topic Re: What security is ssh using - see this syslog in Operating System - HP-UX

What security is ssh using - see this syslog

John Jimenez — Thu, 20 Dec 2007 19:23:41 GMT

I am finally migrating from telnet to ssh. But am having trouble with HPUX 11.11 accepting the change from 24 lines to 25 lines in "Century Tiny Term" emmulation. I can modify my profile with the stty command to make it work. But I discovered that the O.S. accepts it I use Reflections emmulation, so I want to find out why it works on Reflections and not on Tiny Term, instead of messing with everones profile.

When I log in to Tiny Term it says this on syslog
Dec 20 10:32:35 diamdr sshd[8347]: Accepted password for i1514 from 10.0.1.38 port 2759 ssh2

When I log off of Tiny Term is says this
Dec 20 10:33:09 diamdr sshd[8349]: Received disconnect from 10.0.1.38: 11: buh bye

When I log on with Reflections it says this Dec 20 10:34:55 diamdr sshd[8382]: Accepted keyboard- interactive/pam for i1514 from 10.0.1.38 port 2764 ssh2

When I log off with Reflections nothing is logged.

Re: What security is ssh using - see this syslog

John Jimenez — Thu, 20 Dec 2007 19:28:26 GMT

I guess my quesion is, does any know what security Reflections uses for ssh? Maybe I can modify a parametor in Tiny Term that will make the O.S. accept the line setting change.

Re: What security is ssh using - see this syslog

Tim Nelson — Thu, 20 Dec 2007 19:31:20 GMT

Let me see if I understand the question.
Want to use Tiny Term but cannot the 25th line config is not working right.

If you use reflection then the 25th line config works.

You then have some messages listed from I am assuming /var/adm/syslog/syslog.log about connects and disconnect messages ? Not sure what this has to do with the 25th line config issue ?

Re: What security is ssh using - see this syslog

John Jimenez — Thu, 20 Dec 2007 19:56:28 GMT

Yes that is correct. The screen gets all jumbled in Tiny Term. I set Tiny Term to 25 lines, but when I do a ssty -a it says 24. I called Century and they say that it connects locally, and for me to modify the profile. But I asked them why does it work with reflections? Century asked me to check the logs. This is the only log I know of to check ssh. Century said that I have not given him much to work with. He also said it probably has nothing to do with it, but he did notice from the few lines of the syslog, that the security was different. So since this is the only log I go by, I would start here.

Re: What security is ssh using - see this syslog

John Jimenez — Thu, 20 Dec 2007 19:59:10 GMT

The application uses ansicoe

Re: What security is ssh using - see this syslog

Bill Hassell — Thu, 20 Dec 2007 20:44:13 GMT

ssh, telnet, rlogin, it doesn't matter what connection method you are using. You *must* ask HP-UX to identify the terminal's characteristics with ttytype. DO NOT use the default in /etc/profile or .profile which skips the ttytype step if TERM is already set. TERM will be preset with junk by your PC and sent to your environment. Never hardcode TERM=anything. Your PC (more accurately, the emulator) may send something for the TERM value but it is unwise to every use it.

Instead, you always run this code in /etc/profile:

if tty -s
then
eval $(ttytype -sa)
fi

Run the ttytype command manually to see what it produces:

$ ttytype -sa
TERM='70092'; export TERM;
LINES=48; export LINES;
COLUMNS=132; export COLUMNS;
ERASE='^H'; export ERASE;

All this information came from your emulator and that's what smart terminal handlers like vi and sam and swinstall need to function correctly. If you are Reflection for HP/VT then you'll find the HP emulation much more useful than a dumb ansi or vt100 emulation. But in either case, TinyTerm, Reflection, QCTerm, SecureCRT and many other emulators will work OK as long as you let the terminal tell the shell the values for TERM, LINES and COLUMNS.

