topic Re: ssh connection failed after activating Trusted system in Operating System - HP-UX

ssh connection failed after activating Trusted system

srayfay — Wed, 11 Jan 2012 16:03:55 GMT

hello,

I converted my HPUX V3 to a trusted system by using SAM; After that I can't log on with my root user and any other user. I can't do any ssh, even the console login failed "incorrect password"

I have install the last PHCO of modprpw thinking that could resolve something.

what is the probleme?

PS : after enabling I let my console open to not loose control of the server so I can unconvert

Re: ssh connection failed after activating Trusted system

Dennis Handly — Wed, 11 Jan 2012 18:40:48 GMT

Have all of the passwords been expired when you converted?

Re: ssh connection failed after activating Trusted system

srayfay — Thu, 12 Jan 2012 12:51:37 GMT

Hello,

Seems like so,

I dont realy know how to resolve this.

HP Support sayed that I have to check the lenght of root password, it must be less than 8 caracters, and install the last patch of modprpw PHCO_41574. Everything is done, once truset system is activated, nobody can logon !

Re: ssh connection failed after activating Trusted system

Matti_Kurkela — Thu, 12 Jan 2012 14:15:41 GMT

A quick way to "un-expire" all accounts is:

/usr/lbin/modprpw -V

You should also make sure the root account is set to not expire:

/usr/lbin/modprpw -l -m lftm=0,exptm=0,mintm=0,expwarn=0,llog=0 root

Note that the default (non-trusted) password mode will store only the first 8 characters of passwords; when in default mode, this is not a problem as the password checking routines will ignore any characters beyond 8. But after switching to trusted system mode, all the characters typed by the user are checked.

So if the user has used a 9-character or longer password until now, after the conversion to Trusted mode the user must first type _only the first 8 characters_ of his/her old password. When the user changes his/her password while Trusted mode is in effect, all the characters will be stored (up to the configurable maximum password length limit) and then the password will work normally again.

Re: ssh connection failed after activating Trusted system

srayfay — Thu, 12 Jan 2012 15:52:54 GMT

Hi, thank you for your answers

I tried the two commands, nothing hapened !! I can't acces, even remsh !

Re: ssh connection failed after activating Trusted system

Bill Hassell — Mon, 16 Jan 2012 15:33:43 GMT

When you run ssh from another machine, add the -vvv (three lowercase "v" characters) so all the steps with ssh negotiation are shown.You need to run a command line version of ssh, perhaps from another HP-UX or Linux system.

Also verify that the problem system can resolve it's own name:

nslookup $(hostname)

Re: ssh connection failed after activating Trusted system

BowlesCR — Tue, 17 Jan 2012 06:07:00 GMT

Do you have a good reason to run Trusted mode?

For most purposes, running in Shadow mode (StdModSecExt) is equivalent and far easier to manage. I would recommend unconverting from trusted to standard and then converting to shadow.

Re: ssh connection failed after activating Trusted system

srayfay — Fri, 17 Feb 2012 15:45:55 GMT

the solution is to check /etc/nsswitch

there is a user defined there by default, I delete that line and I let the authentification mode file then DNS.

it's working !