10 years. tset is completely deprecated in favor of ttytype. The one thing you don't want to do is to ever hardcode the TERM (and LINES and COLUMNS) values. There are hundreds of terminals and emulators and vt100 has not been manufactured for more than 20 years. ttytype will properly identify the terminal and screen size, so replace all this code in .profile:

> # Set up the terminal:
> if [ "$TERM" = "" ]
> then
> eval ` tset -s -Q -m ':?hp' `
> else
> eval ` tset -s -Q `
> fi
> stty erase "^H" kill "^U" intr "^C" eof "^D"
> stty hupcl ixon ixoff
> tabs
>
> echo
> echo "Value of TERM has been set to \"$TERM\". "
> export TERM

with this code:

if tty -s
then
# Identify the terminal
eval $(ttytype -sa)
stty erase "^H" kill "^U" intr "^C" eof "^D" -parity ixoff
stty susp \^Z dsusp \^Y
tabs
print "Value of TERM has been set to \"$TERM\". "
fi

It is very important to skip terminal settings if .profile is being run as part of a batch file. And it is also very important to never use the incoming value of TERM, but to always evaluate the terminal type at login. To see what ttytype does, simply type it like this:

ttytype -sa

> I generally don't like reflections for systems administration.

This is a misunderstanding of terminal emulators. WRQ (now called Attachmate) has several very different Reflection products. One is very seldom used: Reflection for the Web, which is a web-based version. More popular is Reflection/X for Xwindow emulation. Reflection/X also has a local DEC/vt100 style emulator. The most common versions are Reflection for Unix (aka, Reflection/2) and is a v100/vt220/vt300 emulator, and Reflection for HP, also known as Reflection/1. Without configuring any of the emulators, you get a vt-style emulator for all except the HP version which defaults to a 700/92 terminal.

There are about 3 major terminal languages in use today: HP, Wyse and DEC/vt. Of these, Wyse is almost never used (although ttytype will correctly identify these terminals), HP is very popular for HP-UX and vt100 is the classic dumb terminal. But none of the emulators are compatible with each other except for plain ASCII (displayable characters only). Back in the good old days, every program had to be hardcoded to use any of the smart terminal features (home up, clear, underlining, blinking, special characters). Looking for a terminal API, the Curses library was developed and now a series of common terminal features can be used without change for literally hundreds of incompatible terminals. vi is one of those programs that mandates that TERM, LINES, COLUMNS and ERASE all be set to match the actual terminal. That is why setting TERM=vt100 will always cause problems. There is no way for vi to know what you are really using, thus the reason not to lie about your terminal but let ttytype set the terminal-specific values for you. See the man pages for terminfo, tput and tic/untic.

Here is a really interesting web page about the DEC/VT series: http://www.vt100.net/

Note also that some emulators (like xterm, hpterm, dtterm) can be resized with a mouse, something that a real (glass) terminal cannot do. So it's important to run the resize command whenever you change the height and/or width of these screens:

eval (resize)

Unlike Xwindow emulators, Reflection resizes the window but does not change the lines and columns -- the font is just made larger or smaller. You can change lines and columns using the Setup->Display window.

Up until the rp-series (and predecessors like the n4000), the console connection was transparent and you could use whatever terminal you had (HP, non-HP) to login and run vi or SAM or swinstall. In a very dubious decision, the GSP/MP designers decided to hardcode hpterm or vt100 into the maintenance processors. So regardless of the terminal you have connected to the console port (serial or LAN), the newer systems will completely ignore the terminal you have and blindly send codes to your screen. This was actually ported into the ttytype code too, which is the reason that most sysadmins assume vt100 is the only useful terminal emulation. And for the console connection, this is a safe assumption -- setting the GSP/MP emulation to hpterm will work but other administ5rators using different emulators (like putty) will have console problems.

On the other hand, HP emulation is a very powerful tool and works great with programs such as Glance, SAM, swinstall, etc look much better and navigate much easier with an HP terminal. There is only one free HP emulator that I am aware of: QCTerm, which now supports ssh. Get a free copy from: http://www.aics-research.com/qcterm/

By setting .profile to automatically handle any terminal, you'll not have to tell users to change their emulator to match your system.


Bill Hassell, sysadmin
Reply
de049
Advisor

‎11-07-2008 12:20 AM

‎11-07-2008 12:20 AM

Re: SSH question

Hi Bill,

You've cracked it!

Replacing the pfoile terminal code has resolved ti all. Now, after i authenticate, it thinks for a second, then present me the nice, clean command prompt. the line above this actually tells me its identified VT320 as emulation.

Thanks again to all!

dwayne
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.