One exception: All the GSP/MP console ports have a very irritating override to ttytype and makes using different emulations quite difficult. Hooks in the ttytype code will not interrogate the terminal but instead, get hardcoded values from the GSP/MP processor. There isn't anything you can do except to make the terminal emulation match what the GSP/MP uses. On the other hand, you should not be using that port for anything except command line OS changes, reboots and other occasionbal maintenance work.

Re: What security is ssh using - see this syslog

OldSchool — Thu, 20 Dec 2007 20:44:37 GMT

How did you change TT to 25 lines? Note that changing LINES=25 in .profile, /etc/profile or manually will make no difference as it doesn't tell TinyTerm what size window to display, it tells unix how many lines to use. A mismatch will cause all kinds of issues.

Which emulation are you using in TT (i.e. vt200, wyse...)? Some may not support the 25th line for all I know.

Re: What security is ssh using - see this syslog

John Jimenez — Thu, 20 Dec 2007 21:16:43 GMT

Hi Bill,
is this the lines you say I should not be using? I am going to astrick this out and put what you told me. I will let you know.

# Be sure that VUE does not invoke tty commands

if [ ! "$VUE" ]; then

# set term if it's not set

if [ "$TERM" = "" -o "$TERM" = "unknown" -o "$TERM" = "dialup" \
-o "$TERM" = "network" ]
then
eval `ttytype -s -a`
fi

export TERM

Re: What security is ssh using - see this syslog

John Jimenez — Thu, 20 Dec 2007 21:19:47 GMT

OldSchool,
I modified TT in sessions properties, just like Reflections. I use SCOANSI. I have been using 25 lines in Telnet on TT for years. But I noticed that the O.S. was not reading telnet on TT either, the stty would come up 0 on lines and columns, but telnet worked.

Re: What security is ssh using - see this syslog

John Jimenez — Thu, 20 Dec 2007 21:55:02 GMT

Bill,
For years it looks like we have had our .profiles set with TERM. So it looks like this will not pass on from the emulation took it off and it seems
TERM=ansicoe
TERMCAP=/usr/bbx/termcap
PATH=$PATH:/usr/bbx/start
export TERMCAP PATH

I commented line in .profile and from Tiny Term, when "echo $TERM" it comes up as "unknown". And from Reflections it comes up vt320, so it looks on Reflections it reads the emmulation tab and not the TermType tab.

Re: What security is ssh using - see this syslog

John Jimenez — Thu, 20 Dec 2007 22:49:03 GMT

Bill I ran the ttytype on both emmulations. This is after I took out the TERM line in my .profile.

tiny term
=> $ttytype -sa
TERM='unknown'; export TERM;
ERASE='^H'; export ERASE;

Reflections
=> $ttytype -sa
TERM='vt320'; export TERM;
LINES=25; export LINES;
COLUMNS=80; export COLUMNS;
ERASE='^?'; export ERASE;

Re: What security is ssh using - see this syslog

Bill Hassell — Fri, 21 Dec 2007 01:00:44 GMT

Yes, this is the code rip out and never let it see the light of day again:

> # set term if it's not set

That's the first bad assumption -- your PC emulator knows nothing about HP terminfo and curses codes so it doesn't matter if it was already set. TERM will be wrong until it is set with ttytype.

> if [ "$TERM" = "" -o "$TERM" = "unknown" -o "$TERM" = "dialup" \
> -o "$TERM" = "network" ]
> then
> eval `ttytype -s -a`
> fi

Replace all of the above with:

if tty -s
then
eval $(ttytype -sa)
fi

Note that:

> export TERM

is redundant. ttytype already exports the variables. Note that the testing for TERM in /etc/profile has not been changed since the late 1980's (HP-UX 7.0 and earlier) and while it worked for 'real' terminals (most of which were connected with RS-232 serial cables), the PC terminal emulators have made a mess when it comes to compatibility. That's why there are hundreds of models of terminals in the terminfo database (more about this later)

> I am going to astrick this out and put what you told me.

I am sure you mean: comment out the code with # signs....

> TERM=ansicoe
> TERMCAP=/usr/bbx/termcap
> PATH=$PATH:/usr/bbx/start
> export TERMCAP PATH

Arggghhhh!! Something stolen from another flavor of Unix. HP-UX does not use TERMCAP at all. Instead, it uses a terminfo database of known terminals, all stored in /usr/share/lib/terminfo. The capabilities are stored as small binary files using the tic command (man tic). To read the capabilites of a particular terminal, use the untic command (man untic):

$ untic vt100
vt100|vt100-nam|vt100 as defined by DEC vt420,

cols#80, lines#24, vt#3,
bel=^G, cr=\r, csr=\E[%i%p1%d;%p2%dr, tbc=\E[3g,
clear=\E[2J\E[H, el=\E[0K, ed=\E[0J, cup=\E[%i%p1%d;%p2%dH,
cud1=\E[B, home=\E[1;1H, civis=\E[?25I, cub1=\E[D,
cnorm=\E[?25h, cuf1=\E[C, cuu1=\E[A, cvvis=\E[?25h,
dch1=\E[1P, dl1=\E[1M, blink=\E[5m, bold=\E[1m,
......

The man page for terminfo explains the capabilities and codes, all part of the Curses library.

> I ran the ttytype on both emmulations.
>
> $ttytype -sa
> TERM='unknown'; export TERM;
> ERASE='^H'; export ERASE;

Time to trash your version of TinyTerm. It is simply too dumb to respond to industry standard terminal queries (which is how ttytype figures out your terminal model). Now I am assuming there is no option to disable auto-response, sometimes known as answer-back. This feature has been in virtually every terminal for the last 20 years, so an emulator that does not respond will make a mess for system administration. It means that you will have to hard code some settings for a few users running TinyTerm and leave the rest of the users to auto-identify. You cannot always control what the users have on the PC (Hyperterminal, putty, QCterm, SecureCRT, Reflection, etc) and managing a bunch of oddball dumb terminals is not a useful task. As the system administrator, you simply require that all connections be correctly identified using ttytype.

> Reflection:
>
> $ttytype -sa
> TERM='vt320'; export TERM;
> LINES=25; export LINES;
> COLUMNS=80; export COLUMNS;
> ERASE='^?'; export ERASE;

This is a 'normal' response and ensures that all terminal software, especially menuing systems such as SAM, swinstall, Glance will work correctly. But most important, vi will work correctly. Hardcoding TERM LINES COLUMNS, etc is lying and the screen programs do not take kindly to such fabrications.

Re: What security is ssh using - see this syslog

John Jimenez — Fri, 21 Dec 2007 01:25:24 GMT

Wow Bill, I wish I could assign you more then 10 points on your responses. Yeah it has been a hassle, they purchased TT for this app years before I got here. When I got here I purchased this one licensed version of Reflections for me to use on the O.S. I wrote a script that I run on TT if I need to go to the command line on a users PC.
Thanks for all your time on all this info. I am making some changes to my test server and will assign points tomorrow.

Re: What security is ssh using - see this syslog

Bill Hassell — Fri, 21 Dec 2007 03:36:25 GMT

You might look at QCTerm as a very nice HP terminal emulator (free). It doesn't have all the versatility and macro features that Reflection has but it has easy color schemes and looks like a normal HP smart terminal to HP-UX applications.

http://www.aics-research.com/qcterm/

It now supports SSH which makes it the best smart terminal emulator there is for the price. Although you're using Reflection, it looks like you have the Unix version rather than the HP version. QCTerm will make SAM, swinstall and Glance much easier to use.

Re: What security is ssh using - see this syslog

Dennis Handly — Fri, 21 Dec 2007 08:15:51 GMT

>I wish I could assign you more then 10 points on your responses.

You can assign 10 points for each response if they are all helpful.